hxxp://pt[.]ldplayer[.]net

Analysis

max time kernel
259s
max time network
263s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-10-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pt.ldplayer.net

Score

8^/10

discovery execution exploit persistence privilege_escalation

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\FuncName = "WVTAsn1SpcLinkEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011\FuncName = "WVTAsn1SealingSignatureAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

1052 takeown.exe
5616 icacls.exe
4492 takeown.exe
5636 icacls.exe
5488 takeown.exe
5356 icacls.exe
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

pid	process
1052	takeown.exe
5616	icacls.exe
4492	takeown.exe
5636	icacls.exe
5488	takeown.exe
5356	icacls.exe

Executes dropped EXE 17 IoCs

Processes:

LDPlayer9_pt_1008_ld.exeLDPlayer.exednrepairer.exedismhost.exeLd9BoxSVC.exedriverconfig.exednplayer.exeLd9BoxSVC.exevbox-img.exevbox-img.exevbox-img.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exednmultiplayerex.exe

pid	process
5732	LDPlayer9_pt_1008_ld.exe
5404	LDPlayer.exe
2668	dnrepairer.exe
3248	dismhost.exe
3240	Ld9BoxSVC.exe
1892	driverconfig.exe
4960	dnplayer.exe
2424	Ld9BoxSVC.exe
3396	vbox-img.exe
1112	vbox-img.exe
3176	vbox-img.exe
1344	Ld9BoxHeadless.exe
2300	Ld9BoxHeadless.exe
4264	Ld9BoxHeadless.exe
4520	Ld9BoxHeadless.exe
2596	Ld9BoxHeadless.exe
6788	dnmultiplayerex.exe

Loads dropped DLL 64 IoCs

Processes:

dnrepairer.exedismhost.exeLd9BoxSVC.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

pid	process
2668	dnrepairer.exe
2668	dnrepairer.exe
2668	dnrepairer.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3248	dismhost.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3240	Ld9BoxSVC.exe
3608	regsvr32.exe
3608	regsvr32.exe
3608	regsvr32.exe
3608	regsvr32.exe
3608	regsvr32.exe
3608	regsvr32.exe
3608	regsvr32.exe
3608	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
1280	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5084	regsvr32.exe
5400	regsvr32.exe
5400	regsvr32.exe
5400	regsvr32.exe
5400	regsvr32.exe
5400	regsvr32.exe
5400	regsvr32.exe

Modifies file permissions 1 TTPs 6 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

5488 takeown.exe
5356 icacls.exe
1052 takeown.exe
5616 icacls.exe
4492 takeown.exe
5636 icacls.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

LDPlayer9_pt_1008_ld.exe

description ioc process

File opened (read-only) \??\F: LDPlayer9_pt_1008_ld.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

366 discord.com
367 discord.com

pid	process
5488	takeown.exe
5356	icacls.exe
1052	takeown.exe
5616	icacls.exe
4492	takeown.exe
5636	icacls.exe

description	ioc	process
File opened (read-only)	\??\F:	LDPlayer9_pt_1008_ld.exe

flow	ioc
366	discord.com
367	discord.com

Drops file in Program Files directory 64 IoCs

Processes:

dnrepairer.exesetup.exe

description	ioc	process
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libeay32.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcr100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSampleDriver.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-math-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxDDR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDTrace.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-0.dll	dnrepairer.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241027140640.pma	setup.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxCpuReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d603e3c7-a8fd-4835-af41-c798007d53e3.tmp	setup.exe
File created	C:\Program Files\ldplayer9box\VBoxEFI32.fd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ldutils2.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBalloonCtrl.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBugReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\comregister.cmd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxManage.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES12Translator.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSDL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dasync.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\padlock.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcp100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxTestOGL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\vcruntime140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libssl-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdpUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qoffscreen.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5OpenGL.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBTest.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDDU.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll	dnrepairer.exe

Drops file in Windows directory 2 IoCs

Processes:

dismhost.exedism.exe

description	ioc	process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe

Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid process

5968 sc.exe
5516 sc.exe
1980 sc.exe
3420 sc.exe
1900 sc.exe
3200 sc.exe
3512 sc.exe
1980 sc.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
5968	sc.exe
5516	sc.exe
1980	sc.exe
3420	sc.exe
1900	sc.exe
3200	sc.exe
3512	sc.exe
1980	sc.exe

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

sc.exepowershell.exesc.exeregsvr32.exeicacls.exesc.exeregsvr32.exedriverconfig.exesc.exednmultiplayerex.exeLDPlayer9_pt_1008_ld.exeregsvr32.exesc.exeregsvr32.exetakeown.exesc.exednrepairer.exeregsvr32.exepowershell.exepowershell.exenet1.exeregsvr32.exeregsvr32.exetakeown.exetakeown.exedism.exeicacls.exednplayer.exeLDPlayer.exenet.exeregsvr32.exeregsvr32.exesc.exeicacls.exesc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnmultiplayerex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_pt_1008_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dism.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dnplayer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

dnplayer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeLd9BoxSVC.exeLDPlayer.exednrepairer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\ = "IMachineDebugger"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ = "IGuestUserStateChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\ = "IToken"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ = "IRecordingChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-34B8-42D3-ACFB-7E96DAF77C22}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.apk\Shell\Open	LDPlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D545-44AA-8013-181B8C288554}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\ = "IConsole"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\NumMethods\ = "23"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\NumMethods\ = "13"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2354-4267-883F-2F417D216519}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ = "IDHCPIndividualConfig"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\NumMethods\ = "39"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\ = "IDHCPGroupConfig"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\NumMethods\ = "37"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\NumMethods\ = "15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\NumMethods	Ld9BoxSVC.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 166382.crdownload:SmartScreen msedge.exe
Runs net.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 166382.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeLDPlayer9_pt_1008_ld.exeLDPlayer.exemsedge.exednrepairer.exepowershell.exepowershell.exepowershell.exemsedge.exednplayer.exe

pid	process
1104	msedge.exe
1104	msedge.exe
3760	msedge.exe
3760	msedge.exe
1992	identity_helper.exe
1992	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
5732	LDPlayer9_pt_1008_ld.exe
5732	LDPlayer9_pt_1008_ld.exe
5732	LDPlayer9_pt_1008_ld.exe
5732	LDPlayer9_pt_1008_ld.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
2668	dnrepairer.exe
2668	dnrepairer.exe
5060	powershell.exe
5060	powershell.exe
5060	powershell.exe
3736	powershell.exe
3736	powershell.exe
3736	powershell.exe
4920	powershell.exe
4920	powershell.exe
4920	powershell.exe
5404	LDPlayer.exe
5404	LDPlayer.exe
5732	LDPlayer9_pt_1008_ld.exe
5732	LDPlayer9_pt_1008_ld.exe
5916	msedge.exe
5916	msedge.exe
4960	dnplayer.exe
4960	dnplayer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dnplayer.exe

pid process

4960 dnplayer.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid process

668
668
668
668
668
668

pid	process
4960	dnplayer.exe

pid	process
668
668
668
668
668
668

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

msedge.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

LDPlayer.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe
Token: SeDebugPrivilege	5404	LDPlayer.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

msedge.exeLDPlayer9_pt_1008_ld.exednplayer.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
5732	LDPlayer9_pt_1008_ld.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
4960	dnplayer.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
4960	dnplayer.exe

Suspicious use of SendNotifyMessage 50 IoCs

Processes:

msedge.exednplayer.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
4960	dnplayer.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
4960	dnplayer.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

LDPlayer9_pt_1008_ld.exeLDPlayer.exednrepairer.exeLd9BoxSVC.exedriverconfig.exe

pid process

5732 LDPlayer9_pt_1008_ld.exe
5404 LDPlayer.exe
2668 dnrepairer.exe
3240 Ld9BoxSVC.exe
1892 driverconfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3760 wrote to memory of 3480	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3480	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3892	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 1104	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 1104	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 544	3760	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://pt.ldplayer.net
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
2⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6c6eb5460,0x7ff6c6eb5470,0x7ff6c6eb5480
3⤵
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6572 /prefetch:8
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
2⤵
PID:2460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 /prefetch:8
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
2⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
2⤵
PID:5136

C:\Users\Admin\Downloads\LDPlayer9_pt_1008_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_pt_1008_ld.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5732

C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1008 -language=pt -path="C:\LDPlayer\LDPlayer9\"
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5404

C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459038
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
5⤵
- System Location Discovery: System Language Discovery
PID:5292

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
6⤵
- System Location Discovery: System Language Discovery
PID:3328

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
5⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
PID:1468

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
5⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
PID:2892

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
5⤵
- System Location Discovery: System Language Discovery
PID:5308

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
5⤵
- System Location Discovery: System Language Discovery
PID:5484

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
5⤵
- System Location Discovery: System Language Discovery
PID:5364

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
5⤵
- System Location Discovery: System Language Discovery
PID:4820

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
5⤵
- Manipulates Digital Signatures
- System Location Discovery: System Language Discovery
PID:3032

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:1052

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5616

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:4492

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5636

C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
5⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1800

C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\dismhost.exe {2176E4AD-9F68-432A-93C1-8ACD77682B02}
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:3248

C:\Windows\SysWOW64\sc.exe
sc query HvHost
5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:5968

C:\Windows\SysWOW64\sc.exe
sc query vmms
5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:5516

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1980

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3240

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
5⤵
- Loads dropped DLL
PID:3608

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1280

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
5⤵
- Loads dropped DLL
- Modifies registry class
PID:5084

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5400

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:3420

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1900

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5060

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3736

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4920

C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5488

C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
3⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
4⤵
PID:1840

C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4960

C:\Windows\SysWOW64\sc.exe
sc query HvHost
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:3200

C:\Windows\SysWOW64\sc.exe
sc query vmms
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:3512

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1980

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
4⤵
- Executes dropped EXE
PID:3396

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
4⤵
- Executes dropped EXE
PID:1112

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
4⤵
- Executes dropped EXE
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pt.ldplayer.net/blog/how-to-enable-vt.html
4⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
5⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pt.ldplayer.net/blog/how-to-enable-vt.html
4⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
5⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pt.ldplayer.net/blog/how-to-enable-vt.html
4⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
5⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pt.ldplayer.net/blog/how-to-update-the-graphics-driver.html
4⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa42f646f8,0x7ffa42f64708,0x7ffa42f64718
5⤵
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
2⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7060 /prefetch:8
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7736 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
2⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
2⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
2⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
2⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
2⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
2⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
2⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
2⤵
PID:6376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14670220187709675532,1438154084731149586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
2⤵
PID:6648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488 0x4ac
1⤵
PID:3600

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:2424

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:1344

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:2300

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:4264

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:4520

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6088

C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe
"C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\MSVCP120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
1eb5ffaa41c73d028b4108eef962fb7f

SHA1
bba9bcb8a064fdf68a79bae656f11ba039c9cc77

SHA256
421b885202b3bfe4c7e5f9281c17f836df1de98db6d14c6590eabf4d8153a6af

SHA512
148863b577f7d9fc25225e8dfd3f01d4865afb1596dd320bbd0451fae9d173fc1e15105f0e98352bffb6c36a2462e3d8292ce6db8877b0b921b304be1ba2b879

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.3MB

MD5
03746b5d567927bdb69499ec30039d8c

SHA1
93b08624bd80ed01c370e0ba9a2ee3824edd8733

SHA256
1e3b7a0ac94de0e7209b19b709a0ddd2effbc1b98437a81b3d3dac853ef54b77

SHA512
abf608e020e732407524b780bed7b894768f9828dbbecb1a66c9b6d8cb079380646bc228dce5f1bdbef4b089b241574a22c79eee3271a623cd05e7754ad83e19

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.6MB

MD5
2c8986ce6c1c5fcba4146f642e95d862

SHA1
a913254e6a9bd1db7825f9880a992f21a6827bd7

SHA256
07285fcc8e65f164c8897ebdb63dc44801dae28782a6b2ee5f3469c64952efd6

SHA512
a5b074ad394b75f2597007ca732f5e1b877fae483122332dbcaecfea0c6c52a658df8b5844e60280766fcd38333dfac3a259c159c405a83ea6b78691405203d5

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
5115ad2e73db8f2c00f9328c97469e0a

SHA1
552a24ab6bf961d84b1211f0b9d083c24c36781e

SHA256
19b8c6fa38f2fcc728acb3a110ab4bcdb49648440957a75ecc107c84f3eb7be3

SHA512
7ea61e22a4d036a690ed6fdb6fe05464c0430cc4811930815d6d7281f99c2895e7956b90ec255f59020da82c6f7ae32a9ac780e9d4464a05d4f680119a4ec739

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc

Filesize
5.6MB

MD5
8556c04c551d35d6a80ebaef4bde9af1

SHA1
158feb0ecf4a6c5cdd93169cdac4c8f10db6f85d

SHA256
7dd496d6acdc405576d42cb50956c203f7aa69080c65e587b1629f45d0b52ee7

SHA512
b29ec3d8833e96ec672ac7378b86bbcd3a9a306d01ae7acb143f68686fc7416a22cf09f315cbfad0e38aa2e7d8595df2584e38bd6d9b1f3173f7b1b7b49da227

Download Submit
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\LDPlayer\LDPlayer9\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\phones.data

Filesize
5KB

MD5
fdee6e3ccf8b61db774884ccb810c66f

SHA1
7a6b13a61cd3ad252387d110d9c25ced9897994d

SHA256
657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4

SHA512
f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

Filesize
642B

MD5
8b0fdb8e56eeb07cf0105658d0b19c07

SHA1
983a578a66e0ebb1974e3d0b5972398c03efbd55

SHA256
7c487ea71a8f2dabdcc89d46d66aa42e91014b7ad308edccefe014a1a645078c

SHA512
d54b0ee8e11e0742f621ad725dfe553eced5a783fe206fb26b172c6908e6bd7e8ce631e9aee88672edb90908b7f2b17a48e0b288199e00f62f340570a655dbc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
1KB

MD5
39b34e0919b97df1a00c4d68709689ee

SHA1
8b3b993d3213068c162a521c23eb3ff7b0516c5d

SHA256
4109bd672a9d5c1df4a6d5eae5430fdb32d55921aaa57c6ad9dddcdd35e888bd

SHA512
4035dd2fe8b6bc3d86b73e2be09f398c54f406f37d827f83a310b05ac72871e8b6175123b32a0386c69e8fe1180256e83f243a4cbe1080b4b79dc9f16c5bc55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4842B4543C789FC992419E09C95EDADE

Filesize
471B

MD5
adb538e79bf5474ae76103c6e7b180b3

SHA1
eb25c3d4a4912a76bdfdc1dcb0f5b8034ef22b5b

SHA256
e0a12840d187e669e75ad9d822359db4dc0959732e769ca0aa212090f8a03816

SHA512
ebbf9cf0e74e712d8e871789c5370e9be9101f955147d9e27ea10e827172b4be7f7df11053e61971c2df0368a77be7082862c9f97e17c766a2cbda299e91d62e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
9c044402bee1c8f02c0a474c6c460c89

SHA1
fa5dab5b45f0d7dd9cb722348ee819e92d81a71d

SHA256
3d0e7d6ab03cea894b7ab8ecca151db9f281a4f344c9a0618f8f6abdf10a9f43

SHA512
2aa6188465a6e97990ec25fa501eaf263d4d14f7cbbf884310851490638c6627aa49eceabe1b7e2a3314a5f89f1eb0a9dedfa015406afea10eaa4a7830743483

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
acb18f0305720b5e11bbd143595a6cf4

SHA1
c3cd176466e1ffe46aee6129fcc13813c47067f0

SHA256
a2b62c7d605dc2344aa01939cc78b73d17680fa0802ecd668e390462da76260a

SHA512
e3f1bcd7dafdf4ecbd4d1887c7f0a9b2db57f8ab442585acea71b0598465dc0f153f8349f577cd69d39b315426edfae963f1714160cc41f544df11070902977f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
a685db4f18758e7d4ca7b0cf9717f30c

SHA1
de40d8c71bb903bf03f4c8e2581e62296765b992

SHA256
5e1e67fe029621d80b0bf19be1143b4b1ab782feddb2a46112bd9c6bdfe1d422

SHA512
a0220d1998cda88a663a6cec3de96a5cb95ee0ac7cd417130befc895aa49629b3e92e70de435811d8547592706e5226e27d52329ce9747dac2c511280d58cdf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4842B4543C789FC992419E09C95EDADE

Filesize
422B

MD5
f5ce0708f6ffa219d94b2391d284e5c5

SHA1
c92076ecadd6cef9df0d4a4a068f34a920bdbb1d

SHA256
d0a39d809ec94c375af91ad870c2a6c36303222fd8e43e540e39c489362123cb

SHA512
7fb7f28d265e0b6ad797324fe91fc6a3bd4b0b99730f9090f163e2a534bd7c9f54b4a3c7b3d365813bd6f78e22dbf0fed5bd16583ec2d68413627add5557f339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
8f5fe682614c2c0a58b80837ec682d4f

SHA1
e3657294c788a77bd34a388c1f6b954437b1c4b8

SHA256
9efe6504fc44bb10465d3f77605692826efd9339578110d835b253892c1c78b7

SHA512
846e843893abd73166ccb9d72c0851d6ff5862fc7c330d76ce19b1b234ba1b440ef6f485a70d4c361275d34b094dd30ee0877a75f41c0c9a3c641f6828aac977

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
c6a85a0da5dd80f352a8e924fc016f7e

SHA1
c5860ba67441e25d63941f91d58607844dc36548

SHA256
48363878e6450f20c9664b4ddca73fa6d73f57ee8987dec4e5cb126fa1697a5c

SHA512
9df119cd970de9bcc0c1decd2d3ac979b87e62eb199d8ba6855c0c6189faa0afc214ed0568d7663d8331155533002a3dce51021c0e46fc360e89e1641808b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee478f7c4d2926598847a63b220a6ef

SHA1
fea53168560635616d2056895ee7425121fd0c46

SHA256
f2af168c642988d69fe11a5aa64ba9a926cf64abb7784d138f2b5611705eb64c

SHA512
ee2de378f48994411795d4be064f1ecdace8d8fee9df49de89adc1bea70d0d2883bc599c60fe7af43c065aa7594242bd6ccbd8ad08748edb40fc370721547f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
32KB

MD5
7cc9b78226acb93f406eb1e4e17d4d5a

SHA1
8edf2712deade134ce6bd42fc8ee70eb68891656

SHA256
45afa895ac254a15f8928733b5c07204aee680dfc3f0b3a1e87da9430dd99ef7

SHA512
4dbd56f013826532e5ce24410fce357abeecec07e4d525cea627e911e96842ff0fa3a8848f8695a6476aef4c343601451a69d53e0469eb388e753956f94723cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
16KB

MD5
fceba656f5d1bebaf438f5ba3c25b4eb

SHA1
e1b97c2f9659f8cdea7e6e613e7248d4e43a7807

SHA256
62e64bc06197e88c89a678de3c7a4f5a927ad4327d03c1cc8ccd69a9a324a8e5

SHA512
60f75b9fd1e19e06adeea58e2fbe279dab5478361d81a4a69a1d104060eff7ad32ad78df34e7bb117d2578ce260c40ce307e150f584babcb3e0631bb6397291b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
24KB

MD5
b093a97cc0320dbfc47a8ebd5afc03d2

SHA1
7d3d0d78fc1dcdf2427b0f3111a78bdd9f3b01fd

SHA256
4fddd93b3d903de9c3646243a29d57b07b3a4dec2353d8707f3b4dc873cbb495

SHA512
edec8e02fbc8c6a661d401eb62f95d7b92593cd1a754aaaacdbd5ffb0d8ba4d6bee517de7830f9edcf33479f5a095169eb1781237b14c4bc265cf0fc5f52f315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
a7f18ced0b7ae5afc8646ad46af39dc1

SHA1
25b7bd51226f7684762b2ae2edea768086651cce

SHA256
d4f3edb3b631a952d95ee8135111be8de4b969581bffc465d1bdf7d92eecc38e

SHA512
cd03e35b0d75fd39343607ab487cf86420abad0c91ca6d9d4803ee942eccb3a5a6983a5f1bd7b0bd5f7921c61c05c18dd4ee6fe8621fc5f03fcdac9c53531dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
27KB

MD5
c09b23a10ce12c0122b6a3d52f576059

SHA1
e214c79ade2ab8e5ab7adaa200cfe982381cede5

SHA256
335edc4bb8a28505e6fd253fb1f147f7541de511336120e7908a5b3217bca362

SHA512
0a27a5f3a6fb52d6afc044cf568b17a737153569e914917418a800a53578ac8968031e6277b6fa3d00860469530ea5a0633f1ac0ef27476fed72094798b1e463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
0aaa843cc75c1de6f1fd7e2383f529f2

SHA1
05bf143b610623e1d1227d606c33fdb72248e2a2

SHA256
af7a9d0a1c78c09c3e88f25e9127d9fce4cd2279cc39c7a0a59f50f1ed723d2f

SHA512
10e5059da50646e5a046c8596e68f7a259a271317bf3b9adc1f75a41374834fe8af4ad24ece2e39c234743a9a8b1f9b970aff4239522db6d180729487d3ae0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
17KB

MD5
847c4e34c9162acf4b6857812cd3dc2d

SHA1
d4ee14a3794041fb661cb8d497684c3a30032f28

SHA256
bfd486b27ce892b5c77ca52d096a02020ebdc2b10615a53ab3dcf77079ae2b88

SHA512
2a9da1bb2e7010abc28a055f778e62a7282a9b215793bebd56ade2cced2dfeec6ea29b5d7a2c103e33fc7251ca608ffc5087375da3dddd3421e79337fa81644e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
31KB

MD5
463c66bf0cce1145ffff7de835f4fc88

SHA1
774e8b5bd5846d84d31447feb326d2956b85bef8

SHA256
91377045fb4c13198cd8ff977f0bbf17944de098cf56e1ff918821791dd3d125

SHA512
5053e0ef371b78d4a663961afd38a5f313a81d3de6190504976f177f83950a47b0ca8e5f0fa35ee46c213f5024bfe208872ff6359dc98816a7e10f8986d0df87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
28KB

MD5
b3696c85ce4fe13e866b19c3ddf0e9d1

SHA1
88b2b575ef4384cc467de6380de18c6ef4e74f5d

SHA256
e31460012085e6b435189f927ccd3ec225967583de62fd1a9f3dfbd080a38f69

SHA512
6d491b4611847d91db5fe7c54b829ba0ad98ff4aa04a213b3025125ce63bcd6f4b78ccc466bd66238d637359676085f4d6381331100ebfa5f4b34576bc1f146a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
26a16f9a9824edd9310e9f962bd28a22

SHA1
e96541a91a7ed2d3429d9e3383fc503594f4f206

SHA256
2caaec097618eb9a612eb5866d4a70672bc849dc75990127eb5f14f988fa200f

SHA512
2248fd3159d2becacbdde99bfb2c0e637cbbaaca2a779d6cbd8eeb6fa10345bd241bb3d86d1143e28efafebf066821aa7b304d67ef1667a6ccbd7426ad22113c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
26KB

MD5
720bd519a405ee75239ff7fda90fb5e7

SHA1
4e3124110ef8839c319779877aff02e3cd9a6a0f

SHA256
19e0a2c8a6b9437a392ddc3e4b00dc7df56117efd0ef307f747589979ccf5fb3

SHA512
af19f96c5d27c45c7367508c0a06c7d62b17f0969e4ae44a10072f0e8cf7afaf3480203ccf4198eb62e9e253a721751931511b5c1d8eb8d22405025d934befdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
107KB

MD5
3bc74639df80331b8c63d954891c5cd9

SHA1
e12f29236f5d010d81acb7e5f7d2e46546fd1390

SHA256
52dd8e76a1960b4977ba6b681aa1de8713670b82e0c31bcba818b298393e43b0

SHA512
c353d8e8ac7c4fc1d3c63ecc49e2f6f76676c0b5f0763c27ed6bb9cfe371980d2deed239b9ec73174c3b4c8be9c33c20054268c87d8dac5e6b136c7d413eaeb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
52KB

MD5
a37c21834acf875f987017061a1f5dc7

SHA1
a9e1f1863e4e092ef3089584b7ed19ec0c08a459

SHA256
a9dfd4d97dfafb650b380db6454d2411197722c597d0056dad5640ed912dfebd

SHA512
ce65ceb255ea9bc11b25904bf04c7d4f038963217cba9a5a40a2e2698bed209f7a5ed80263773096601093fed902d4b96416838ec4d83df658cf0f37b5c4df2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
99KB

MD5
d56bf84ed510bf86de326294edb71c98

SHA1
45323e7e27949495a598322a3e841c260713eef9

SHA256
5ac1589d4d6900203435d3218c6e57ce57bdd3b84e370f23d3c58886d186d002

SHA512
84e6fca3aba175926460456053696dddb81bd59426fb6091587119310b8b0399edaf706afbf466b89f8f3e96b89d0ec4c2fac8753253c25a538dfb7c69989152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
144KB

MD5
3d08b50777cb09144f783a7c4b60f05f

SHA1
8b331215e137937df2e7a1a5510d45045791ec7d

SHA256
b86808398be8b24c7754d95771e30b93d0a5b17d61938a80215dbde01fc0f8dc

SHA512
a9d341d0f53c6f2a4a42366ad2b3be266353d630e47e195cce3e0706708af5a2627626846bf5d9e7b8d960dc90d1d8f43ed14642b9b74fdd8832662827a7628a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
32KB

MD5
5f8a8bd5063686245c5111f41ca52b4b

SHA1
a492db67699975073963a2fa8036e9fccada5b8e

SHA256
a701550f53168e8a43560a825d2b7c282c0da089507563c0cabb492c9bfe1477

SHA512
3bc82f505f57acd121086a23fad5658937f57c0edfd6451bd7113536dacfa8ecbd049fcf2dc3af2b7f46e3a074d7108454b9d6de4b331fe9edeb309080fa1fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
149KB

MD5
d09be58a72bdb5560a12ee3dbb295051

SHA1
21accfc81e9e30fb4230b83842581b48a5ae3f03

SHA256
c76a08c33980667b339cb138d6c20106ad05e46f53714a61051a866e7fbb6790

SHA512
9498246f3cb029039c3cbb3993515f09a039537462e382aa5fc078d850ee8226f45596ad51d31a1015a3cdc08740bb302ee52b8e1e1a3f4c78660480562c77ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
25KB

MD5
05e9679509b61424a07cc4d4efb7247f

SHA1
db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81

SHA256
31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b

SHA512
1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
59KB

MD5
ba491e2e6c0971ca7ccdfca2ea710a14

SHA1
a59b9e76bde33298b5ed10b58022acb9787ca913

SHA256
22e9deaade82309ff1cdec68d0b346af139d1bdc427ca132bef32839b9559b58

SHA512
7584086e15911ff5f91f53330c4a8f256cc9361ac901193d8cc1791a2b1f4d0cd06d0d195d4aa2f471ef613fdb5386673ebae89844a15e7f71101ec7abe6adc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
63KB

MD5
d7a3980a247e58fca9ee2480ac19a06d

SHA1
346f46878605bb801c80611f6127d69877006a2e

SHA256
3642cd09b6c978db6ba6dc86a7ba2403f800759603190fbec35c9871848f32bc

SHA512
9652349ed4811872008750733b9def3259045e7438c6eea928c149ec0bfb9a14e69f0f1f4202dc5b9b0e4af50c515aeefec546c0b145d37354b70bfb1943d089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
79KB

MD5
017c91c7dec7d33bd5018e29d076c87b

SHA1
f3db235117db557ec016ff711cd91f078cd5d712

SHA256
f89d185318666883d124ada5181b0f283517d7c579ea5158cfc41ac6af6839b8

SHA512
a12b0996270168da382531d6ad09b0c4c70fe492127ebb569d1a6d2f683a822ea1cf57a77aa08535f9fa7a2940e80211932abe9bf079677efcdfd7b072ac1c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
21KB

MD5
85f9dc7edef4f310dde46c383bc27cf2

SHA1
a68d77ce694c56e08e70c2bcc7f74c7c8fbf8e89

SHA256
eb2f8fdfe47c43875d6a9ecb49b8d9850f05cfb65efcfde2a06f8f75d78f0c60

SHA512
a35ce740c3cb691693501eadc5258632ce1e7993c3a6782ba148da0468347c69950903246208f44fdb06b9cf03e73a1c4aca4a324816aa717d1af693c11bb7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
20KB

MD5
9ab049e4fa2e057058b33715b6caeae5

SHA1
16958cdc71f415bdec24f1359e40f66c4960c767

SHA256
d147489e927ae1eacc5ab01c03e52653593dbc4bf7112c040ce26c370cb6b2d8

SHA512
efedf364b2601eb5e7369f5e2a2b359ac83908a1cd07bbc10e52b76bfccd3339bfa6f4cd5c9f55bf934f477a12da878f3de07971109fbaef341592ef6a62ae70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
28KB

MD5
02cfbf5207fcd1c772969bd4b7704e43

SHA1
33e6e71b99f7188bf05ac08c3f3e76816ebca283

SHA256
7468ee30e904e12f30bacbda5190219bc012332c12dfb2c30abd89fae4134d71

SHA512
6b6da5f44444a5285e8b7b562a0f3ac295d4f262713a2aff90236057a4100d11f6aeea6b11a7c9550a11c1bc9cc78f994c43aed6e1632485f5245db4b73748a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
20KB

MD5
f85a52738e1eecbbd780234b719227d8

SHA1
fcf516cf198dabbe8297ff497a7c56cb436aa950

SHA256
fd104379d8348961292f3730ea6a8663f5aa69e40294f399613d5b6370a9bccf

SHA512
b5b80abe111c8326cc336bd08b3354f7616a9fd0416009da64e608c86e94a9c38ddd92ae94c7e2f00df5c6485a43a302daa51672f671504c792dc6ff0e9276af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
54KB

MD5
b691b51b1a5d24c002fb603abe36fb21

SHA1
3a21e3d1b9ecbcb5f117fd164e427171525e9a4f

SHA256
176ef2ab365aa9d8fac616c3a36b9a16c47fa8e3fd96d01f4fc1780a904c8eaf

SHA512
54cb686e75e255ce02e2f07723f391355b101a78b982e7887a79f46a62cdf38425fbfd90f82cead0abb864cacf188b0b935d9f6dfe3307d208430a7f3cf82df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
105KB

MD5
bdf6442a5730d6707f6b7a0039169c49

SHA1
951be504c95970e8b4270f6de494aff028cda769

SHA256
7ed76e8cf3766c44a23ee8b00f3fa52729f680dad757a3699c7b2c977eadb24b

SHA512
9c4eaf50f214e21ba26c1b220a60b09adca6d24e6688b6c4c55c131c16508b30e47edc0ace928d048675f3e9c3611b8378912436bce379225719f5da27f8d240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
21KB

MD5
45e759049e30576b30d9e860a0855b2d

SHA1
9c48f3adefe58b1237555d9100fb3186d5058df0

SHA256
396dc4a81d0695a268b128c578bf19efde91769f7271513dd4218eea5448739a

SHA512
f5408be83ac10d42ad97f7dc0c3e6e42f62181d19fdfdf8d553c6cfa0de6664e11437b64bbfbb6582e81b1668925e9e3e3297a181ee8edd5c8a1dfb765cf6926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
72KB

MD5
6bc7319ce926b0c88e4f7b29585c4f1a

SHA1
55eae9f0b0f4b26062e235cc5fe8ee02f6d08458

SHA256
8738ca11cb7be6f64205aef10f50f9ec91cdded78127768e187e6d8c904b307e

SHA512
05740fc4a996db810a6151a5f6b11e4295512cfa0453feff27cce05442feb987826c57c543ca419cbb24e3a203707ac7585a5d012dcb6cc864332c07984ae89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
70KB

MD5
440e91f879c18dfae93b3a5505d15781

SHA1
eb2c46bee139f22666f4590a849d574f361a0165

SHA256
bfe0c1ee2af3242fbc522ebf337157b2e05a72c22e90ada6001df5b52ee3f97b

SHA512
1278ce6d2bb300b5ddbb83add031da79885a2059d776a7fbf28ae5b066099b26fd414c061ce85ea78d3cf94967d23f0e510199f2e202a26fa808c98098b3e37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
20KB

MD5
8be019693b8657fc17f2f01322bc1531

SHA1
e5781d30a284640fd4aef3ccdbc8d9be3cb451c3

SHA256
d3ade28bdb1c64522475ffa2ca99daf353e4b4068cc6f9e21b53ea93c131fc29

SHA512
7e929bfef99a21608f0e6b30a1e33c76c631d612a3d6ed21952c3ce2c0ce730296e77aac583190aada835206fcb64486553c7c05f09834154f8283437a73257d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
76KB

MD5
1fc88a7876d986f46478f6b0df7491b4

SHA1
5bf86ff8a2542740ecbae3726849e45e4eb100c9

SHA256
54cc86e353793c068c0c4e2f1fb32ffa39927f19421290d77aa23c721b30aa80

SHA512
45cb70cd2c2368b213fee07b6975475db37fd69ce96f179f9c23d8c21e79aeada3d2bec3d76ee32e21ad9e69537e6571cd172b9a95825706988d86b920954d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
50KB

MD5
06c9ab6d594419f5b69345e34a451cc2

SHA1
368b7f685017d3923f4b3d6add65364a73ff0761

SHA256
816f7de3d7ef1f8d9be4b4b5f4a781ad48fe09f43ca42d621593b72710fcd8f8

SHA512
856b7d02d524f9ee6e1e1f38e2964029e754adbb5185ce4015a8503e2f86383431777e900c4fd27d4a8eaa9aa5e641fcc9869d21932ab5bfddd137dfaceefd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
58KB

MD5
93f887e264ec3627af6ba75b68982bda

SHA1
a7fc5b4ecef3244125d915450860b86004039204

SHA256
966e9437603431a9aec3ad7948edb2577095ae70703e76d599645dc025c93c6a

SHA512
e0420315055e1897b76c3bf1d2e660d7c25bee9048861ce9b94b0b7c2cf5b46fbeca2f24140043d2bb5e1cb82c75eb46d79dda75155b17b24c0fc7ef67bd0403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
46KB

MD5
261353b3a32cf4b1470a8a3de37f9af0

SHA1
08bba5d1eab6325e6d4c953490083de2d682b0ab

SHA256
ff5456fa0c25a19bcec37661f4215f9d52a8393492ce38ed4ea62c4c7f97a54d

SHA512
e5b853383e3ccdcdc4264abbc1fe1d201e18584345dc1d95bab22c967ccfa8ae6680326c62016d658adb746b5f57e2f861ed12b4e989176c4cabb91fd1172adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
58KB

MD5
d42d60e37c1b214ab2784d793446f399

SHA1
61ec7aac89534486f46a6799277df0aed37675bf

SHA256
217640354e2a16fde6018bb35afc51ca7c71e36135cede50cfdf960cebae49c6

SHA512
7029718612fcb7f1722611bdaf5df0776e1c03ef34fd26b016fcbbbdd33cc83baf3e05c2b66fdc3929c1e14631cccc16b8d895338210cac0554144d364dc9f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
28KB

MD5
15280573a66612e76df1d7d005417669

SHA1
1b59ad1765ca911ec649e9590d8d5507492fb2eb

SHA256
913f2aade2e21aefeb51c6c2bd7cca2dd8bb78c6c57b176ee6fcbc08bb22b59a

SHA512
435b8fa0ace07a8d6c35ea6215504d05c79ea70539c114cccf06d55926ad7ddd63d27d5c4be7768e5c271c9e1a069edeac1fe2f630db757865bf1bf95903d638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
59KB

MD5
2ed4c2e0b8238942253b3f0821db30a7

SHA1
7a952d7ab73ead43f799dddd46ec3423a6e36872

SHA256
78683e7d21b432464b97de404312be9a165a5fd2dc1217333b3357951822bf1e

SHA512
33d48731e1bdf761b4a0c524012a4ba82d3efb97ef9c97dc564aef719e3ef57b70c3537b6f473cdf1ee63394d184e4821c4ac2f42a658f583be0e501e790a281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
90KB

MD5
58fc3cef862ea978d3d9afcbd4ca0acd

SHA1
caa721a7ca3733aad7afe927eb0245293348daef

SHA256
cd879aff5f2dc3b52d21eacbc9e65e1537d4e98172719154ed2f5ff22ee2c58f

SHA512
45b0524f8b74a6f4be64d973894bb97ba52f7f38b9d644bdcba1a1c6ef5c02bad3ca543a3458d2632cf9aeb7ebed1e6e250264bfbb2b2e14e8f8fdec088936b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
56KB

MD5
d1c54f0bfe04d145e3b373d5e712a8de

SHA1
e97bd662dc9f114b3f2ce519e93f7f33c123cc17

SHA256
bf8d1df74ce4b99d64c8543ce015256445c5b48511f62db41c2f6ebed67ce0af

SHA512
7b9922813b6dddee99ed398fb1e90411a56088a7deb7854a5aa971d3065de83723586861a38db0bd2f506fd14300f3333d545ba386b1fc2b80d040635358cfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
67KB

MD5
77784f90143bb5f800ef33bd9d20cfbe

SHA1
73610e8b8180fa8ee5b0d055b4d6545cdc42cfe0

SHA256
fd6b6dbf731b32ace2c6573acbd89aebb66db1e0a62f316e70a0596b60cd3eb7

SHA512
0e7b464ca528a6a57bb09fdfde7a94f76aed77e51472a0599064439d8aff141f51aa057bb8b715141dc894b15b4d48a9b32e7e1e61122b0e6ff7f9e4ca9a176b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
46KB

MD5
9d23cf9c7da46d3c428c0c48824392e5

SHA1
ed158af9f6086cd8d889280a8a3e5bc87004dc3f

SHA256
e0339b1c0b40b8537fd72bb130d7d0be9af2e6f4ec92e8e3fd8f983ee6ec49cf

SHA512
3a452adbaca8da62f1152abc8031509f5365f8b8f8c7b821406f528ce9d9f6b7abddc606b5518ce66c39ba943ce349a89a59ad1cf1d31d6fb796e815417f43fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
43KB

MD5
d0aaaa5b29d971841f086e7aba0a7214

SHA1
3d6160ec4828a73d1215aa436c5b05460cd1dca1

SHA256
eab77baf66ec4914c332e6e997aed20cdeb0888d7d56824cd901d7c7cfb6a990

SHA512
b40508842a3224a30afe8db6320d6aab76477d5cb809970a76dc25b0a67d064cbe55605e4eb8a2089d3421c4e9230c15ac8c1edfeca620e0f95c5ee59879e983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
48KB

MD5
08cb8012cf928aadaa2a4fbedf87a1ca

SHA1
0be86526a97535722fb9e99ba7c5d599ed0c11b9

SHA256
427946bf22d06337d3dafc69652bc37d2250d89df1e91fe952f2b2fbb7487b5b

SHA512
2a1b094e1bee7995c322785ba9ca2678789d4f524e5fa2519baa4f1164c2cfafd2dea04f5a19d82d3b29fddd81ee269cfc561f16e61ead62843fd2ad3af48e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
40KB

MD5
4f65475b543806066e5fe91e8018cd15

SHA1
35e4b7c1b5a48ed465553b36d2b0fbe4ac04026a

SHA256
bed9a0d523cc55b04993699ffead2b4a187d90885ec85a546c3b3a319374f1b9

SHA512
235cae04e1d7f8748eb32b766f3b45bb21f9befd7444f5048aa1789bea49127737455df3f1dab057b446a0a4d81ba95a1d4af92c55b686da2bb859ce11b9f730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
46KB

MD5
f9b2e519a4981da8ff899a4ddf145350

SHA1
3c3338e5b34fa7d94a29f2848a97678713a38632

SHA256
251f83dc07e5c784516dbd2830695ed7e893118e53528dabddb56263a4836d48

SHA512
c036e54c3fbb081070bd680d3a2b2a58d1ae0cbfe8382b23f7fa5e97bce77050d99a350feadc6ee721c92a2f6bd8f803d2abe3c89b1e431641f2152b7bbb35fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
43KB

MD5
edca36530bf4806ab1b8b9d61ec6be68

SHA1
b27bd32e3cbb9b81279828897e4b6c8dbff8240d

SHA256
421d3ef8606f5dd3972a9e831fff636e2ddc3510447e4014d331e7a547a8d5f5

SHA512
6ba2031f974dcfa2cc127031a63afe0a4cfbae967acfafaab4678e5d82be26b625ef26496144015413d40d61b0de8ed52ea3dfcdf59f480a8b7814d2773e0a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
53KB

MD5
2e2c1bde784e040a860fb8c1cd7fb42f

SHA1
486a224fd33fe43db223120c518a3d8364da8822

SHA256
aff5b22be67a31603c60ac3375429fc29b5ef67720bb2f69537d3d9cf30b7e92

SHA512
f065c6efa4a53b7b07d8e2d2e8291f555dee6ee4617b7378ee2bf0cee19d00131aad563aa2d00219533a0ed55dcfba7894525ffb567e8206a32f3f3d730d3af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
43KB

MD5
d66f3d17b0d81941b8c44d03824fc196

SHA1
67432f982f98be568174f0c2f0e1174891f66d6a

SHA256
6b89f93f4623a52404dd5d9d288e695143b890a2f92e8532df61e23d3a4b6fb0

SHA512
790890305e9d8bc912d4d20452fdd702c2a04d086641bbc22a7c48601105f6ff70a3e6a7abde0fab9095ffafefd65312183b37ff127e1729cc8b4f6f1ead4a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
56KB

MD5
bc13d8adb446350d9aed713c95e4c8cc

SHA1
3827c80d8b62890cf8ec6ccd2127d878033ba238

SHA256
1ca653e02c5dbbba96c76dbdf456feb956934cbbc200efbf811978dde504215e

SHA512
3d78349b7723d391dc750934b14edd9f67e530bc7cbc2eb86630a1e42523a440878a331b24a405faff6ea84407f73e830b30675ca6cb3c38e6941e6cb3ac0836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
18KB

MD5
e3df2740f818221436e137d8bfdae868

SHA1
395f243cb510f37a196912592082b73e5e366652

SHA256
243ba249fed21b82626b93e7db32e35ae6668f566a2bcc5518c53ebf0464603f

SHA512
75b76976920f060aa37d6985693a90d3da8214ab2d61afa88854a005e7629b1b1ba4bf48572f3b350c7ce9ad7899f972bdbace8b38a11d827348ca6053f38eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
32KB

MD5
33fff7fb6a016023c955ee8b15e6555b

SHA1
cc9bb7c769f9a4bc6153e49e71ce6992cd053401

SHA256
63bbca6e2eff30a0dd9170127b02028449a9156c53787478bf96b907bab1875b

SHA512
590a5900b0e8729c09137aeae9a15e92058efaf23028ff46a8354edeacba748ad95037d84ff27dc3f035c23d219a1f91034efcffc7aaa6278b280a18198ae40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
99KB

MD5
dec2a0cb677a0fe85d2345f2c4010e23

SHA1
5cd29a3cc511723bf1d6cf094d71a69341f8ed1b

SHA256
e9948dc53981c2e67f3f0891c587a3a12d54a716079698322787c2269749622a

SHA512
485f8c738acbb3cb7bfe3e9ba43d842589d3de5dee3d5fa7e34e387594a4ad715c1f1d0f855231962c224145cfe3134c1608bba114faa11c385bf323ecbc2eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
20KB

MD5
e3640d28634e7c8c27f09920f8d30443

SHA1
acba6bb1a62fb3423714867e30eb2f9e03e7ecba

SHA256
8f72fc5cffe8037763c84c3b2acd5184b76da7886c202d5cf91502d0efad87f4

SHA512
4c54ad3cc2a0c8baed63d1bbbce14a93cdbbe2543e56365be9ead77c8aac6450afa346357b9aecf61647c6e133e4bd76efa80abe60b80721ad1f6046ceb10a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
99KB

MD5
93f164f02f35413cd18b62fff68c927b

SHA1
5b75bc9309a8f9cfef3ec665daf7928d884bc7df

SHA256
59255d7cc302c80dedf52b359d128d87b558017a0713d433e3dd62e2e3f14e40

SHA512
6dec39ed6b98439a8345ab7eaa55c3bcc0425b60f18d3ec79da51f9b13d45bfec0b53f8ae7f658161ab10a7ef56a74c3ebf1eba0b712ef3771b478765fb3e3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
94KB

MD5
320ce50eb2ce85d2acadc19f9ca2fd39

SHA1
f2ea41e7927f5ef214be2a1bf0a887303d2d8126

SHA256
8ea4111b6c23dcbefa4c08261a56ace2a2a9d443f4e3e22707c5d69ce376d456

SHA512
0e05f229296839ec289e685ac8f7b4b32c5d67903b9ad4666fe453c0aef5cdaa37315d5528bd53ab925a54b80eee8ce9dff8bdb5e9218ff3131c0a19920aeef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07aad75a0a1501aa_0

Filesize
5KB

MD5
1c263bb9970e21b1c32574e3ef3aa7d1

SHA1
fcd9c6c66f5ad975d0a549d1c451a3c048fe5bf1

SHA256
fd1e652d6dba5a22b447df6d7e77eb3df822c0629ff0efd566ef14adcca9907d

SHA512
dd490b89f1788b1b8137bf28b4f3f183965792944f36c1e0c81ef0d5d8d28320e2dee901b7d99cd376f73b97e3d7eb24be4b31345e21176c4ef50bf3dd537d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a281bacd0dd4c5b_0

Filesize
390KB

MD5
33379625f8aa4b85a40eee2bddc471d9

SHA1
be8a5b76e8ba9fd6159127865cbd56d4dba4eb9d

SHA256
2099abef5cd45fd087a97b86d0e6bda5b6a5bcb1e7e62ec43a9887ab1ec6a6f2

SHA512
d6ffdc453d1e603c098326f87b19c9023f53334b5ac93a72926754c800ec99acd55389420e23893386017725f14bd51449f870262829d3efb617a9d3a403645b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e8379f36e558e70_0

Filesize
309KB

MD5
be2a48a4b4a22eb4f1d11fcf1f60957b

SHA1
7d8bc559273419d14d861bcd8db2d0ecb3906665

SHA256
a763ce814b152348e24c1aac9f109cd6d9dd687c5125ce0313398972579c05b7

SHA512
c559397ddc3b115376f11949b82401b09a4a1599059e6da8be4ce9331459bae0c0ba8c5eaed7dda5f037efb4189e846c039f3c86fbd37a3e9125e27ce836bd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23051a30be234785_0

Filesize
1KB

MD5
d2a86e3df29b816d39d7987ef1665593

SHA1
c12f7261172736c8cb3bc2f8ba3d630ef8557920

SHA256
9eba42b5a062387c2a7f365a1f0e2f3d14810b1b82feca2f11607a24a4ed54bd

SHA512
3f90fc797e31913f35d8b217c69774e865797957a55eb63fe23aa8ab52abd311f3b1e661e0c5f095e50a759020bd592ee59f8ffda11d6dfc5622ad69ed1f8c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2baae1ee43ba2c11_0

Filesize
120KB

MD5
8a6ff41da704060bbaa0c8d7986befec

SHA1
3fbd1aedd0932a1af1e902a142117ff3e6fdd5aa

SHA256
412ed150e02bc2bf1350f9748ad06feaf6592ddbaf6290ddeaa5202f7a000806

SHA512
996d0f80fb7848db0f7c153f4fd2e8388b63cdc65cc68bfd4f0605c4f7b7b1e5ae124fcbcc477fa1c97daa279167d458973af24d09bb930d87f3e8a3c2022d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3355c555ad5e31aa_0

Filesize
24KB

MD5
f14a66e0d6720b61c9be1bd3978a3d45

SHA1
b8e3043ab03b7a1c0833e49256e4e4df225e9d38

SHA256
179c32f2f01e05066f8834ef2d0dee98fb97ad4919835bdf36eb94ed1b9a69c6

SHA512
ce5b2c478885a4565f50827303844401487b5ed5caaae8e0c577e4af2ba3d16f3d98f3182fa7f85a0c25bf763b98a70401a87575457157ff61d26e7cd7a81c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

Filesize
270B

MD5
cb494134eb4638cb0b0aea3365eb81c6

SHA1
44fa44f4a8e0c41a98f312cec2e3856c05faef21

SHA256
f7622ab89bc1e2954828ff0e9d71241583f63d62dc7479e2c730d40e6abd2e49

SHA512
51d4a0a9784101f14e237b11a21e9176ec6fba3b9bf19b9ce82eca32734d0d0d881186ccef5b92eeef58fbce9704c655d883c9d0395f5bacf71d5c5234571175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5bee23d187f0ee69_0

Filesize
82KB

MD5
d05109a1281cac85fadce769ff4edae8

SHA1
77e2ca03555799d0bbe79220e63a8c4a7f0d10c6

SHA256
821b3326164e5da50a4b933a27f1838881b57506c749c22391b1977f5c9d5d86

SHA512
f35fb91e4288aee54f2104be3d911bb12c172a10612a85a8b68ca585c75c0c88ebf5f0208b2bbaebcb826bf689d076aa9e4628f9e1edaf4e24ab3a0d54cefbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

Filesize
43KB

MD5
c1e13236a1c1531a01bd1c4c20d345bc

SHA1
f71c730fc018d90e190f3bdc3d7b7e181f634f77

SHA256
cbba6986463b14de1e413b5845af954e97d2b2723d4b30d45090395843412289

SHA512
2d9bf9873d4af7c6e9b7a8ce035abc5e799c52d56b292ab75dc236788a493e9309f21635776b450652fb7f60ab156b41f7076377ac79a81427f001a056ae9205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\689471a49c9589a5_0

Filesize
26KB

MD5
1665e98d153b3238db1a9e2981bf82cf

SHA1
497ccf834b827564195ef978479a6ea330fc5a50

SHA256
c6998ce7e1db4c45d7676a4390f445d529eb52ef61e563848865f7917606b230

SHA512
a9cd7184a5da7eadc0e1d6e647f0f44cd20a8cbd0284598860c692c5b44222a7136420a11609be2d66f27c854ea5e185002d6377e2936e59b28fabf6d420c027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69a72fe97d695c20_0

Filesize
267B

MD5
5f2fb9a55e622ce404f9119af459e424

SHA1
37063ffec92e884f61336aeb8dacd788a992ce12

SHA256
95d87abf427538127ee99c19572612aadd909088740ae6df7a16aa62fe115c52

SHA512
d0388e0987b8167e78e9d7baec4b748f2acb38c39157286f5442041256c8a9674a524f8fbee81eefb8366c81217f7bd9906e8a64a041016be3b6d22c48454088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69ca28ec07c7f2ad_0

Filesize
32KB

MD5
95c10be68f89f468ddff8c019754fa7b

SHA1
1b5d114ef8a81beeacd810df3895020348c4670f

SHA256
47312b078d13caf4892eaa2df5896e7e3e9140a0fe2c7c32b72b2cbe27155d2a

SHA512
66aa6c6942fc210fc3df9cd028ad111efeb7d1fe8d7b26eec19f55de3c061f83f1be0aa2e00cd7d8f07750236989cfc8ee7459c45b093378e0aa3f48963bc008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

Filesize
275B

MD5
4cd597be62e9de9ac797b5edfd7abfd2

SHA1
a21d8703505e7a59161fdd88b901c76f5f269429

SHA256
0c2f18012c76cdb2aa2001dc4e1b0e2b001621079669be4d9d538ccfe3e45f8e

SHA512
ebda475eb6dee9f107bf408bbf0a63928a50c92742070d7e10ad8e31753792fca162908c7234f83e39967b9553c72309636abaa8778a6950d6e5ad5877270b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80dcef9b8327356b_0

Filesize
3KB

MD5
18591448777f340a7e3eeefc04c2392d

SHA1
d5ebc3136d0d5ed672e0a75026d4878b4c8d9403

SHA256
42ef3f6bfa8f4eb3bbb963f35783df301beef653e1e316488a2f7ae39cbbb9f4

SHA512
f93a8286e30d3f9307993814590090f460d8ea40597e7daf51ccd94e88d76e084ae47e42b9349bc6a61a31ad988291f6086c0f7df0a1bb1848b62b06fd617834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8172256176818c44_0

Filesize
251B

MD5
6347f652a036ab0f9ac06e1be962407e

SHA1
db617c547b43c186901ac4df74f79ab89f8ca5f0

SHA256
cef0244e86008b3a8e33f5b13a4eb872513d4b388ed3d2953bc53536c3dde1d6

SHA512
989fdc9abf286d9d1c471fd2a9c1a8b59d15c4fed38ae220db524079a21541726e87fd9fc40131b7a346f283ba1738ab3f2ed4e26cf16bad2ad89e189966f1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\898442a80c318224_0

Filesize
89KB

MD5
461a4868711c7ced6685c1f55d1ff048

SHA1
c1ce8d2e341bcfe46def0f69a0bfc9ef79c89ab0

SHA256
729430aa5af1dd4260e426a98027fcb3240f6576116a67ed81599b2d4d1bdecd

SHA512
bdbe8aaccb7e8ebae0c8d1ccae8c0b734047bdc0105d598f3dfa74d01bdabd699b77a08009c0d4dcd66fb3ece7ed2f3a500b8ddd4ff0516004635c9c0af3f84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

Filesize
30KB

MD5
cfafb8233818de5eb759d0358b1a3b64

SHA1
b459ab00789d8bf9024e7988c2bcdd593156f27a

SHA256
94ac3121fabe195f52bb6419ba1abcebca27ebcdda7f38f33310f9241916a739

SHA512
4911e0a30792e90ef07c43750961d15d99dad99dc63d4abe90d22a7620027811cbc6f9ff5d1376bd65fd50be9f3cf356280b68e2d9f186d53f1555b71c468a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0bc984e8a46d1be_0

Filesize
176KB

MD5
3277f09f469a6cbf430942a956ce51fd

SHA1
388afea1c3eb5c24258fb95771ba739be7f39cb2

SHA256
2d5fde72409a4f75f275f3545a1b4c206f47340a4189ac4eb9bd1ad1e425e0fc

SHA512
5e169818c86c71206e9a144f8486beed6388704c49f5db6a4b63fdbe25b1ac97c7f68d41f55c7f6d6d6ca53c0ad318e78a46ea80bc7de1e3df5d90c34631c677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0

Filesize
250B

MD5
b6ce723d5d5a3d8aa6f219ba1be69b0c

SHA1
a634f951758fd1d1f28109b7c161c7b79f005032

SHA256
102fc193e1591efe96bef9a482e5afe351940c80cb0ae87e80e443e3dfce4a66

SHA512
882300649136478df9a573025f1a660eeafc65aae33060268c90d51ce78e3037decf44c76d0134aa951af8f8dc198af2f4e33082cd7243a5b59995a74bbb9e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa03da912284028b_0

Filesize
102KB

MD5
3c082b43a156802652cea2c1d47eee6a

SHA1
d494a3954063a634cdbb16c66fa9c0c2877d28bd

SHA256
55d3ad833c76b8657785434149247e1ca88cde18959d282668ac6909db6a2502

SHA512
4b20a53616d4de17315ab4d0b57b43184a480ba2365c123982ef7f39810020333caa9cdca7d908cabdaf831c933f07ef365a5d082d6669077b504409cf7ce1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6420cdc5d06ef27_0

Filesize
3KB

MD5
757659a37e362e940ea868c4e161623e

SHA1
7da73d9f70280fa6ae36918465b9ac7d1c7529dc

SHA256
aed6f82f4a7f9527ffcd96485c9874622d058ca21a890c5dc750dd5fbd48e130

SHA512
a2c2ad18941d8fc5d0148b65acbfb69a63a859717435ae33164f87c66bd669870bf7a4ef6905ba0e4e846640d4e63031fa30614bd7a4ad50a52f07a28669607b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bafe65b6b02f20f7_0

Filesize
322B

MD5
90b72a7466f491babe7eddf463c04a00

SHA1
f04362b3191492a7ae58e36d3cc809746c760ee5

SHA256
fc779ddb4a42acff99fcb0e9853f07d70e2932b3724cdb0736735be3d6eeb069

SHA512
ac4f0fc38ab0e743908788646e1bff5d312224c414763793aae6bf4d7828ea514564d789ac1559de170cca7badede4e8d86fbe371a17d6a47a9d201d8563b062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0

Filesize
279B

MD5
4e837d79f5ca5c4f8623fb269be10333

SHA1
8cd67e48798ca98fcbd4439399b9df9b0c973a9e

SHA256
c7b519697385f3e0f6751502d064034d053dd96897d6663066050946891c5b8b

SHA512
bae7d4c541b1ebfa6956c6ddcd1b68cd44987f6d504cee5c287958b370c9b54dff1baae420a84bb14bf6ef2ead04c81e85ca29fb8b453b0e52c1333eaceb169d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf3fc8ce1a143568_0

Filesize
267B

MD5
302f0abf30cffaa6e9078f64e766c16b

SHA1
7a72757e41a8bca77987ef4a02b3b9ebd9b7982a

SHA256
6723cf28fd75354543e211e862bf2059532a2275dc1035a0b38d16221e0fb92e

SHA512
6d6b7b5b5a05605b30ae87553fa10bd8fab1d15e9cd51b8c372ddfd2647c837215648ec29f98120a83bd287242cf00f808ae4b80eff52b163b4648048c667e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce03f86b39affb26_0

Filesize
2KB

MD5
ae0de6fc55fe0a114c8ff5f2d8a13768

SHA1
fcc2cd5b018a01850975b88c9170528d4d417939

SHA256
5bac3d1e199ca555c8363027c48660695a4a3bec9e5e903bd2a9835a724bba39

SHA512
6c2ee8a2b3104158c7c228af0462025a631ae1cbfbd6d693e95a8595ac70d540dfe87c52b9995776ed72938b7c003f3d9a47d9ecd475dab29a8fa13e800cac60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cedbcacb50cc047b_0

Filesize
266B

MD5
727384bc0834cd0b23c92eeb9357ed57

SHA1
e26411b4dda84b791a0f0cdf7ffbbe90eb3d408a

SHA256
4041f56dcfd0d0bec741d101cbdc67dcdcfb25e7bbaf48aff5f8a6ddda54502b

SHA512
4ead554ebd94361b0397299a1edece74310cdc7cedaa7cd12cb92668d2bb12998ad16260be7e1c0cbc9ac3c1e5241b190525318b0d232c82aeb92459c6f0decc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d42473888a894f5a_0

Filesize
279KB

MD5
8b68a318db61023eef7e6325183eda16

SHA1
2a499513e256934868d493ed9ac1d981a19b269f

SHA256
72f9861f08ef4876f8c0974f5df75834857b351875f2703897513f801897b5c2

SHA512
aaf0adb65d38c5009b0f3635ff94663f210e02f1b914b4ca5a9442a90fbf8dcb08135e21ca1effc7b35175c0e403ebcd06108b33029609082269bce609500027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dcef81c5629f763e_0

Filesize
55KB

MD5
9c757f47761b215320eddf0a0bda880e

SHA1
934bfd2ec35454f4adc62487bdf8a89de956f622

SHA256
05636387a525cea501d5e162b1185d595eb3302d08470b5bdf908ca550396c15

SHA512
37b9eb93aa52168626836ea69fb763ca38e477c0709d2f7cfca022e0259849f235e459219a1eb14958b47266cdd333261c6431d8489883e71623c4386d7d081e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df8d557976c618c2_0

Filesize
67KB

MD5
f10e8cdb6ce5deb9dc8440ec2172fa98

SHA1
f2f241b18072ca2e2e382b8edf5c2697ee2ffa91

SHA256
479680cb424b578959864c0b5046ad8362d99169daa0e7f7cc23aa0b3442d312

SHA512
ef820a4fede84372d319e6820c2fc1515560879e08ed00aa8068c85b23b6a46dc5578bbb4f9412895cb2126c02575615e76a71c53a48178525fadcc07139f12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

Filesize
62KB

MD5
74ef69413f509540c22b6fc30b97e339

SHA1
484d124c802f5ecdd5a8c2a55348dd5b8e05420a

SHA256
c91b5958fad107906338933944e6e31e34bc0ef5b9e592ed20410c0523a60445

SHA512
964f164e08d36100bac35fe450244bb7fad8c46bb1ce958406257343242fdb2c323fa16f3d30f90257c5e31e53ab104b5c29468c6831407e6021b1c2bb304581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0

Filesize
10KB

MD5
10bc97bc261dc20a72a05b8f7c040b10

SHA1
b72bc13ca9d25e259f32fc0b1a0683e4a840e7c4

SHA256
583db6e2887f9ec4f384ee97c28f83385bd4420f0e246ce2f6b8ecb93b18938e

SHA512
9085a183e8aad4d7eec58f3fe39bf03bf31863b7ce157a8da2212575e7bda2fef0d353c9ea9857406438d927bfa35400d5766a9d531c0fba690ffc32cfb8ffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa115172bcfa9518_0

Filesize
55KB

MD5
1dba17af2fce11e277f6eb4503547eb4

SHA1
419148fe28e03b24d3977960155086a4e03b2eb6

SHA256
69694482ce22bfd715dde5b2b7f97ebbb0b18e544858f07e8ce1305bffb71da3

SHA512
c92d66ecd654c4734250551803c9c671521a40cb8c9ff8a55cc4f08413df071102db0ab01d14d922ea6e8213780388163fc8187922a3a5c319f05757a17b7365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb7d4e00c2a87847_0

Filesize
9KB

MD5
854564ff14e6d7459ded8c2da08d0a21

SHA1
84846ff775b2dba4eab785277c7f924ea00544b7

SHA256
7372ab4f4cc2632bd6739c1410e2ea91559a81f7b8636361be4ef91f5f155320

SHA512
1203766ff96407a8472d4960f20d40ef127c54ff74b1c8279cfaf0c2c54243ac55cd81bceec15f946bd21f103d1504049f535bad4e8b4a417c7964f3f6ee72b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1cd5c87e4e08bad594cf1aa7aec34223

SHA1
662afa084797d4d0368fe9f0784733f5bef27981

SHA256
3e486e8d185378b7aba09e8f8e702d794cd312390aefc59636bd6fc53fd1ba88

SHA512
fa55df0057ab73c35ae4cccdaf675c9469879c1d1a68edf22b234941bb90999c5b51c77273301e197ab90fadcd126d2f257fb6386c5b93fc23b7d4a2a7f134fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
02f4585c95e4e35bfa98fc6ed5219a5f

SHA1
b8e2c7abe77e1967e85de4e40a80247385c26565

SHA256
4746e0b7cbf9956fc1fdb3968a1d893cafe949ae4f9d5d6f406e28bc1754e114

SHA512
9f5071bc52e2e71d5cc72acac3a3448b2bc683f2ebd7acbdfbd240376099762977994c6ad5c1d5e4141fa3a48335f7640bcd47ed25a6d47cd8df23dfc3e9d2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c2e8d67b0a87482580766594ad4859ee

SHA1
c28c93c70a97fa9002216b15d212afa68bbe01da

SHA256
5efb7a4a938d81ce9e0a0d559422d4057e2b12f86b7da63267dd25c69973ba3d

SHA512
39a08b1a60ee1a4e816c828cfd8a1f8be38733831c4377ae6b5b88ccc9192870d141b3610a2dd7e78cc9a4f16c23c8a54c998e88f214c51bf9d00c28a02e83dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d9d6d0348f1680dc1dec8c3dbef570d2

SHA1
eb8a885aae9ab3a0b85054c48ea0faa0c24acae9

SHA256
83aa4dd2c50c9b04f612cb87827a533eae968bd95875a48e71d5b5ec8cf46790

SHA512
0ea74292bc0f47b50909534908a705a2e3f252f47eb864a93a25cc8242791042a02736dd7ad396fcb5d6d965241f268e33c0b27d023c573d019516dab97fe390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a18534ec08704aa92c9d0b43256b9c3f

SHA1
1ae1e2f871f621211683d583dec74925dfd917dc

SHA256
cccc13111d3cb544e7149d44a21889a72607ae6b8183fde30b8a8dedfb7a6a6f

SHA512
b7f4621a92d74bb1165d9ee1c71cfc2230f64e8ea089129c832d47bd94d49409ffff82332207f1cbf5ce92a17c9f5262031a36c5bef75cb994588b73ca0dcc00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
227dc71197843c471a41e4491221bbc8

SHA1
243360c784d04c5db4a30ebfecd482abbfab996f

SHA256
fa58e2c10c660980de07fc999bf249aa69149d864f74f963717df50f30cfe06d

SHA512
487b1954f6981c822bc87b867924ed7db04adda991c5359c8fc4ac0ade3f92244dea0b896a3db1e15097a5effe59c2570b7ac60913911827618fedd44cb17601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
e9c734eeb415ce783f8f3cf1291305eb

SHA1
aef585c038ff319baf0bf046d252743b3e505219

SHA256
2f54829ea72778e13369e7a3129abef46f3586fb919ce66a8a314cad5faccd13

SHA512
cfc5b8c399ade5876b823a1e9e4a9da4e7656ddf603d859a117810c11caa73e91890eed763513410e36a72df3ac1f77a186a6a9906d8516f7b46cedb8ed68f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
d3ad398342d65722a0d2b6b58b63b927

SHA1
ebe669d3e020dbdc29393cd514031d30f040c53b

SHA256
fc19d361815881cf848581e89acf6c81da903be8ce26966780f598130c3bd786

SHA512
bb9b9d0ffffd570b9eb5ba2ae491985790c0667398f96e2bcd14ecef167cd8ef9df523f4da0cc3018b3681397261622da4d943292380e7d732a855cc17bf838a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a090.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fa413a69b174ff6109a49309a498324

SHA1
c85d4ce841624ed0ffa40b350873f44496f7d48b

SHA256
9e7a1a30d77472502343ade6de0d9316355c35cc6fe1198896c562570ce59887

SHA512
87b8bcd841ca470ffcfc23d1d03bccda14d139eb30675e55f81b885a2ceea713b8ed717dc16c4398d740a0654fe0b5156f59c098947245834e3dc23b57c1d01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
19e16c9720d7f0b1d3c89625b2f93698

SHA1
727cfc64f10eb193fef1e2c677afd1c0c2b9981e

SHA256
de0ca6f285e446a61dd9a804bf463cd60a8cdea4da2d6969c53ee3625c1ef4d1

SHA512
a2996c6ca3a084502fe7b7cea3642b8d4bd0c5321c28f3a4f74c8af06b8553927fc656fb9953c2a8f5102cd9335a4765bb91b0ce1a25936328e0c06365484b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
92b1f13348b82e98ef38b12ed48972f9

SHA1
0717a7c9931f55461563cf373ebcbaf655643bbb

SHA256
61aa1ee6b68181a171c45aa77ca68bbb222659e033942753346c6186e4e4878b

SHA512
022b7dbe3a92d6996a9c61e66db03f024a22176df179965e663f95c4b7a81d3687515dc9b4e77b29a9934ba3a30e34c202904917eb05149c59aabd3adca265df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
8c9887c4367467fcf4bc8bd78a1813e3

SHA1
872a8408ff172d92bfd49e233e624c33c62fc189

SHA256
eb178cb9352d9d39c0f2ba5ac1cc5b0c2bf09b79bce583bc0b91a1fe97133aee

SHA512
735c2c927d01d0d31783450ae042e6428abf607f941d8f125df337a31bb15094a891cbb4c60f010ba1b36e74922e7ac2e719f888a6453ee3af221c0b4d095123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1fa85083cea7d355df89d4ed82b5f5bf

SHA1
9367ba923e69d56c279cb49277ef046e1e1da282

SHA256
a01f689f879b3821f16ce9e0792a51b529c50bb8cef888e67645eabbeb51fc45

SHA512
8f9dff566f2aa4611cf3c7a5f122e070abfa09cf6a7ca27dcd77f9c4373ee700ff56ea4aa005f881e7dd52a994b948c2ede5f44cd61adafc95616fc2d30c24eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
12b814babec435aad91538334e767fd9

SHA1
281a90c5f81efe9c8c576a294f781910e31f58fc

SHA256
5a311b7f4865a5e0710f91e5a558e5e209f4b628373ac59397ff1caebfde7ce3

SHA512
51dca645a9f5c97f9766c01770ddac1278823c382a93978e97dd447c4c036da1106ebd8febac1da6d70343d53db84366d8959058dccdbd00eb7c9848d64f2429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5a519d88c0c493d5fac30161c44eeade

SHA1
e0e80f60f4f6d5843e779f6bccdd79a4fdba2b9e

SHA256
616a57c5cce5e92c05ffa1d5853fea4c9c381b4ebd0fcd7ad0050e9122d0b52e

SHA512
f2ef938bf9ec043c093b291046ebda8a5780e0f46bf01e1ce85c2785fc74cf42d6fc8ef04b31c16d455ef36359aaba4776f1c28420766ffd2d6a0bc333dfc7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
68a292926dc21f7554dfaa3f4178e437

SHA1
59537fa5dd38b63b8dc50137639658103fccaf91

SHA256
2616d891c20b5613a06692523306b4cf14142a74094a66c41d4a2d36b57e20f4

SHA512
a882c01fbfd91f960535bf20c8918b70052ce29a1d56d3884930fe7e14a8e9c1b38d6e61eb711be1482de70917b3b9d05f067d27eb4a2f5bcb08dcc47962bd39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e122fc93c0ad25d45d09ba51a3e86421

SHA1
bb52a7be91075de9d85f4a4d7baeecc3167c871b

SHA256
a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee

SHA512
12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1b43997c12c76f3836f470133b9b1e35

SHA1
ca087e381129073d6848e2c61532b71ffa5abf0c

SHA256
054f774f66e7ed252a94610166be23147c81da1ffb28f99133adb17e90ae7c40

SHA512
c870b959d12856a01de8d68b0dc8df816e86efe1ff4c7309096870c15d594e55c35cbf4840376c461cd5353414d3661b94bef8a6da04d27110df6e15b34233e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0633653f6265e2f2420cf612ba3b238d

SHA1
c421a83d20c43c4afcd4036aedb045ac07617ab6

SHA256
0ea4c20c23c55285c7552298005dc161b4e830a3554c89805e454bfe04f5737e

SHA512
60d154a2b5f6c96a9232eab89cb9ff948c615dfc8a137e1143427ede5489f965d7ad6ba180d2bf81c951d58ec7b41270a1d5c7d528b1b57b9b39f4f3e913787e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c6b5882171dfc0682317049f201c314

SHA1
7c8dc53faacb0278949c80e4f35fe777b0acd26b

SHA256
c228934e5a037b5a6161c53e8879a2a672c59dd56e56a48e4bd6aa12949cd6fb

SHA512
af396061615d4553d5e7888171f3c4b5e6e1066d822ed51bad9b6bf68499e9d8ae2ba0b9fe9fce643831976b857564e315fab87c7e4df020dc2061685e78ae26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f58e12509b04b7b3d955c46d1977f9e7

SHA1
41fc7e93a89a54dcde447695ee822e81bdbd7f2e

SHA256
beff91d4caf2dfc3820caecf518395e1022e022738dc92c42b10458c230a14f3

SHA512
fa9f618487ff567d6f2e5b0c4124a5d648e97aa964884ae26a013c9c89842b52a4008936ad152a582784d48f703f36cb9496b4a271626870a063735d124aab14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
82abdc18fa0361f172fc8eb7a743035a

SHA1
f4474c2551212762f26d2d4801a9b213c82be58a

SHA256
153665ef28e712f63bde6e6317d9f7bccb741af435c0b89de1dd6687aaecf0c9

SHA512
cae57da0b13cc0c4094badc4154c3388ebc33768c85cdd148005a248dcd106d24c8a1b3f6247a1e59d430192b82828932e79192f0d3e364a57b79f12410e1272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aaecfc97107ddbf852b75455806f9992

SHA1
cf8d294bdea6be6fa2b28fac01e7bb62e2656069

SHA256
4d3bad3d5659e1ee38d2b6b89022ca362220a9f6ddc1aae17813fdbdce3ba959

SHA512
4836a832ac2661d9603e9bced4fbf0afd9af04eeb8ae2a91fbc9648780d85f7184c3c287d9c5846be88b3c134dea22249d1a7518014efd4927cc8406c43d9609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cbecc4c26b6fa811e293d7645929984d

SHA1
c72ab1e4d783b37080aa2b11b8712b7c75b6a5c5

SHA256
c6fa304b1e8d340400ada7b5584f35b4ebcc553c5304b0a1eb56b0f85a833df6

SHA512
9b8c0d41014216aa3d5ae1965c8ec8e3e0b71cf8ecc2cc9d6267a3173a7380f52607e87e48382831f5f5c9fa86a9e96264b95e7619e4d3ec8a4536b8e1038a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8518afff2a13051472c9b557dce25456

SHA1
617caa164bae2aaced6843cc0450c3e46f5c9207

SHA256
0e3a8530812f46815aebb3945a7f65a9ae50fe334affea0226038ea7ccc06f16

SHA512
5d5a9ae33db397ff8044d2426d77371f544c4ef87b89f5e2206a97d821310029d973b8e93a11d775e8afb238359484e395e59e4c470540a8d2a2e2ff55e37b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
32d7a3c848059a37561866c60c811dae

SHA1
05e7cc390343894634857885cc30160b661a4564

SHA256
163efe6e62c60bdce74586cf63cb1ab5cf6a4bcce62aa6a5232ebca67d4c5ccb

SHA512
b924701c7e09b6ccf6903bb4c32261bf2347bb7b06c62f6fb0b4f1238f442f2093d74392591f1bd2e434051395bcdda922829ff08ee6cac079abc65270a3e049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94c8bad240eec5ead9ef28344bb09b53

SHA1
4b241b85b8e98e91196948c21208ea19eabd6e9e

SHA256
c01bd8cde9755f1c7685f1c3333c6ce89eb3730edf50ceb306af90710b061a8c

SHA512
32321d66d068678c8ef1f9e4ff063782e523018fb1b4b391294df7ca63594f6885ac1e6d3a46c1f08767abf2aaf69b7fa77b489d9fb709e19a776c65865c0510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57edfa.TMP

Filesize
203B

MD5
157da2c3a3ecd69c8ad5f89c8054388e

SHA1
5f0243e39ab8371e09de450e48e6b496cbedc8c6

SHA256
7dae8c00afba5bb4e30979e01ff50b31edefe7c71b2f7fb0a358f27661611bc3

SHA512
b6d8d1162e878724fafa1adb23b1c9efe47c59b9b28df4b3ed8f879fa3a3349a0f0292b31ef251f171374c38ef5132e54b21c4fc96777ffe3d1b2ab0d0195f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bdcaf060-74f9-4f4b-bb18-d4d8b11e84cf.tmp

Filesize
1KB

MD5
d4acb38343ae7856b4178295056e6f16

SHA1
799f2458c0aed55d0e744966d60da15fa7e60401

SHA256
d32481ab6db68019f7f1138f0c6d0a4fe9cd346bb79b5b73f43ebd3227d05f3f

SHA512
47cc463e9761168815cb845fa24d2c79e15567a98c28c76943cad390b6406cf72bd8b9318fd686a17a0ac6e70fc6a997ecff8a6b425cd64ff8595117df74cd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
954e35dc8763f761d6515db5989bd8ce

SHA1
12ade1d940a2b156cb09f4bb7c7a6149150f787e

SHA256
0cad9d82b6c3c6bc228213475a689f7090594c880b02cc56fecc360246677f8d

SHA512
a7e964d9585e21d6b5a506d520bee1d765769ebb86b6f77f79a2163732559c76f4fdfc21da980198b91e92109be7a5ad5eb1b1eafe9b831402ef43f38ca89089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d926fb9d410940dc0c937acc6c8d45e4

SHA1
33633261c208eb7b6723a2a85858c8ae4f01083b

SHA256
11fb39659f1f02446752d6fc8751702b5c3db09c1f94f5064b54e5d4abfb341f

SHA512
42096489417c7a8d86bccca573b0a99bd8c5e7cbf22117158188b918c6e6246af958335d540a4de4c85328327ca241076bef946751709305cc5126a8397d40cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e461df4a259a34a1991b1326dfcea45a

SHA1
5401baf6e08f70e47229cf4741065bb83e82944b

SHA256
fa97dc76c7f4ff903f80e0082b8e2f460d9bc886f9861964487ad5c67a6bf9fa

SHA512
a58af7691f6f16d66db6aeb71c4deebaaf916e2581e79eb4d4b5749a8c0cb18f4abfda7286d65958ee244f584b9b66a9c2e94267229a9460b002dc0be97aa7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da65e84ed086dbf148f551f559a0e776

SHA1
d3ff1caa24fb3e742989f7f658a83d5ac08f3846

SHA256
513eb8d4703902c3bfd15de5e58ba50a769aa249881aca99a31e99fe1484d6ac

SHA512
60e7e52447afbb96540a7779caa869d33375c1fc32b468037afa63f9d8f086e3e3f99211397d5d40f312101b65d4fdde4fffa701d2c73c58591693b0e9b59913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2cbc354d822516646fc01b8cac67a1c4

SHA1
e50013fd7b3b7e0e4836c9298854873044b78eb4

SHA256
ecc4d9e06478d6e54d6563d7b852a82152480d0c26d50c6087cacda094546007

SHA512
160f76b8f30bca6d6093f700e00d97390c48e46a97b250abc85785c6ed162ca638a1ce1dacda762bdf28042e4b59c4d53b0641233243ffb1a12b2538cc40d337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b831edcb-f3ee-4760-a19f-5f38d1e2c928.tmp

Filesize
11KB

MD5
04405695fdc93d46ee2261e79d076576

SHA1
55ce28b38dca18115141cc7916a984ce6565c9bb

SHA256
258d59a0191ba51e3ab6c52593b203404973bb160a864fd416fb17012dea2a4b

SHA512
69c9906871461d3f6b3c417e4d85b2f81e3d54ecab9f81c26500a8d9f62d431fbadc9fdb7f34d47fe83f08e0be2d4454f48c82e0304b526e97083e25df92344d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d5b108ed-a057-4fc3-9a0b-47f1687098a9.tmp

Filesize
8KB

MD5
e217af87fd57cf87009e467b04f071e0

SHA1
b10482c10051a407abadb9f765facacb4feb89c8

SHA256
2027f53da23087c0ffaae5db3280116a26550e07959a899fd60729653ad44c2b

SHA512
bf4846bb1d77b891db7701b1e40ca786a49978b6a1a5ab46f175d15e792425986e0f5400931f73e3309d982218c5c3e3234923c5e4f71f3ef16c2da2c7313271

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\AppxProvider.dll

Filesize
574KB

MD5
eb9cbac1aa278b6a8afdb95a9feb4dcc

SHA1
9f12442d4cab56ab451d3954783632f77be7f8e4

SHA256
1bf704107250f4c08fdf2c450d4ab402ba5317a8c026cddf98c0ce225f487d4c

SHA512
ea86c2360622401aa61c8932571df2dbf6c5fcc438d5b1048d61cfe9542cba0b74c1454dced6a13a7cd20fbbe5cbaa0b1432b8e4a6feb6702fd0b7cc37b436f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\CbsProvider.dll

Filesize
918KB

MD5
57a9a702d5f51b625a869cb6ac0ede0f

SHA1
e5db4003f5a82ea666bbd70083edcb9ca38446b4

SHA256
b19a6d57b76593369e7e06cbcc5bcfd03e18adaa3934fd59c8705213fb5779ee

SHA512
818420f8196f964a2998b1176e87399f3d473237112b877c4e5662b3f601f8492fec3ec2ecd39822bfa12134cc2dd85ddc9e1409ea15ae6b58d8021c69840a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\DismCorePS.dll

Filesize
187KB

MD5
35a07968ec37231249f3f072ae555e3a

SHA1
a6b5be5daff384d24e68c7d3d540e9edd1e95ce8

SHA256
e5f25e5a170cb3d165c3d143eae967b96ab80f88fb09176da8591b0b68c77e00

SHA512
4806377c40eb0604410bf4760a3bf3ed99a1506af023977f6ad04090d790818034f8ffaeb6f51cf3a16a2109e0f567ddf5d182a50468481a2ed9adb2fe899261

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\DismHost.exe

Filesize
143KB

MD5
97cb1e2fcab378421c4b91df0c9f8310

SHA1
1227ce5f3a75bbbcba54708fcf73a131b0887a29

SHA256
e36bcf02bc11f560761e943d0fad37417078f6cbb473f85c72fcbc89e2600c58

SHA512
1b4668daacbebbe79bedc508f81f0e5ff0545c5823f05c7a403f4e8eb58bbf866f975b8e41a9148f6455243fe180c1afa32cd6b337f7d73ba0cbdf00f7e32de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\DismProv.dll

Filesize
256KB

MD5
ab0dbc4f05b33eaaa447e31accab8d21

SHA1
7064962fbc7e1fdf0cbb13a44e587e28168cd299

SHA256
6a3c3f07bddbc3079873f8799f2c19adddc59f15d6b2dba6e9314e5626bfd2a0

SHA512
a4fea2a0d5a9da86cc1f3868882a4ac661581a77f57251ea073259e0421d6f047b9da7b19e3916a970d7ecda652b4d51d0e64c7ef5d59338eb209b580be85b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\DmiProvider.dll

Filesize
416KB

MD5
0c2e5696f987350b0ae36e692d10ffb2

SHA1
31b0eb2cca497dc532a61bcefe1813641049a0e6

SHA256
52fd26a88d386b906cd1034df69618195e98a3a2743fe4aa185c461b24d5eba3

SHA512
1f20c7002fec8cd7395a93e204f6b3bd33ea4b2d693cd0b04554ab6ffe6458505289c92914bfb56850f5ba43bc60be3a436f6a7b0268dcd8542ca767b2d5cf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\IBSProvider.dll

Filesize
60KB

MD5
b5b8c30b6eadc678f37d865061684219

SHA1
c78dc8160d7f0d794d6a156d9194f16314a0a361

SHA256
f1bcba5928da73db1a78355afd4cedb8d66e09d28fcfa6ae75112c5e10b0d841

SHA512
de2b7c5a03298a467152a8adc308c4355ca420438b96035083d524b2058daec9d2434eb62d329f747eb9768af8324a306d1e257005df7ddc2ff093a73068e06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\IntlProvider.dll

Filesize
297KB

MD5
18d4bd2bc601dbd4ca32e46f052fd152

SHA1
c0c04c30b9248c06a4f488d7921e1067518f2a2f

SHA256
207c51a4acfb244f05804b54c4d4f71fd5de4745434e40c969d888a4109677df

SHA512
583993ab11f59a4f0a3ff00382323f2ecec735ad8ed55d4ba388ea4e661edec99f4f7f9914b826dfd5ed21a24af719a4e0bdff6b5fc10dd08be21fcbab627394

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\LogProvider.dll

Filesize
78KB

MD5
1176e91f4f663b03515b4d944dcdd72b

SHA1
fa341a412720fd79fe1e1f6e11d850a4e103871d

SHA256
a4ae8aac8660aaa255cc8318c7971273201e62954d6d36ac5d7ec738fb218258

SHA512
c31f3bbff71ebc3f29813cf55754593262884fc71327db58622da62daa92062b1e8e2f6877a71ca832f40e7127c478d931661527485e801b74dcfdfaf6670874

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\MsiProvider.dll

Filesize
208KB

MD5
0655a77306506895e5d3b5e7dbc833e0

SHA1
51087449d02fb42c948a1f53735bed1ccedd1ad8

SHA256
bfac469b3bfe0dc5419059d889eabb2ab1bdf1a6298a6de743cf0f189a48c679

SHA512
dab8ce18208670e720927f3d6bc317cb81b72c6ca95a92e637d9e19bec4666b3607747bbb3f0ef7285a41c49a26c2a52fb225224ece22aff391f89df2f9df61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\OSProvider.dll

Filesize
150KB

MD5
684fca651758ba405144d5fcab6ab7fe

SHA1
da595c60fbc4336fd2c61b45384dc0dbc3bf599a

SHA256
ae9b66a6e0b1949890241c67037cef2c59d4f4faef84849789e0fee9184f41c6

SHA512
4f8a9c524dd4e0f2a2f6f67a1ce42a7e9590fc5715f9538d8e0c7ff0c67d4bcbe10318bebd6328ee29c6c3b9842d0e176da7e663a88d9ecdec8c6404571c3756

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\ProvProvider.dll

Filesize
754KB

MD5
5d7572a7a3724966cf940465ac6e4fbe

SHA1
cab0fdc627744e0f3d99dcc1ca8e8c1b9309301a

SHA256
2d3af1a4c4733d01c46ab82cb7e8ff0392db91db207ca9437a956c9bc5e2186a

SHA512
fc8fe42a23f1c4dca3205c63b22e8717f03c51307267367e0334e1326e47055abbb4738d003bf3340d3a15365c2625c2b791b3a083128e15d37398aaaa969e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\SmiProvider.dll

Filesize
276KB

MD5
97e089eec3c6898bd4159c39853f0dc2

SHA1
ffd3d226ba179abac9d2b24d9081aae1f9c42326

SHA256
bea12ec326503df121ea00e2ab05235d5c89f7040e7481f723acd62feb92f319

SHA512
1ddc5fc98ed3daa5e279693e850e99c14f04b216bbec3460422b29b30085ef2003d0519add06ced7640ff6e14ee3aa0000ebe093bb6da4e40ae34b0fba676f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB30FE1E-5D96-4AFD-A118-64320819771F\UnattendProvider.dll

Filesize
229KB

MD5
4fa1ca63b1f8fe59d6074ca92fad82d2

SHA1
9da8e65c3196984544db3197cf0b554a8e800a8d

SHA256
201ea386a50b5d4317a66c1889c669ffd2e545a2531e33806aa00605f8852a52

SHA512
9d1a44b1f09a28c91edd7b727abbabbc57b7b72cc2e00973eda8d1af2861d1128be09fd8ffa43dd5a0d163010bba7da58285384e889259121dc772d8bf3b464b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ca5kybzx.xle.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6ddf54867a0b81ef2f842093e5fb1a73

SHA1
d8e2b6cde150bfc5586047a0b2af9f0770c5115b

SHA256
fd3247f5d84a33f38698938e4746ae57c455f7e35a528b96218790a4a9550a96

SHA512
17bb3ed6847f8153391b522291613cd55f4bd4c8a625447c36a034d93230fb39f6c47826be157c3813ac1105e53f8e38d83fc1f86269cb965c607b07f43ff3e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3ef788c1578748bb0d1c6fd70c66eea8

SHA1
9ef297f4e4f2c69d6fa90a4da44e8a8ff10c3e0d

SHA256
f96767111adc38c035a212469722e56fab4a5f90713950f51684aef5d56c7cbc

SHA512
f0056a0fef8bb8d07e912e9bf72b678965fbdd8ca64baa069af2f7fdc5dd15676b683a3ffe8a199a28e46c7536e367a2c0e2dcedae257a4f48839d6adf4f212d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 166382.crdownload

Filesize
2.5MB

MD5
9855e448af8561fc920d69a7b45a309b

SHA1
9ceb185e61fde58d6db6e3c4e2e7932ca53ce712

SHA256
aebbda8979b54ca3094e835ec7bffb08aca6c79480675d46bc5df75d9750a583

SHA512
a37495c629c9fd636702f1e1479b0ffd8c7b921cc914a7208478d2b9c348149634bd7736ed41d6627902e8b8e5d5316dbeb3d5783b93574a48b7fb1786fc6d6c

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
2.2MB

MD5
d4a7afcaa24e9eb369b4b00644cca64d

SHA1
7c68afd125ac8824509efad0aa6b7dbb9aace0c8

SHA256
7d0c01cd15ca1f1fd0fdb70057c6ce1c0ad0b53184e2c2cbccdbd97aa3541c22

SHA512
3d41076e305fc3387dc7e99415a931297fbc1fb21c16eaa02b8fe28ead62b10475284c3dfba9ea55a9a226f6a8de6ed964b44381f0552255584b37bb93e06ee8

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
2.2MB

MD5
9f6c736388567cea56cb701eff6bcee6

SHA1
049d1c990ae41339839dcc483347892c1085dd79

SHA256
6bf66f3cd105958eef5a209eeb8163cd3f6792a2071c3b50a2c6aa28731c6e43

SHA512
2f09a97d964b08af507ff949f7e701df758041923eadb65a827486d5c525f50cc61d50d602646c920f462089971c67ae61efb19bd09be1d653b56c2a25bc2578

Download Submit
\??\pipe\LOCAL\crashpad_3760_VLTSISVBUGXBINCW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3736-1222-0x000000006EDB0000-0x000000006EDFC000-memory.dmp

Filesize
304KB

Download
memory/3736-1212-0x0000000005B70000-0x0000000005EC7000-memory.dmp

Filesize
3.3MB

Download
memory/4920-1242-0x000000006EDB0000-0x000000006EDFC000-memory.dmp

Filesize
304KB

Download
memory/4960-1843-0x00000000704F0000-0x0000000070A96000-memory.dmp

Filesize
5.6MB

Download
memory/4960-1364-0x0000000001030000-0x0000000001046000-memory.dmp

Filesize
88KB

Download
memory/4960-3559-0x0000000070AA0000-0x000000007249B000-memory.dmp

Filesize
26.0MB

Download
memory/4960-3558-0x00000000704F0000-0x0000000070A96000-memory.dmp

Filesize
5.6MB

Download
memory/4960-3556-0x0000000070470000-0x00000000704EA000-memory.dmp

Filesize
488KB

Download
memory/4960-1841-0x0000000070470000-0x00000000704EA000-memory.dmp

Filesize
488KB

Download
memory/4960-3557-0x0000000070410000-0x0000000070469000-memory.dmp

Filesize
356KB

Download
memory/4960-1842-0x0000000070410000-0x0000000070469000-memory.dmp

Filesize
356KB

Download
memory/4960-3560-0x000000006FFE0000-0x000000007005E000-memory.dmp

Filesize
504KB

Download
memory/4960-1854-0x000000006FFE0000-0x000000007005E000-memory.dmp

Filesize
504KB

Download
memory/4960-1849-0x0000000070AA0000-0x000000007249B000-memory.dmp

Filesize
26.0MB

Download
memory/4960-1376-0x0000000036840000-0x0000000036850000-memory.dmp

Filesize
64KB

Download
memory/5060-1203-0x0000000008010000-0x000000000868A000-memory.dmp

Filesize
6.5MB

Download
memory/5060-1178-0x00000000061E0000-0x0000000006537000-memory.dmp

Filesize
3.3MB

Download
memory/5060-1188-0x0000000006670000-0x000000000668E000-memory.dmp

Filesize
120KB

Download
memory/5060-1189-0x00000000066B0000-0x00000000066FC000-memory.dmp

Filesize
304KB

Download
memory/5060-1190-0x0000000007850000-0x0000000007882000-memory.dmp

Filesize
200KB

Download
memory/5060-1191-0x000000006EDB0000-0x000000006EDFC000-memory.dmp

Filesize
304KB

Download
memory/5060-1204-0x00000000079D0000-0x00000000079EA000-memory.dmp

Filesize
104KB

Download
memory/5060-1201-0x0000000006C80000-0x0000000006C9E000-memory.dmp

Filesize
120KB

Download
memory/5060-1202-0x0000000007890000-0x0000000007933000-memory.dmp

Filesize
652KB

Download
memory/5060-1205-0x0000000007A30000-0x0000000007A3A000-memory.dmp

Filesize
40KB

Download
memory/5060-1173-0x0000000006070000-0x00000000060D6000-memory.dmp

Filesize
408KB

Download
memory/5060-1171-0x0000000005F60000-0x0000000005F82000-memory.dmp

Filesize
136KB

Download
memory/5060-1165-0x0000000005890000-0x0000000005F5A000-memory.dmp

Filesize
6.8MB

Download
memory/5060-1172-0x0000000006000000-0x0000000006066000-memory.dmp

Filesize
408KB

Download
memory/5060-1209-0x0000000007C30000-0x0000000007C4A000-memory.dmp

Filesize
104KB

Download
memory/5060-1208-0x0000000007C00000-0x0000000007C0E000-memory.dmp

Filesize
56KB

Download
memory/5060-1207-0x0000000007BB0000-0x0000000007BC1000-memory.dmp

Filesize
68KB

Download
memory/5060-1206-0x0000000007C90000-0x0000000007D26000-memory.dmp

Filesize
600KB

Download
memory/5060-1164-0x0000000005030000-0x0000000005066000-memory.dmp

Filesize
216KB

Download