Malware Analysis Report

2025-01-19 00:38

Sample ID 240503-yj82zaea3s
Target http://mailbird
Tags
microsoft evasion persistence phishing trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://mailbird was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft evasion persistence phishing trojan

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Checks whether UAC is enabled

Enumerates connected drives

Drops file in System32 directory

Detected potential entity reuse from brand microsoft.

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Modifies registry class

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 19:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 19:50

Reported

2024-05-03 19:58

Platform

win10v2004-20240419-en

Max time kernel

509s

Max time network

510s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mailbird

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Windows\Installer\MSI75DE.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Program Files\Mailbird\Mailbird.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Program Files\Mailbird\Mailbird.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000300000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000400000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000500000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000600000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000700000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000900000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda010040e0fd3b374f01000000000000000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000800000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000a00000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000100000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000200000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mailbird = "\"C:\\Program Files\\Mailbird\\Mailbird.exe\" startup" C:\Program Files\Mailbird\Mailbird.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\Mailbird\Mailbird.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\MailbirdSetup.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mailbird\Helpers\Chromium\Html\blank.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\SharpVectors.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\fr-ca\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\ru.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Helpers\Chromium\Javascript\Print.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\chrome_100_percent.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\pt-PT.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\MouseKeyboardActivityMonitor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Google.Apis.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\et.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Limilabs.Proxy.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.ReadReceipts.Client.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\nl\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Google.GData.Client.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\SharpVectors.Runtime.Wpf.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\da\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\System.Data.SQLite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\libcef.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.Apps.API.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\ro\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.ReadReceipts.Common.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\ja\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\System.Threading.Tasks.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\fr.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\sv\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Google.Apis.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\Mailbird.IncrediMailConverter.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\fa.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\pl.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\tr\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\ko.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.Data.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Images\Icons\Mailbird_text.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\LogicNP.CryptoLicensing.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.Apps.dll.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\vk_swiftshader.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\SharpVectors.Rendering.Wpf.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\es.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\System.Reactive.Linq.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Migrator.Framework.dll.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\Mailbird.IncrediMailConverter.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\th.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\SQLite.Interop.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\CefSharp.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\SharpVectors.Model.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Oracle.DataAccess.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\Mailbird.IncrediMailConverter.exp C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\System.Numerics.Vectors.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\ta.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\NLog.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\System.IdentityModel.Tokens.Jwt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\x64\chrome_elf.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\System.ValueTuple.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\sv.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\SupportedAppLanguages.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\el\Mailbird.Localization.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\bn.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\lt.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Google.Apis.Auth.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\en-GB.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\Mailbird.exe.manifest C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\sl.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Mailbird\locales\zh-CN.pak C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI3ACD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI68B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6AEC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6DBC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7521.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI75DE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3992.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3AED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D7D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a378e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a378c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI38B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI38F4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A9D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6992.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI69A2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI734B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6972.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{6403482D-895D-44E7-8DE7-190FB85AA9C5}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A2F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{6403482D-895D-44E7-8DE7-190FB85AA9C5}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7532.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a378c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{6403482D-895D-44E7-8DE7-190FB85AA9C5} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{6403482D-895D-44E7-8DE7-190FB85AA9C5}\MailIcon_1.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{6403482D-895D-44E7-8DE7-190FB85AA9C5}\MailIcon_1.exe C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000057e87298238d7ad50000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000057e872980000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090057e87298000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d57e87298000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000057e8729800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592394234652992" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Mailbird.Url.mailto C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\mailbird\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird\shell\ = "open" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BBE7F467081DEDC41BE42765F896426F C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Mailbird.Url.mailto\EditFlags = 02000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Mailbird.Url.mailto\ = "Mailbird Url" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\activatepro\shell\ = "open" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\ProductName = "Mailbird" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\PackageCode = "7D764D7467C02374BA26521A4BE363E4" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Mailbird.Url.mailto\shell\open C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\SourceList\PackageName = "MailbirdSetup.x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\mailbird C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\activatepro\shell\open\command\ = "\"C:\\Program Files\\Mailbird\\Mailbird.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000300000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-877519540-908060166-1852957295-1000\{D8002100-971C-4AF1-B1C3-1DCEEE728D58} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Software C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Mailbird.Url.mailto\shell\open\command C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Mailbird.Url.mailto\shell\open\command\ = "\"C:\\Program Files\\Mailbird\\Mailbird.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Mailbird.Url.mailto\FriendlyTypeName = "Mailbird Url" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000700000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\activatepro\FriendlyTypeName = "URL:Mailbird Activation Protocol" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\activatepro C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Mailbird.Url.mailto\FriendlyTypeName = "URL:Mailbird mailto Protocol" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mailbird.Url.mailto\shell\open\command C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000100000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Mailbird\\Mailbird 3.0.10\\install\\85AA9C5\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird\FriendlyTypeName = "URL:Mailbird Protocol" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird\URL Protocol C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\activatepro\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Mailbird.Url.mailto C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Mailbird.Url.mailto\shell\open\command\ = "\"C:\\Program Files\\Mailbird\\Mailbird.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D2843046D5987E44D87E91F08BA59A5C C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird\EditFlags = 02000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Mailbird.Url.mailto\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Mailbird.Url.mailto\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mailbird.Url.mailto C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000500000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InProcServer32\ = b648c2a4939dda0134bec2a4939dda01010000000a00000000000000 C:\Program Files\Mailbird\Mailbird.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\mailto\shell\open C:\Program Files\Mailbird\Mailbird.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\activatepro C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mailbird C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mailbird.Url.mailto\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\mailbird\shell\open C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D2843046D5987E44D87E91F08BA59A5C\C4FE6FD5B7C4D07B3A313E754A9A6A8 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\mailto\shell C:\Program Files\Mailbird\Mailbird.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\activatepro\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D2843046D5987E44D87E91F08BA59A5C\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\ProductIcon = "C:\\Windows\\Installer\\{6403482D-895D-44E7-8DE7-190FB85AA9C5}\\MailIcon_1.exe" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D2843046D5987E44D87E91F08BA59A5C\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\activatepro\EditFlags = 02000000 C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mailbird\Mailbird.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4804 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 3916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 3916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4804 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mailbird

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7fff129acc40,0x7fff129acc4c,0x7fff129acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2096,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1916 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4360,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3536,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3444,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4820,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4800,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4832 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3428,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3356,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5308,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5700,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5704,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4724,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,6017346904236954326,15051282013181659836,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5056 /prefetch:8

C:\Users\Admin\Downloads\MailbirdSetup.exe

"C:\Users\Admin\Downloads\MailbirdSetup.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A89A0E97C538CD53E6F6F7C4A947E77D C

C:\Users\Admin\Downloads\MailbirdSetup.exe

"C:\Users\Admin\Downloads\MailbirdSetup.exe" /i "C:\Users\Admin\AppData\Roaming\Mailbird\Mailbird 3.0.10\install\85AA9C5\MailbirdSetup.x64.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird" APPDIR="C:\Program Files\Mailbird" SECONDSEQUENCE="1" CLIENTPROCESSID="4652" AI_MORE_CMD_LINE=1

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F396B638B6F8E9C88E0357E9E9FBED50

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B11532152D4712278B6921ABAA52D958 E Global\MSI0000

C:\Windows\Installer\MSI75DE.tmp

"C:\Windows\Installer\MSI75DE.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin "C:\Program Files\Mailbird\Mailbird.exe" "installed;en; " "source; ; ; ; " "tracking; "

C:\Program Files\Mailbird\Mailbird.exe

"C:\Program Files\Mailbird\Mailbird.exe" "installed;en; " "source; ; ; ; " "tracking; "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.getmailbird.com/confirm-installation/?u=dd4fb180-e032-4b19-b793-aa900c26e531

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffee18646f8,0x7ffee1864708,0x7ffee1864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" "C:\Program Files\Mailbird\Mailbird.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\Mailbird\Mailbird.exe

"C:\Program Files\Mailbird\Mailbird.exe"

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --mojo-platform-channel-handle=4584 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=4504

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --mojo-platform-channel-handle=4936 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4504

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --mojo-platform-channel-handle=5072 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=9f87c23f-2ebc-4a25-bb7f-3dbdb56e5ed0&redirect_uri=http%3a%2f%2f127.0.0.1%3a56015&response_mode=query&response_type=code&scope=openid+email+offline_access+https%3a%2f%2foutlook.office.com%2fEWS.AccessAsUser.All+https%3a%2f%2foutlook.office.com%2fcontacts.readwrite&login_hint=fsepsan%40hotmail.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffee18646f8,0x7ffee1864708,0x7ffee1864718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc 0x464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --mojo-platform-channel-handle=6600 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4504

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --mojo-platform-channel-handle=6204 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4504

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=renderer --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --disable-threaded-scrolling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5928 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4504 /prefetch:1

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=renderer --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --disable-threaded-scrolling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=7248 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2

C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe

"C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe" --type=renderer --locales-dir-path="C:\Program Files\Mailbird\locales" --log-severity=info --resources-dir-path="C:\Program Files\Mailbird" --user-data-dir="C:\Users\Admin\AppData\Local\Mailbird\Misc" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Mailbird\CefLog.log" --disable-threaded-scrolling --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=7500 --field-trial-handle=4576,i,4297404138743918956,9621889106949902516,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=1976,18159574574156309275,6862251997011965489,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6848 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 go.getmailbird.com udp
US 8.8.8.8:53 io.clickguard.com udp
US 104.26.12.152:443 io.clickguard.com tcp
US 104.26.12.152:443 io.clickguard.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 152.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 172.64.153.235:443 go.getmailbird.com tcp
US 172.64.153.235:443 go.getmailbird.com tcp
US 8.8.8.8:53 builder-assets.unbounce.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.getmailbird.com udp
GB 18.172.89.36:443 builder-assets.unbounce.com tcp
US 172.66.40.122:443 www.getmailbird.com tcp
US 172.66.40.122:443 www.getmailbird.com tcp
US 172.66.40.122:443 www.getmailbird.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 235.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 122.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.89.172.18.in-addr.arpa udp
US 172.66.40.122:443 www.getmailbird.com udp
US 172.66.40.122:443 www.getmailbird.com udp
US 8.8.8.8:53 b95f39c1f85b46dba032b862acf99b9c.js.ubembed.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 8.8.8.8:53 d1f8f9xcsvx3ha.cloudfront.net udp
US 8.8.8.8:53 d9hhrg4mnvzow.cloudfront.net udp
US 35.186.235.23:443 cdn.mxpnl.com tcp
GB 13.224.78.18:443 d1f8f9xcsvx3ha.cloudfront.net tcp
GB 18.165.160.73:443 static.hotjar.com tcp
US 104.18.39.181:443 b95f39c1f85b46dba032b862acf99b9c.js.ubembed.com tcp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
US 8.8.8.8:53 fonts.ub-assets.com udp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
GB 13.224.81.40:443 fonts.ub-assets.com tcp
US 8.8.8.8:53 mailbird.onfastspring.com udp
US 8.8.8.8:53 assets.ubembed.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 23.23.84.107:443 mailbird.onfastspring.com tcp
GB 18.165.160.28:443 assets.ubembed.com tcp
GB 3.162.20.56:443 script.hotjar.com tcp
US 8.8.8.8:53 sc.lfeeder.com udp
GB 18.172.89.121:443 sc.lfeeder.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 b95f39c1f85b46dba032b862acf99b9c.pages.ubembed.com udp
US 172.64.153.235:443 b95f39c1f85b46dba032b862acf99b9c.pages.ubembed.com tcp
US 172.64.153.235:443 b95f39c1f85b46dba032b862acf99b9c.pages.ubembed.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 13.224.81.40:443 fonts.ub-assets.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 18.172.89.36:443 builder-assets.unbounce.com tcp
GB 18.172.89.36:443 builder-assets.unbounce.com tcp
GB 18.172.89.36:443 builder-assets.unbounce.com tcp
US 8.8.8.8:53 23.235.186.35.in-addr.arpa udp
US 8.8.8.8:53 18.78.224.13.in-addr.arpa udp
US 8.8.8.8:53 73.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 181.39.18.104.in-addr.arpa udp
US 8.8.8.8:53 102.158.165.18.in-addr.arpa udp
US 8.8.8.8:53 40.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 28.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 56.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 121.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 107.84.23.23.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 156.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 tr-rc.lfeeder.com udp
GB 18.165.160.20:443 tr-rc.lfeeder.com tcp
GB 18.165.158.102:443 d9hhrg4mnvzow.cloudfront.net tcp
GB 13.224.81.40:443 fonts.ub-assets.com tcp
US 8.8.8.8:53 b95f39c1f85b46dba032b862acf99b9c.events.ubembed.com udp
US 44.214.129.125:443 b95f39c1f85b46dba032b862acf99b9c.events.ubembed.com tcp
US 44.214.129.125:443 b95f39c1f85b46dba032b862acf99b9c.events.ubembed.com tcp
US 44.214.129.125:443 b95f39c1f85b46dba032b862acf99b9c.events.ubembed.com tcp
GB 13.224.81.40:443 fonts.ub-assets.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 204.79.197.237:443 bat.bing.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 20.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 125.129.214.44.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 107.178.240.159:443 api-js.mixpanel.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 159.240.178.107.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 utt.impactcdn.com udp
US 35.186.249.72:443 utt.impactcdn.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 script.crazyegg.com udp
US 35.186.249.72:443 utt.impactcdn.com tcp
US 104.19.147.8:443 script.crazyegg.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.19.147.8:443 script.crazyegg.com tcp
US 8.8.8.8:53 argos.getmailbird.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 34.136.124.34:443 argos.getmailbird.com tcp
US 34.136.124.34:443 argos.getmailbird.com tcp
US 8.8.8.8:53 72.249.186.35.in-addr.arpa udp
US 8.8.8.8:53 34.124.136.34.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 104.19.147.8:443 script.crazyegg.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 104.19.147.8:443 script.crazyegg.com tcp
US 8.8.8.8:53 8.147.19.104.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 pagestates-tracking.crazyegg.com udp
US 8.8.8.8:53 assets-tracking.crazyegg.com udp
GB 3.162.20.79:443 pagestates-tracking.crazyegg.com tcp
GB 3.162.20.112:443 assets-tracking.crazyegg.com tcp
US 8.8.8.8:53 tracking.crazyegg.com udp
IE 54.195.89.156:443 tracking.crazyegg.com tcp
US 8.8.8.8:53 112.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 156.89.195.54.in-addr.arpa udp
US 8.8.8.8:53 79.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 goto.getmailbird.com udp
US 34.136.124.34:443 goto.getmailbird.com tcp
US 34.136.124.34:443 goto.getmailbird.com tcp
US 8.8.8.8:53 download.getmailbird.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 o9270.ingest.sentry.io udp
US 34.120.195.249:443 o9270.ingest.sentry.io tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 172.66.40.122:443 download.getmailbird.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 35.186.235.23:443 cdn.mxpnl.com tcp
US 34.136.124.34:443 goto.getmailbird.com tcp
US 8.8.8.8:53 utt.impactcdn.com udp
US 35.186.249.72:443 utt.impactcdn.com tcp
US 8.8.8.8:53 script.crazyegg.com udp
US 104.19.147.8:443 script.crazyegg.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 104.19.147.8:443 script.crazyegg.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 204.79.197.237:443 bat.bing.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.120.195.249:443 o9270.ingest.sentry.io tcp
US 8.8.8.8:53 magicalmailapp.com udp
US 172.67.68.209:443 magicalmailapp.com tcp
US 172.67.68.209:443 magicalmailapp.com tcp
US 8.8.8.8:53 209.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 updates.getmailbird.com udp
DE 85.10.209.70:443 updates.getmailbird.com tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 35.190.25.25:80 api.mixpanel.com tcp
US 8.8.8.8:53 70.209.10.85.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 imap.gmail.com udp
BE 64.233.167.109:993 imap.gmail.com tcp
US 8.8.8.8:53 25.25.190.35.in-addr.arpa udp
US 8.8.8.8:53 109.167.233.64.in-addr.arpa udp
US 35.190.25.25:80 api.mixpanel.com tcp
US 204.79.197.212:443 hotmail.com tcp
US 8.8.8.8:53 autodiscover.hotmail.com udp
GB 52.97.202.66:443 autodiscover.hotmail.com tcp
GB 52.97.202.66:80 autodiscover.hotmail.com tcp
US 8.8.8.8:53 _autodiscover._tcp.hotmail.com udp
US 8.8.8.8:53 212.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 66.202.97.52.in-addr.arpa udp
GB 52.97.202.66:80 autodiscover.hotmail.com tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 outlook.office365.com udp
GB 52.97.202.82:993 outlook.office365.com tcp
US 8.8.8.8:53 82.202.97.52.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
GB 52.97.202.82:993 outlook.office365.com tcp
GB 52.97.202.82:443 outlook.office365.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.68:443 login.microsoftonline.com tcp
IE 20.190.159.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 outlook.office365.com udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 13.107.246.64:443 acctcdn.msauth.net tcp
GB 40.99.213.34:993 outlook.office365.com tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 172.66.40.122:443 download.getmailbird.com udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 34.213.99.40.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
GB 40.99.213.34:993 outlook.office365.com tcp
GB 40.99.213.34:993 outlook.office365.com tcp
GB 40.99.213.34:993 outlook.office365.com tcp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 www.getmailbird.com udp
US 172.66.40.122:443 www.getmailbird.com tcp
US 8.8.8.8:53 parakeet.getmailbird.com udp
US 34.136.124.34:443 parakeet.getmailbird.com tcp
BE 88.221.83.219:443 www.bing.com tcp
US 8.8.8.8:53 219.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.219:443 th.bing.com tcp
BE 88.221.83.219:443 th.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 96.17.178.188:443 aefd.nelreports.net tcp
US 8.8.8.8:53 186.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 188.178.17.96.in-addr.arpa udp
GB 96.17.178.188:443 aefd.nelreports.net udp
US 8.8.8.8:53 r.g.bing.com udp
IE 68.219.88.225:443 r.g.bing.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 www.ubereats.com udp
US 69.48.216.12:443 www.ubereats.com tcp
US 69.48.216.12:443 www.ubereats.com tcp
US 8.8.8.8:53 clickserve.dartsearch.net udp
GB 142.250.179.238:443 clickserve.dartsearch.net tcp
US 69.48.216.12:443 www.ubereats.com udp
US 8.8.8.8:53 d3i4yxtzktqr9n.cloudfront.net udp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 3.162.19.71:443 d3i4yxtzktqr9n.cloudfront.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 225.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 12.216.48.69.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 71.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 55.81.224.13.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 69.48.216.12:443 www.ubereats.com udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 auth.uber.com udp
US 34.98.127.226:443 auth.uber.com tcp
US 34.98.127.226:443 auth.uber.com udp
US 8.8.8.8:53 226.127.98.34.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 34.98.127.226:443 auth.uber.com udp
US 8.8.8.8:53 www.cdn-net.com udp
GB 13.224.81.19:443 www.cdn-net.com tcp
US 8.8.8.8:53 uber-api.arkoselabs.com udp
US 172.64.154.86:443 uber-api.arkoselabs.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 appleid.cdn-apple.com udp
BE 104.68.84.171:443 appleid.cdn-apple.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 19.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 171.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 six.cdn-net.com udp
US 35.190.2.11:443 six.cdn-net.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 stun.cdn-net.com udp
IE 52.208.80.187:3478 stun.cdn-net.com udp
US 8.8.8.8:53 11.2.190.35.in-addr.arpa udp
US 8.8.8.8:53 187.80.208.52.in-addr.arpa udp
US 8.8.8.8:53 cn-geo1.uber.com udp
US 35.227.224.91:443 cn-geo1.uber.com tcp
US 35.227.224.91:443 cn-geo1.uber.com udp
US 8.8.8.8:53 91.224.227.35.in-addr.arpa udp

Files

\??\pipe\crashpad_4804_OVIZBBZTHSGRNBAF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 58390175b28216ef7e7aa3e4eb0959be
SHA1 fb609ed7069e9c0138cd6eea17a3758bfa24d159
SHA256 c9d859a497d49c84c2d2a04e54707a5cc60e2031f921ad6c6309e43584ab6743
SHA512 008d77ccd4e0acdbdedd0eb757c140f92d3831df702b198cab4c6d278a0773b9240250432aa2c94c7ad395e57200e721692b265cad31de5bb0b96e64d0a75cc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c6cb23a217dae07a81bbb34759c5845
SHA1 263ace15f73e4179fafab15d6b0bd9f9e570baa0
SHA256 c1c463b9b12d98842f9186d1a89a95bd29f597ede4440ca4f72900bafbf2076f
SHA512 0303417d97712fa3fd4b14a16ee7d1267e687f7c92a22710d40d4d1a642884db9840eea1830f1aacda619d712f8734f97b8f88d7e743bf4227ac3d20ee57d1ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 433e468198c251f72314e1d31208ad73
SHA1 a59da392449af36e78d0c2540288067396d2e231
SHA256 3b0ba00875970be550679c077a3ccf67410f92b197ae0be9db6ff1f2102d582c
SHA512 f256e1e5fc0f432ea4e8e215cf9ef448c1fe94c94ef86339d4d30fc6bab93fd8cfccea68218045bbb646dc43e258b47d12111918f2181bab7da5101a65a97e2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 934cbda1a613e8b9a9ea0d14637c3d72
SHA1 c95aed07151a3d7096cb0bedd1333a8ef21290e4
SHA256 89b6a172df796b88fbf43b7ef88229cd78233e2191569a6929a1b4a1d4ce35d4
SHA512 db56c764c376cf823e4d5f79138a806d0cca6d27abc0ba98e3f1a805ccb6a4d2cd1671ff04f6d09bae76fa6a0dbf138a6ce8731a3a59c4e40caade278784a22d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba2cac175539b623eb113a65db9b73ed
SHA1 648fed816814d136e7ee581c99e7a2550f22b656
SHA256 c175021ef1a5836234fe3b1ce8961bb1c13a44581b8f537caa403d38c972f4c2
SHA512 8b49c986df5104543ca27d35a4be01df1849e7a0a25e61d1796bc81b47eb1c19ee40648fdc9e41d2d3786788e1d94d3995d5e4ed1e4f2d4b3dd9751256186175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8bef8f06a1bada1fd8c3412da2d57ca
SHA1 ba26406bcc37fe1ebb603cb8e4b20fdd674288dc
SHA256 cc997100b8b2d61a3e1651a841caef921200e28be6df5df5df734526dc4109d1
SHA512 b0ffd5935cc78996732ce896446d0cf0d61d53735e607eebca98515baaaa140c4adf4518f3cc22b116cac29217d10701d984ed1b26232c4bc8cd3ed6c66a796b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c06cba9b1677cb051c836fb4fabb830
SHA1 1b9b1bff0b52252b84c0b8fa1737cd1ad7150408
SHA256 c7f8e2be1058ef2245dbfe949a323624a8ae7516bbb1dc7d28ac62e3ccac10a7
SHA512 d16088b2d8b3ba21b549a8dbe5aa2371b44397a88d24bc392167df1ec39966b7cb8ff225a043cf2ddd8c16942f9e02c108fd24124d755e82383623e9afc2329f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1676301b24c94059e7e8c5672e29d9a4
SHA1 25de1fd06b402e09d97cfee76560fd0319bfb859
SHA256 103766ad94a5dfeaf27824413b1263ea4c4dc92b5da5ceeacb9329f765df8aa5
SHA512 79ac3f40b71867d6e838792cbce1fd8591fef639b259b21ef2941be9ba306f8e1edd65d5fbeb9bef772e28755a96d95594d6cf684829e9e3a4da76b21e83ab32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f8fab9ed8a90a5edc1de498dab08f4ea
SHA1 6fa4e14d3a31f0e0a4a7211f24fb75d321ee3151
SHA256 ac9abfd16d5075c200d270b6babb3ece18ba943893de175c7a86f4105495db24
SHA512 d7c034911eb159a4903067083b70a2d392c375ccfe6fbc58528a45d37dccdb3886191b758078919202a822ffd58392773234c284dc5b75e9f9b842efa396d4a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 00e5e55f1b741c70a47acac89e4d7ba7
SHA1 5506821d8dcefdc3e997905dac9accc6b8ab0098
SHA256 a7b618beb0d9f78197cbb81e31ed32b3625756dc477109a1ee3ef0564dcf2248
SHA512 1180c83cc0cfb57ef0fba8c845a7382f61213b2e216f11ec0b18f915536c5845c644318cc878ec75875f5b164fb446b340f12224152be21b590f97f1ca880f7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12e29fb4475035793cffac8cf0315640
SHA1 bdacf6cd17f4e0192d321a1a346853fa7a5cc04a
SHA256 1e702a6de1600f0bcb0dd434bde917b777fd8ac1d51e6e7dc50616e5739291f8
SHA512 683ae82c5f3fc9566ece9d07f7d7dd3b7c057622c912ca7bc9c7a08cd31d1a1e857f486af3ad70b29e6011dffa997f4190d4993bf144ff5fa6a24e3f71dc2c06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 bd93f85c1fac021d73c431694e26bec9
SHA1 77d4de1454c44dfd1c0d8fc6f0616874c095bd51
SHA256 15a9458a94c65792f3bc4a546c1f0e596f7ef6d17dac951df4c17291e35a1096
SHA512 5ba3f5c3533a284db4f7d7634d705749ecbc2517e3e85e251d7e7968cd102e18ceabe84093d34c970fff82098ab984206bb4ab9c5906dde0139bfe126e9e0492

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 6ab151a953eba3e747ecc12ecf321cf3
SHA1 d0513d018a0f38525b2183cdcad123852172e5aa
SHA256 7d87f1ce033c5df583ccef815541d41f435b150daf2cdf50861afd0bc526e5dd
SHA512 2ca894a5fba86c4d3b1fa48919e168450d654f70740c72009600c7fc3a653f18f37120ef71703a49f0d49a53410c5a4012bf656d59aed5e5d85546423d193e87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 06123922d00211324e6d8a1911e05ac0
SHA1 2da1b2a15077cedb21182bc38f2ac8e29b044ae5
SHA256 6f86623ff931a41433971c6d7861d6dd0fc0f94461d6b5cc45787739a3aed4c5
SHA512 cb23eff3ec033c18f4d1bf6b1094f41414c1bb752e9ced9f608a3459be2dafda5e5f91348d1a76cc65456fcc355482ae85179d9c0b337c9f908ff2adeb127e82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3fe0d5f33024f28a9eb260da2c1a1e4
SHA1 12568e848ea455e984b4b458d6b06af8154579fa
SHA256 63ec98b00e383000264cf5e77568abc59c2156f49528d9813f6883ef70fcf7fe
SHA512 171d473579eec6f2aef829561b46dbb2ea4ba83504d7083d3f9cade6ea838c232134cd7d4e86f95189f37a2c59dd62a5d64eda0b09c74edc8b7d9ae403257709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 40612061fcefad60804313b9a9cc60d7
SHA1 be58641a0cccedba1276e176a365111a158233ec
SHA256 a8c7310139114f5b7437857427dedb3db8439db5cf98d933258f0d9c17bf61e2
SHA512 85a218ffcc59db79a48ad7241484af2a4c13d9b39668f796bd40371ff0a1441b9b8e6a6392b16e9bc3eca26956a17adf738a2d6275a10a96784b73cb939d1182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 19e56d645cea265b9b38e670b1b731f2
SHA1 0e5a71ee415edc0cfb3ea8a7893a333028c25ccc
SHA256 3dff1a9c9c078b255e7f9d8bb41f82b8c8fe2995aa0102350a76e655504d8803
SHA512 b5ff383ed0f23950cbdc165460e091f7100fcb1ee1936244fa500df79ab554e0ef344a99284d8472d4b3a1dfbc07200a9b06c5bee98f9cb13a0dedf709918a41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e24fb847c903931045a05def256279c
SHA1 c7e561cc9b401413a36f55d2e11ee7a3a09c475f
SHA256 9cdeae0835850281304d7f06c1974c04ab68ad676e3433e04c0d8e5c6457e66d
SHA512 21318b287cdcbe6cdc6baa066cdcd73a34e207d2c010a421444ef85a764e57c05956a9dab2215113c6e6b887a377e282933bea9b1052a06d1c8544b9ac8a5655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0768a94e8b6fe17397237c7333b11718
SHA1 1c73d1502a3a173fcb7331005d6f6425e13cd6fe
SHA256 ae4483b4bc28246241fc41ee40eb6b33529afa7d5d7074b4d1d8505387ac1030
SHA512 2b0b7e665751f31eb5a5677d9628e00500710030cc56a1c7147eeee2055c966656a86967249e3435d85d92dab4730fae2d1dbbf2300827cce27ad8081d848030

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23f285137be66efcb20eac17e99a27e9
SHA1 39b8bd98c10394a76e4a19d321106602ae157a98
SHA256 73b2077e9855ee526c0be891f0230c98d414ab279038dc4ff7628ae893eb74f9
SHA512 fb3450d11125038848eede13ba82c1e2a0ffb739a82f53bfc88061ef22f0c21911ee9c3f3ec8ea75f09e4e739a255d2424c220767a1f0cc433fccd15eddb7ece

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d135c705b0abcd6aece376669a5243bb
SHA1 5e4c4285e91f923a4f2fa9caa89df5ac66443f28
SHA256 402e1a0cd7eedda0619b3d39ab0d1af472167a33f620c54ef25641b4bcc6d593
SHA512 8857d0d2d314b531979f6325bbcab2a4f1a6d4adeae3c4e996d71380ffa1e08d118037d0dd5491dc71d36d0f016a3a70147dbb870ee32e70e0a08ee85624b4a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c58e08c64284c0218d59cbdb3e4d1fb6
SHA1 7db1e9466e0c060cecf2f01666e9dd22a4e29442
SHA256 c0b785bb665c5b874baa1f89967a9c4a4b6c840cdc398656e3222b6225717624
SHA512 6659bf14f69d7d5bd4f5fef6d3cbe157d57275bb1666822ec332b63c0eb9234b809e19b71ca82386e60456d97b173a60134eb6d1c3b9548c231247ab324c301e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2337fbb98a40f9b37e7324e24feb496
SHA1 6cd1cf273f8d712fb503a8934ad2c4f7eac5cfc0
SHA256 9d87b813ad64f8864d0b8a8e1efde4af6db6603b192e8a0040b429947b220f16
SHA512 1da49b35c3c7126ba4c8d1f005ce555a610ca78e6f3abc9ab0840328313ea5387e4b4a36e862d81df164267b222b6e0509c54ef1fc740103915c0aa306812768

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36da1b3d1114cc38dcc6a6be89d9da16
SHA1 5d8cabb527e29f9dadcc2c0984eac8f03efa6861
SHA256 628ea9671527d6df6083fb933a558abe411e1bc77524327b7b17ec2eb27a2ceb
SHA512 08b60783f63e5994edf9eb2a93b4a70268f91099770e1997d5a9edd5b1f1b2989df3c28e98cb273a4330e2fb31e26d3c8d81224fa8e6b2ba2b12424d7ccaf89a

C:\Users\Admin\AppData\Roaming\Mailbird\Mailbird 3.0.10\install\decoder.dll

MD5 bc00325b004cf04b852429f5b9e71ce0
SHA1 3584b23ae9f7e82be20a223afa15d7696449a60e
SHA256 23131f8af5f06ddf022cea7456430a41368f747f1eec276d93c872019b909456
SHA512 809a907a5633615cb142c3c003fd0dc713137aa86b167b5b2263cfd021f15ea7cdae5fa441e861b86559626b0b78e9225b833c6a9fb23651736b076afe906847

C:\Users\Admin\AppData\Roaming\Mailbird\Mailbird 3.0.10\install\85AA9C5\MailbirdSetup.x64.msi

MD5 52862f107d64ef527f9eaf7f87bf19a9
SHA1 3981d5bfdcf677268e66938c129456dcf29fc8db
SHA256 50adce6121c471324db221241cd36459502646838aee4b64d73230de2d7f5ebf
SHA512 27b6770a59ca53893777100ba13c2b81a6456c8fc8de21658174ba23fb1254b20dfd3bc945b3820c822c1efdd0d37c587a044e8bba97bcd5529acd8f211987f5

C:\Users\Admin\AppData\Local\Temp\MSIE75B.tmp

MD5 8259dc74965f3c8e91d152862580a773
SHA1 d2d029f9f9be25be3c5526c5a52449c034c673e1
SHA256 84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9
SHA512 50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4652\DialogBitmap.png

MD5 2b864b97bf95c506809e907e249986da
SHA1 a2c4f5c3033432e58ea818d72e44565b6d9e65c8
SHA256 24ff6e3460b042637b7127043db2763b2c4f801b85e6aa4eea264a8e4d154f46
SHA512 4ba23ee3f17b96dda9401809d011cfa6085778b0e6c491ed20f70abf792514f32ccb6a2f2a9d9b66216f46ebb95fc4deb28174c72925783434a440a6b1950785

C:\Users\Admin\AppData\Local\Temp\MSIE9B1.tmp

MD5 8ecff5e8777908818edd94721ddc349d
SHA1 a3ffcfcffae1b44261c1b1a64917ac898c40b9e2
SHA256 1c450659c7681df9df21b20412c9647e7e8e5bf0f2945c48b1ab51f330f2516b
SHA512 8418049fe52dcf6e294cf58d200b7a7d8e704ba592b3f59243c4c5a4d661c60f8db97540badd9a1718547a0047b39316ec7917c43ddcb8a71bebad49e7baaf08

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4652\BannerBitmap.png

MD5 01310d590f6f030f399ba5ccfdd79e27
SHA1 30fa70484e3ba7001f798702b93c9bccf89ce87d
SHA256 26f43034d063c8044b21ce8059ff6acfba2e9b6a8735f5e919105ace5afab2a3
SHA512 7d252c0210bf2636386f7a870601851d0cde6db94c30527baefd2f367b435ee29e24e74b19ca6623cb71f6cb7a91951ce201b09c9e0d3aea86c2fbebd70ac92f

C:\Users\Admin\AppData\Local\Temp\MSIE43C.LOG

MD5 62a466dc69407f0024b58721b3484840
SHA1 2b549b5eae98347813d79d8e7e3e026e936790bd
SHA256 dc5fb11b553d66a35facbedb9a884305a428e789eff7da46779fee65d5a05bf5
SHA512 f651d51cc4539945d8d03b717c15570fdad2473eb2c5506e5dce2409002dc9a5ec7c232f30afa445d2297c0babd951860452285237a02fba5e2b72433d2c98cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\03B6193231D6872FDA0CFE8EF2B47341_BAB6E26FC25F72AD91D8C5BBCC4F8365

MD5 bd37e98a49d7c2b5fc0ac27b7b515ad5
SHA1 21291a8f0bc4468a7bf37232d552ffe0e1a6ec80
SHA256 f8cb1843f617534326cbcf1f039744d4b620ae6b1c87077b30e1d7a82d115ee5
SHA512 a5e3f81149d9c957e93c70559c8918cc462eafcefefb9d0a03248574f0e0e0842d5349f089ecc36d6ea747fe549673c5fb4e88c981c5a91e985f6842f488f80a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\03B6193231D6872FDA0CFE8EF2B47341_BAB6E26FC25F72AD91D8C5BBCC4F8365

MD5 d8264e11626beacefd7d34f47721634a
SHA1 fbe3f1816d428df94a41a3824e52a26847d9fe9a
SHA256 d498d0f2802493248e5d8fd4edd323d156af4d684b5ab43ae9c1d8341586d8fd
SHA512 822897211531ab29d6f841dd7cc370010f50e8564afe5b585785ea93beef378a822a301534193cd0f94cea456fcf2f2dfa82e7252af020cac79b91b5bc7c3dd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_B60E2B15CE7688A988CAACF7F569B2DE

MD5 cb3de335c31a3c7558742a4b060d01d6
SHA1 54a9e9fa00c65582f10add21c552e2841096ad72
SHA256 80823b827a748f66ac695a1c77112429b46bc2da07362e48aa545bf06c72cc0c
SHA512 d867c9ce482614abc3fdf1a7bc3b01b9bbecac6345c8add663ab419bd7ba75b38d10f715ac619bdb8947fa5639eac61743ac07d386e295254b94cb921cb4ac43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_B60E2B15CE7688A988CAACF7F569B2DE

MD5 af5eb067bc258257cbd7833b468269ae
SHA1 9ff131ac3a4524fb3e86f32cb9dd1c08dcf0a5d8
SHA256 4370d549f24d7c8e38fd7720ae2610d0ce235fcd666b35721ae2b64ab61076c4
SHA512 3c5848f987d1b3d6222a6888981ee94d996d17f8a81d474ea5df1597085aad0d76ed8a1a412b7852ea2757c24a54a6a2244f6090ace18d6babca7741b8d759fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 d190fb454568a217de72a718d2b6f945
SHA1 9bc15378a293032d990f44a2cc47913f57d22dfb
SHA256 c3082d52dac402dba2000b4ec3f94baa6ac0b92cc9ec0165e25000effa5e2464
SHA512 9350839b154854f3535333f55c67d14c6aeb60ba4e4f1871e0931ffc63ddd1751df75aba99bfa8f8abf1f6fe9dba93cfb9d07543760d9a7fefff03067bd36518

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 2db0f0d86863ee0c5aae2875bff0ef67
SHA1 5b2129fa746bcdf36d1988c4d6d0c5f6affe7abc
SHA256 f7f70f7ddd0276305d34c5d6e736724f86ed36166ddba663445b458423ded503
SHA512 8a990507f01fe4c046320275ab85189cac0766393b761b82b6eeafdcad437798176fc3421c2a6e1dd1cd463d4627badef30ed65f0b2fdd40b18b1c421c248ee0

C:\Users\Admin\AppData\Local\Temp\shi63B.tmp

MD5 77d6c08c6448071b47f02b41fa18ed37
SHA1 e7fdb62abdb6d4131c00398f92bc72a3b9b34668
SHA256 047e2df9ccf0ce298508ee7f0db0abcb2ff9cff9916b6e8a1fbd806b7a9d064b
SHA512 e1aeb8e8b441d755a119f45a465ca5660678f4131984322252bfb6d2cec52e7ee54d65a64b98429b23915eb5707b04b5cd62a85446c60de8842314130a926dbd

C:\Users\Admin\AppData\Local\Temp\MSIE43C.LOG

MD5 a7198c48d621d120f8dbd4e8a42507a2
SHA1 822b55d123b3c5c0e4f184bcd88c3102a6a2ce25
SHA256 c5c86c4cbd471e036d54d5ccab02c1f97f7b54a1a07a21af1736b73cfd64fb8f
SHA512 8c68022cb37b31887d3ac154e88becc5dddb7fe3ee7dd626ac32b20c69f5ed5c418360b2e21c484ab91ad71b883069a04578b6ed710f32d553873ee74a71a46c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f58b3f98a80a08216094be0950730424
SHA1 fea4d432cc65d790869fd2f32fac4586ec032580
SHA256 77d9e01b3ff4e685937a34bc22ee51b38951e62019e5b8cb56ce8dda83bdb01f
SHA512 2e346cf0a0b3c8e28ee50a3dde5564eb0cc6d7705da52588ea3259d632724614a1c892230c5e4996e08fe51864c44bffd7ced702078d725c13d15b2277ae7549

C:\Users\Admin\AppData\Local\Temp\shi39DE.tmp

MD5 6e34fc4a713c3fbd88e47ac188d2540d
SHA1 1877a17da406d147566168c56aac1eb576782b37
SHA256 d8faf8ebf360ed0b3b1a43877a04863f7e044b3d19b641d88737e0829d683b36
SHA512 848a1d9602210d7da0f6e4d7817af08dc02baac7eccf1cfaadaf3a24b55e1316e77c40672a6a1195797e525f448817e534ae200e99cdf548ee64a7996fbcec4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6be0eadf574f52eef32c53e92da91397
SHA1 52264e72a0b43e5c41bc832059ed0869e707c022
SHA256 86f8d9946a30220325c8b520c2f52984f21982e40a012e1d7fdd6ef85cf5bed2
SHA512 d79652a927d0acf6de8858a7020baed935def05a329cb852bfcd8bfde99792819dedaeb4bd3c8516328c823684796ac729317296dced78a56c3d960ce9d6c4a2

C:\Windows\Installer\MSI69A2.tmp

MD5 752b1dafa9e6a7978d6dd35828d51050
SHA1 9145932d7b771ed839e2c805f8703b5310a176b0
SHA256 8608b0858e85369fa8b95dce6b3b505f0bdbe3e14ea378c0db1a627a4ab41458
SHA512 102991b9b61fb618dd646291f642c166479cf88f9e7e519aac2770979bac1bd526213e4ed07a650a87f368a6032c078cc37af9d4bb9534db5ed5578c621e14e6

C:\Program Files\Mailbird\Migrator.Framework.dll.config

MD5 3b309755187e45054c52d95619776307
SHA1 006a44bf6f8023591169a46539d76d3f2c9a756d
SHA256 e71b12294adc8f32f9208baf88a62357562b336b2fb00b8895a8a593bbfcd275
SHA512 4340d738f9c97c68c31abf2e1d5b977748f32749d030e358822a69307dcb273a7c8e7ef217dc12bed2e81402dd05ab5439d7fe50d79f05f58ab7811e66c26b23

C:\Windows\Installer\MSI734B.tmp

MD5 4d2f7fca24c7674f8586c44cc6605511
SHA1 9b1d31d77cb4865bbd045c5bf3caa3173ccaa996
SHA256 81238901271d0d96e4ec082f201c744a66f456114c19effa12fddd6ad6d9f558
SHA512 2a68f19fc34f3edeace8ce1ec29f13b1f29dd2dcd974d6b9c19bc5596af55893ec4a27f7761451e86410962dcd76592436aa8c93514e92a4707ce8ed465e09c2

C:\Config.Msi\e5a378d.rbs

MD5 07b2399fc2b5cb6b87776f378d7c6ef4
SHA1 6bbf5e5ffd49fd4352377be1e5589ae9cf78deae
SHA256 d6bbe92c8d9b33b21e5a1b3824498d33e86537a1f77fefb7c16b010cfb88d7b0
SHA512 347a49c87c7b03d1688ba4f3a00a561019c01b8c8177049ab64d6507fbe72093c3ec3b0c750d91f30d3b0487e46c1c96bcd5d6be8ccd9169e9005b2e46b477d2

C:\Windows\Installer\MSI75DE.tmp

MD5 a99aa38782f1392091ac7c58d29bde42
SHA1 6ca5c6b5d725c221e6bb8a3cfc229f1f4130fea4
SHA256 0d34c2a0518f6adc17ee78e1bbb7f42bf432f0378f39e402d684232d039e13d0
SHA512 f4834c946076a705df60f56bf9c03c9dc45bc61dad68164f7ead6c659cd5d73c96deb526212ae0000aef0d7536e5b720b768ee8c5d874241da3ce02fbea468a0

memory/3228-1266-0x0000029434530000-0x0000029436E8A000-memory.dmp

memory/3228-1293-0x00000294516D0000-0x000002945194E000-memory.dmp

memory/3228-1294-0x0000029451950000-0x0000029451AB0000-memory.dmp

memory/3228-1295-0x0000029451450000-0x00000294514B8000-memory.dmp

memory/3228-1296-0x00000294372C0000-0x00000294372FE000-memory.dmp

memory/3228-1297-0x0000029437280000-0x0000029437298000-memory.dmp

memory/3228-1299-0x0000029438BF0000-0x0000029438C1A000-memory.dmp

memory/3228-1298-0x0000029437270000-0x000002943727E000-memory.dmp

memory/3228-1300-0x00000294514C0000-0x00000294514F4000-memory.dmp

memory/3228-1301-0x0000029451AB0000-0x0000029451BBC000-memory.dmp

memory/3228-1304-0x0000029452070000-0x00000294523BA000-memory.dmp

memory/3228-1303-0x0000029451BC0000-0x0000029451D20000-memory.dmp

memory/3228-1305-0x0000029451590000-0x0000029451620000-memory.dmp

memory/3228-1306-0x0000029451620000-0x000002945167E000-memory.dmp

memory/3228-1307-0x0000029451F20000-0x0000029451F9E000-memory.dmp

memory/3228-1308-0x00000294524B0000-0x0000029452522000-memory.dmp

memory/3228-1311-0x00000294525A0000-0x0000029452616000-memory.dmp

memory/3228-1314-0x00000294527E0000-0x0000029452856000-memory.dmp

memory/3228-1315-0x0000029451570000-0x000002945157A000-memory.dmp

memory/3228-1316-0x0000029451580000-0x000002945158A000-memory.dmp

memory/3228-1317-0x0000029452040000-0x0000029452048000-memory.dmp

memory/3228-1318-0x0000029452760000-0x00000294527BA000-memory.dmp

memory/3228-1320-0x0000029451680000-0x0000029451688000-memory.dmp

memory/3228-1319-0x0000029452010000-0x0000029452036000-memory.dmp

memory/3228-1322-0x00000294516B0000-0x00000294516C4000-memory.dmp

memory/3228-1323-0x00000294516A0000-0x00000294516A8000-memory.dmp

memory/3228-1325-0x0000029451690000-0x000002945169C000-memory.dmp

memory/3228-1327-0x0000029452050000-0x000002945205A000-memory.dmp

memory/3228-1328-0x0000029452860000-0x000002945289C000-memory.dmp

memory/3228-1330-0x0000029452550000-0x0000029452562000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Misc\Sentry\FD5F450BADA113E3C36A62B1C198B2CC99EDCACD\1714766018_1296__45653674.envelope

MD5 468a4ee8bfd10cf9a9f513d8533f131d
SHA1 52e21edf89fe82272885f847fbf40208b129572d
SHA256 da11b086a0e323eebed7fb02a6e5bc80e3a439a19814cf55bd54582b122670cf
SHA512 2893cc7d13943d7e4f3b1a5d5b26ae847c11ffeb807c61b68275930a7ab2be21007dcd44da4dacafa94beba1960395febc4e4a65c2ba2076043f0eef375db691

memory/3228-1336-0x0000029452570000-0x000002945258E000-memory.dmp

memory/3228-1338-0x00000294529A0000-0x00000294529F0000-memory.dmp

memory/3228-1337-0x00000294528E0000-0x0000029452908000-memory.dmp

memory/3228-1339-0x0000029452B00000-0x0000029452C0A000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Mailbird.config

MD5 ace75dc8af45d719cd180a8a4e5209b1
SHA1 985e61564e319bfdb131e6a9ce9085dc5e2e6782
SHA256 a296fb6bebd2da6a0d6afb65dba2158d5359fe32b2533dd8b14bae8d01eb3de0
SHA512 3c4d96e87b826b1e147e460fcfb8f2135a512cc421789d8cba44c3a70d2ba4901f44c26d4a7e9ebe28e7c8cb621922c1d704a070fae4a1751a3ac4973c37185c

memory/3228-1342-0x0000029452060000-0x000002945206A000-memory.dmp

memory/3228-1345-0x0000029452CC0000-0x0000029452D70000-memory.dmp

memory/3228-1348-0x0000029452910000-0x0000029452932000-memory.dmp

memory/3228-1350-0x0000029452530000-0x000002945253E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 850f27f857369bf7fe83c613d2ec35cb
SHA1 7677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256 a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA512 7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 62c02dda2bf22d702a9b3a1c547c5f6a
SHA1 8f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256 cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512 a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d578dfe5d855013c41ff08750a84c58
SHA1 ee82505d9b49782baa49479a2d168b72bca0c910
SHA256 c13ca5465e3f041bcec281dc941f3340333e2d31d77bfd1b6c711814c116f28f
SHA512 9446dacac5bcb89f89e27c0870eec05e9dc8fb3201f1b5b05086eb8901ec11629910aae7850a02f13e339d8232e5e1942c1072377ba5cbd834ba70be3922ca2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b20b5ea03e10632b4ee2bb4666a98fdc
SHA1 769c6770456f0124171b6c9088aa7e35aa1a7f79
SHA256 315359e6108ae1cee66b10591b9024c5350ddd8349f1651222cb93a716dbf2ea
SHA512 5aa39c4a923c416d47a21eb3db769fe2fa618c16710a317d3708ae1251a2afa1157b0831abfbcca7f52413e11f4e1846dc52f07afd368f8284b4fae16eb5cca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 8d63e5128e76248bcdcf190fb3ba428d
SHA1 b2ef9d7d400d006f3e726daf7c30eb2f76030fa4
SHA256 e6c17125d778eda3b255fb7f25dfb76f63effe7682dd64d7d18f66631a3d5d44
SHA512 ba2003b93e02c0f6072d4f9ea33ba27bad31e3683e1149570ac07042f544e4bf7279731384c4a2872ccf69d20fa93bd4c5cbfc8805ea26d52595227027b4ac24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27389edcd135c48ef7c1b62d62750d67
SHA1 0d5ff5fb84cff8f5cd3f9e65119fda85e6f0e6be
SHA256 cb6eafd70f73866b541ad4924f7192a5cde0f7f1129af1bb1c28b33a7356b1d5
SHA512 b38418ee981b986fb38d1b84eb30e5b64d2c37c07508381f8bfe63bc78629a3a04a48f3fb936c5b0183b2b3dd4d4b218fc87180dc2887693a74d39134f50ca6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e9c8f253aec738c186a0ba7e0b7cfe0
SHA1 b0de7b5cba6318ec755be317e0deda9d60ac8266
SHA256 29b87cb10e07ce9a1bab9b40512610da39c7752630119204e360d03f5d07a9e6
SHA512 6f27cd0ceef205d5da0a977e50bd9aeae9a416b452da69104c02d651b3337ea5607870d708ff4ed3cad2c6bcf6b53302bcc72318b672afbf0f6ce1217f0630e9

memory/3228-1448-0x00000294539A0000-0x00000294539BE000-memory.dmp

memory/3228-1450-0x0000029453930000-0x0000029453948000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Misc\Sentry\FD5F450BADA113E3C36A62B1C198B2CC99EDCACD\1714766034_-454__45653674.envelope

MD5 5d4d42fbcffff3a24d4c52a958fc9545
SHA1 9095ac33d8535d69039f3399ee35bdb1e917cfbf
SHA256 04adf35620706f7fc7ca6d28e17557c278185a70c993b036d7a89f7bd8b2f565
SHA512 4a885e88a353834c8f44c9e5da22f36e5b85f51c6315747c913a013ed0e06653470904f141a03f8e5075c6fe29dde1988072a3d38c4158818de03cf2a2bff153

memory/4504-1468-0x0000020F496F0000-0x0000020F49740000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Misc\Sentry\FD5F450BADA113E3C36A62B1C198B2CC99EDCACD\__processing\1714766034_3852__41149443.envelope

MD5 7f51c1f7f444f46fc1576d64c17fbd9c
SHA1 d7bd30b7099c6ab46d450cbd9e79a68c302f9cf7
SHA256 515ae5045aa7d5216f75499b7d356731a50284866f5ad0803d281acc86849db1
SHA512 fc1d1745e744b88bf3beaa83dea1eaf5b3740c7899bb0d180565c02091d2397c58be5053e5eb7bf2311ad73e7feadb7ad45b00fdb45d1b12158b22b0aae3297d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 360f49bc7c554c78ddeb4b344fc2a32e
SHA1 9d5709d521df4d125f47de3c13c2f70df6c4a271
SHA256 8fc1a5b5a4cff059058e4536b963f712257b7c1e120149ef6dce754aafa284a9
SHA512 34ee648eb751ab55296ee443c81bfab7c1341f5b0dd891dd7d6e013f7f166716f1dde2f500929053c92cadb51ec1264d756710bdff16a0b1f1999b0882d84f09

memory/4504-1488-0x0000020F49B90000-0x0000020F49BD6000-memory.dmp

memory/4504-1489-0x0000020F48CB0000-0x0000020F48CB8000-memory.dmp

memory/4504-1490-0x0000020F49CA0000-0x0000020F49D5A000-memory.dmp

memory/4504-1491-0x0000020F49320000-0x0000020F49328000-memory.dmp

memory/4504-1492-0x0000020F49B60000-0x0000020F49B7C000-memory.dmp

memory/4504-1494-0x0000020F49C10000-0x0000020F49C22000-memory.dmp

memory/4504-1495-0x0000020F49C60000-0x0000020F49C88000-memory.dmp

memory/4504-1496-0x0000020F49DA0000-0x0000020F49DE0000-memory.dmp

memory/4504-1497-0x0000020F49DE0000-0x0000020F49E04000-memory.dmp

memory/4504-1498-0x0000020F49B50000-0x0000020F49B58000-memory.dmp

memory/4504-1499-0x0000020F4B000000-0x0000020F4B038000-memory.dmp

memory/4504-1500-0x0000020F49C90000-0x0000020F49C9E000-memory.dmp

memory/4504-1501-0x0000020F4B040000-0x0000020F4B062000-memory.dmp

memory/4504-1502-0x0000020F4A790000-0x0000020F4A7A0000-memory.dmp

memory/4504-1503-0x0000020F4B190000-0x0000020F4B2A4000-memory.dmp

memory/4504-1504-0x0000020F4B2B0000-0x0000020F4B466000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Misc\CefCache\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/5532-1510-0x000001EF3E3C0000-0x000001EF3E3C6000-memory.dmp

memory/5532-1511-0x000001EF588C0000-0x000001EF589DF000-memory.dmp

memory/4504-1514-0x0000020F4A640000-0x0000020F4A64A000-memory.dmp

memory/4504-1513-0x0000020F4A610000-0x0000020F4A62A000-memory.dmp

memory/4504-1517-0x0000020F4A6D0000-0x0000020F4A750000-memory.dmp

memory/4504-1518-0x0000020F4D300000-0x0000020F4D34A000-memory.dmp

memory/4504-1519-0x0000020F4D460000-0x0000020F4D564000-memory.dmp

memory/4504-1520-0x0000020F4A600000-0x0000020F4A60E000-memory.dmp

memory/4504-1521-0x0000020F4A690000-0x0000020F4A6C4000-memory.dmp

memory/4504-1516-0x0000020F4A5F0000-0x0000020F4A600000-memory.dmp

memory/4504-1512-0x0000020F4A5E0000-0x0000020F4A5EC000-memory.dmp

memory/4504-1527-0x0000020F4D400000-0x0000020F4D424000-memory.dmp

memory/4504-1530-0x0000020F4D430000-0x0000020F4D444000-memory.dmp

memory/4504-1529-0x0000020F4D370000-0x0000020F4D37C000-memory.dmp

memory/4504-1528-0x0000020F4A750000-0x0000020F4A75A000-memory.dmp

memory/5532-1531-0x000001EF5A120000-0x000001EF5A39E000-memory.dmp

memory/4504-1525-0x0000020F4CD20000-0x0000020F4CD46000-memory.dmp

memory/4504-1524-0x0000020F4D390000-0x0000020F4D3CA000-memory.dmp

memory/4504-1547-0x0000020F4A630000-0x0000020F4A638000-memory.dmp

memory/4504-1548-0x0000020F4E260000-0x0000020F4E2E0000-memory.dmp

memory/4504-1551-0x0000020F50C40000-0x0000020F5359A000-memory.dmp

memory/4504-1552-0x0000020F4E400000-0x0000020F4E516000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6aa1a9fc94c98718.customDestinations-ms

MD5 c92002040d3137ea6fb3d0187b681705
SHA1 20ebee7964f9bae5a36399433824efc3c8030c5b
SHA256 bef470645222307b907316ae230354412d61815487a439a5e73e2fd9af4483e8
SHA512 ab0681e1aab11c80b7a51712d65631fa92569dc96447e55c14895f08a1584c49cdffbc4818e2576e58f406fc92ba9e13c533c80e84b77a8ad400973cc31d6ca4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6aa1a9fc94c98718.customDestinations-ms

MD5 e4a1661c2c886ebb688dec494532431c
SHA1 a2ae2a7db83b33dc95396607258f553114c9183c
SHA256 b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5
SHA512 efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

memory/4504-1566-0x0000020F4D450000-0x0000020F4D458000-memory.dmp

memory/4504-1569-0x0000020F4E570000-0x0000020F4E5B4000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Mailbird.config

MD5 f90aeef9eccc618d3c2589ccc9a7a698
SHA1 6c5cfcbec6b1a13dba6d00191df37733c035a8fd
SHA256 2dcdad368c6cee205d4709307a5b4078bb4b3a8cc2cc9cea1543ca455a95ec01
SHA512 e90cb20fe4302f67cb879daa3195a6a986dc131e7297dffb1a3972adcf113fb365e261eb043e54319d0339d089cb5839683ecd977a7fe014175f342ddc0d0a96

memory/4504-1579-0x0000020F50B70000-0x0000020F50D32000-memory.dmp

memory/4504-1580-0x0000020F51270000-0x0000020F51798000-memory.dmp

C:\Users\Admin\AppData\Local\Mailbird\Store\Store.db

MD5 2dc421043d7140e3ba73801f12f0ccec
SHA1 d3bf0c8553b957736e04fc36227b99ee4f9660c1
SHA256 41caaf22954f08dcaeb0cfc43cf81e98f6449899c58d3fea2ea81a07dab4def5
SHA512 641ed83374e14402b9889ab12b5647a508b5393541ed2a6eae07d07ffcda2184984836219a2eb2727ff20026526ae71caaf88ce09db445b5417d3e6a1e053910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c977027dac3a4c97b3f53285db079d3c
SHA1 92211bcc39be58ecaf9cda7760b95ba2db0702ec
SHA256 8886529a778bcee2d9d1e471c8bd9ad4cdbcf82b3317cb3c0e3e7e722e0bc3fa
SHA512 6832227bdbb0185be9dbfb66333b28a9aba367c5a59502bf98efd3468d1d56b4b3942950af0ede19033bf748f961f553daf1e253e2baa8254c8c042f35d71dd7

memory/1016-1602-0x00000244EA910000-0x00000244EAB8E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b07ce5b35841a8a08633209f77cf3b2
SHA1 9d6b7d41f7df2fc3eb586b31f6fe21d392321bfb
SHA256 21765ed13fa8facbcbef045a6ddb1bbf99eeb842d580e196ab3b676cbc73d436
SHA512 b79f8fc4018f0e49ffab2e52748f781e3286a83073a297226dcd413f8fd37c80477f6773dce2547eca85de93c15f032dd48e6386bee7ea2c18bc682dfee1ef05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0cfd.TMP

MD5 a36ec78eb05c2ad9d0c225496a8bf644
SHA1 8c0f7daa430937915923ce5f11b2f2d9d9da9fb4
SHA256 ab425e3f90e38cc3a7f4ad7a17b3d33a2f309b2b399aa6ac5ad3d82dc33ccfdf
SHA512 493cfde4e42c194186d26189e3ba41543fffbb12651674d273097371f450e0b7ddde4e254bad000874e1e9fc747d5638a99732cdd719a3af982eb60e5215d1eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e81dd80b9d7ded8fec7a50a027e1b5a
SHA1 5fd2f5e9734636c9e212df3ca3b423a2c6e3ce71
SHA256 62506a77775a69583bfa49699fd3ff6745d57d6eabfa91ea1ec1457b9d05263b
SHA512 0ee1321bc0e2551e81abf0cc788024403411f82a345cfee86313393d1582ed2be8106c325068b4785c8a476cd7f6207da97d67cdea2b62ea5ae16818e6c0610e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b808547bc2b801213d4b523a68abeca2
SHA1 22e4283c8fbb09a85d41eabb854a43f91bd11329
SHA256 c8889e4a95da5d31120397362b69a89545484dc57a1ecd95399a213dc7070f94
SHA512 3f0b14f1b58fce9ad51e96e274a76bb1441cc716b2e6e684e5a518b2f57222bebb1b492269592d915788726c9d73abd416d2bb11b2855625f1c37f10973d44c2

C:\Users\Admin\AppData\Local\Mailbird\Mailbird.config

MD5 d04daa773781f63a476b8a3b5c349c88
SHA1 c07aa87384d741b4300ee061f29fcc49de7cd95b
SHA256 806e8a5968fe1efb12c3a7d87209021d5441d1bb77e3073a78836e4cf272ca9d
SHA512 d5d7bea5cff61c26cd72287bd3eb2c19289b3ee484cdee5e83eb1e63d20a9f548dc9d508aec4dbf733d73a9779663eea4f3e7c7074cea231b86f6c667f0fab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9cc6da573b70393358f4dbb80155353c
SHA1 120a3567357f12cb4d4316195d53279480450fd3
SHA256 8ec647d75938d0c174c1bf883762c92090edb905bff511de7d17fecf73959ddf
SHA512 3876621572864acf900faf81ddd84f7e8b1fb40055bf4fdef416ea153107c78a98bed1cbcdb53eb5b74469598dcbbfb86fe500a8310ee52e35376973b92f0db7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b73735272e40af2fa78aa9342678c92c
SHA1 9169120d7ee41fd34078eccebffa7ae670b4e55e
SHA256 5ccab611706b38f20d1140315d711579371b802c25a6ccef561e4809867c64b7
SHA512 b4eb3570eee90e477d97f94cffc2c4677e395aaea8f1304dd7bde369e7ddda08e207a197f535b72d0449ddb52bdcc5e52926dc53dc17ec44f995da82dfca74e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 38f159718028aec7fd18af9f71267c33
SHA1 25da955586bf335817ec94e4aa637427d3584aaa
SHA256 88614a94cbe93d654fa9e89d4eec6235b90f0ee4d7eff0c4df52d59b3b6c4918
SHA512 a62f2e07ef74cf0869b11ec96ca5e8b0f7867ae89cf0fc52549257420fbf4e594cc28ce47ebd53d52b53e5611b08eacab611d913074cb82fb7928cfa9eca71b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7037cfada4c6d631cb2ff3257f789bb
SHA1 0b58d5787251bf7ceb4f60b58402fe7a6c470d59
SHA256 a1f22e1f55b6b56a19eb590b6aa66bfe9c4a0ea7bef1583cc0d74023c3476736
SHA512 fe5dc4f18d2dadee4bad166367bb2b717d46e2a74da4b4c5cf74b3a7decb899a8ee9bfd474937c53df08e5d901a53b61011fccb9ba3fea5202a0178b3d55233b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fbe3afcf0637bb9baed3d9489e959a80
SHA1 62b8ba98b1b83a8da50ed5ac2bae99726d32c512
SHA256 d8a318ef6aa0ca9b52d6e91ea91537b11d806e83475db8ad9ba4e0dfd761f3fc
SHA512 1a34187cf8b2374ceec01b757ce1936a7bb9faee1bc2986949fc97605c24657f90ce4b8882a7110ed9246efa08acc8be279b890a5f804815ce0da31524bc00da

C:\Users\Admin\AppData\Local\Mailbird\Misc\CefCache\LocalPrefs.json

MD5 a17de958a0ff74b2562f285a941fd907
SHA1 5d28df3b413088c88067d43b603e46dfbdb034e4
SHA256 e3509b5b8f39d6822486cb998a6f22a504d6b193e7f60cb01607952d5b50103c
SHA512 711528cef25755b899de7ffcc5e84d55f50c0d11c4ca680a33771f0023d5bf255c2bfb3c72925eb5bd3911799d931260870e5bfdceeba38ce0861787e9c563db

C:\Users\Admin\AppData\Local\Mailbird\Misc\CefCache\LocalPrefs.json~RFe5bde27.TMP

MD5 0f05a1bf0770fe7aa9bca94d1ebb2da4
SHA1 0779bbf8b48f6bbb7f75ac6849edeae8d573c75f
SHA256 605f54296c1514ab8a784ab3ea197390e65cc670686efb5a5285d4fb22838725
SHA512 f5b88f0182458e591fe56fa9d2d18c79107e0c20a466c3f1c984113947f3b0a63043402a7646a912f8102fc8dd38bd02df3fc63cab6c1d9cfdbb1c352d5f1b58

C:\Users\Admin\AppData\Local\Mailbird\Store\Store.db-wal

MD5 350d61af2fe11a53df57979a2381596e
SHA1 3e30ef84ea521d7a5c53cfe92a9b17740d2f48b1
SHA256 b4a25e960c768b5347b69852998d4dc94797de54bfc3ec26e61bc4a73fefc463
SHA512 13c47a1be72a6c19027d0d9b35fa87bb348b0c6d9c487be704dd081921d20fe283b15c425814943887d21cfe34c33e3b135edcd2066bb06f836ba7f9e32ce25c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ed45de6ab6bedb88fb0b37c6ab5ed40
SHA1 d5145b18854744559352c9af28d70c57f67dcfb8
SHA256 a313a130e57ca169a01d50ed9236736d47b531fdedb003bc4adf051de0581a48
SHA512 44cd2c5018433b1fe9260beb55fdc99670f32c20756efb89ba60d3ea017d43cd654e33917febff553031d94aba60fb608b0161f0cb275855588e53f30a8a95e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/4504-1798-0x0000020F4C8C0000-0x0000020F4C8EE000-memory.dmp

memory/4504-1808-0x0000020F4C970000-0x0000020F4C99E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ff38ee3f8346e7baabc0e00afc0552e
SHA1 94a258084c363c02b560a91bb31e91e2d78025be
SHA256 7de54c60f70a60dec819d895cd168f2b77f7b4f2f2f43642a92cc728e46eff64
SHA512 0a8403f345db8d5ed9161c39926a9cf8c3098a6c2f36edd0d95654a5e337ce427f5cf954c4b86137b9f9d1d9750e6dd34a119c0510ee8c75ad4e5b1f618e7499

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4d4f2c5df0dc093ef50fb3734f7b3670
SHA1 3606046e0a8e901c755bba90e58962e064ded180
SHA256 b445c339540aee591215291e8459c3123e5329854a10c7eaa84923aa050e26f3
SHA512 1539467acf3c3a9d21e5c1cb8ca120fffca287dd63e010089964f6995b18d13198cbcb79502f3555350602efb7e868401f9bdd9d71b0b2cd4fa51bcf5a86a3e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56f390d2e7bbdf6f392a827537d72c55
SHA1 285bc4cc6bded8307c7b5a703e4b396fc2d9a4c7
SHA256 e43620f70b2bd9a0e8007b1e2f0ca6c4082f0963748b582607087afe1e6367d8
SHA512 bc79fb1b3231d8f29596b46ec1d6accaf6a1e0a4900a74f29c4e738d1dbbc96464b405840aba19e4c7c292ceeb0cebbcfd12df32b8bcbf36e308af699e4018e9

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping4504_1682540992\manifest.json

MD5 2648d437c53db54b3ebd00e64852687e
SHA1 66cfe157f4c8e17bfda15325abfef40ec6d49608
SHA256 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA512 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8cd36253248641ed470fe8e4b8731c37
SHA1 53c162c8468b3d62cba905dc4fee879f45a3e438
SHA256 e84f615654d7f1e974d43a471ee23bfcb75cc65806e8102c3c33699cf41d32eb
SHA512 82f760a67b1ec858456a4265490732b4cc2376f567008b0461b342c5e8ad2a5eabb56343898a0395c329bb9d926a328a7ff6632e8107fbae1974d29591e5d17b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6aa1a9fc94c98718.customDestinations-ms

MD5 b4d7f95e1777360f8d8212f4b9b38b0e
SHA1 0a9ecd1f0ce4960d5b29f9c8fe1d8a920f7d0226
SHA256 c269197111fbd8cc7357c08e4d6c8fd842371609db771943bd2f4d9ca1034659
SHA512 d10487a1ae4d7d063e08cec63d0c33846d7d20ec488611f9848d065ae81a2965ccceaa4f4660b7d6328c15a949aa5b5d80f84572af7078d76289fb7c8414a112

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6aa1a9fc94c98718.customDestinations-ms

MD5 44b056ea98ebbea1890c942240255ded
SHA1 4d5a7137ba9da5f3a726e4fc1acc61b7539091c3
SHA256 f26c561cf5d7b97a5f27fc9e3957a00e4b11629a256fd7b66747d45c896f45eb
SHA512 e78f70078ffe05e7def262cd47994bfff64f8db4e929d212651728efc483677c1144624429e8a28a754ced91b1fbc96835b33d36518b8b7e3076a7930491f52b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7fc6f30247f47417e0eb1ae47f59e3cf
SHA1 16e69ff645e6ba65aea8b3d52dab614ae1816ad7
SHA256 d69e75f914ec89f8a8b6be9a881d81e7add69e93744fe3384a9356b288f480b2
SHA512 50c016dbf47a55192fd1f51cf5b5066ad49534bc038003b30b7bbffc1bd6369d98008ea0aaa4b83f5cd9b4009b836d1ea7544e4c71175c271b6634396de9f04f

C:\Users\Admin\AppData\Local\Mailbird\Misc\CefCache\LocalPrefs.json

MD5 1d7ed64ea4e4b062b0329ec29b1e1a3b
SHA1 284952aa67770eca46ddaf6a82019c9b13022236
SHA256 82769780c5eccd5118f1b21b397dfc744f36ccf1e1fbb7e62b08e8a156d4f89f
SHA512 da730701037314d2286be385bcb4efbbfd92afe9ab3622693064761337d7c7c8a77062c5c2728aee109fc81e52ee1ebe410afdf9679c1dd8717d586cc22921a9

memory/4504-2008-0x0000020F61530000-0x0000020F615B4000-memory.dmp

memory/4504-2009-0x0000020F4F6A0000-0x0000020F4F6C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99552fb61f35a7b6c81e985cfe94c8e9
SHA1 8b52c6b6fc13009e3713a5982bd98751ecd586b9
SHA256 77b2fbff78920be771e89c4f87690a8c30a3354eb6b0e613508f16e6f82c0a46
SHA512 db67a769e48c9ae55ca79d95ec35887e9913fde159e00487276ac4b2887141890c90df6d952a5fc0870f5e67abaf803bdf74c29cdd4ac2f540fc2459ec3f4e81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1698c286a48f5189deb0db36d1ba10a
SHA1 f1d5ba63ef417055544f0b39b986245510bed021
SHA256 b0f053bbd4974b83649d145262f2af3156b844f39a36c0acac627dec16a08bda
SHA512 01b0910fbed1023479ebaba7316c182c008b1938fb0a71e7f6cd7d4cdb0abddc37c8079970365f7e063fd4a37d2c811a7e464ad15f8541f28a0717287b975c22

memory/4504-2053-0x0000020F61750000-0x0000020F618E0000-memory.dmp

memory/4504-2059-0x0000020F4F3D0000-0x0000020F4F3D8000-memory.dmp

memory/4504-2060-0x0000020F511E0000-0x0000020F51206000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6aa1a9fc94c98718.customDestinations-ms

MD5 7dfae25194303338adedb93f38affd3c
SHA1 eff3a2208efce525cf5c034c4350fad21bfe7dd8
SHA256 c18e7455e7fb414cf2f487715b1a9b6575bf9f9d7030f6b66c42409584ad5248
SHA512 300494fcb73e935875d87df2db3c6ca69005a4d8fb2dbf39c879d8f2f8c7c77d1ded8faef2a85de712fd6edbe8ee791a8465f0c8ebf723423875be499c1b11f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2246dbd51ba7e21d310972f80cdce745
SHA1 4a7f0fa88e1071e755d30a4e323ef2adcb9e5ae7
SHA256 e21e3055f78af534d1d44be394e9966b3804e589b11b742a68f75c9fa1d2b4a0
SHA512 0b75ee47c7dc5e024769022f8df2e7d64ffa2ba515da0542622901c5fd2b050228035c905840eab6c3ba3c98ee155783a56ff0b0da67516f046d10473d01b43a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15d9194968f1587112413611c8df4d3f
SHA1 175d0aa16487e3320cc4827a309a7f18fb144852
SHA256 f193cc66e0d2c6c011f9944583f55827e61cb090f75b799b94a04f7a681a32d9
SHA512 f949480518b5a69fbd75b04217a63756a9dbede13cc2443f1e95a33848572e640b84dcf166d9ce159c9c0671ebae26480b696a4f90934e4b8cb86fc0b29af34b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f77e6697d0f2d82db83c914409cbce86
SHA1 bb965ab3282cd0ad03e4ba577aec1fa9840cb162
SHA256 f15bc5bf1ee5c8fadda3b5ec21eabd772ac656bf8b863ea4c4f591eabcf9eda4
SHA512 1b615ad65b182fa957ac8ef8c1f996f79fdc034ca5811ffd6f391b92e2546ed604ca7dc996189c2352b5906a45ea0a58816ed5cdd1c432e7fe31a531db139180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 a484f2f3418f65b8214cbcd3e4a31057
SHA1 5c002c51b67db40f88b6895a5d5caa67608a65ce
SHA256 79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA512 0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1a813bed-f193-4a39-b598-37645926f066.tmp

MD5 5cf68b3fe9f53ea046e1c4fb85597dbe
SHA1 53bf5d5eb7b74f2fdd9648bfd14e82ffe1897376
SHA256 e475b917e09d5c6aee8e84d9703dab9ab362b78af585a274b4721eaad5744e53
SHA512 3632802f7fcdeda565b4f6f8ec9db378fd8138ad47b1b1748623ba51cebf4f18856eb785d98b0ef0125b86d315546a461dd8947c4d6d7af07ce626ca0f7ef9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 44a5f68d24ebf6d31ff030230d91bcc5
SHA1 f57b04b67db2d0b3d01768d9bab2c5a47e9177dc
SHA256 8e2d718cbac41d69029b38aac166db8f36abaade0e230406615b7c70ad1610ed
SHA512 21773ab11b410beadb493b8592a5cec16339ccbce310af91db1b11833b7faecbeed2be1c1ff63d43b4dffae15169db9e9ce9398115eb05f032c380783da91117

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dbee639d1b1976897e3908d11fdc87b3
SHA1 a88ff03006651058babe639c86d7829a315f68c6
SHA256 ed8bfd0363a87bd201f711af8beda8619392b472e11b645a49f375988d127875
SHA512 1a0332da9815ead61dad71c63c997974e159095f04d2ab17ec2746fbe02e33336550e0d6f85745da3e347c9906a45ee1d87418b4da81049c97243e30a2196346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd6b01d4117212763b2292ad298bffdb
SHA1 8d110526209ea2b0320ed96249448fd2a2e342a3
SHA256 e152fa98e62453a2b4fa4ee41990fe59bc25694f46edc91f1b8e7f22426b35ca
SHA512 f6dc92eb90114e20ee5226ca0d26479bb7388737d16cee85a68d9ac3eae1374fff4375f642d118df54ac00a8b18be8b406ac7fba2d40f8dcab87522b57629057

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f872dcc590878d5a2dfcf5d1c3c5e49
SHA1 33cfb7f4faadd1a415561ba5d8ffc5f2fccecb25
SHA256 d62eebc96ad06b5c7060a0d64b290f74a5c028afb01475c7fd04bf55dcc8fa99
SHA512 14790be4ef74f73f6849ede9795739182cfdd7fa0de9c167217ef248b92bdbcc4b93114e54e73c076cdedc5556d55d950be9eb10509f9604e283bdd1edf3488a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a6e383a30090c1531048d8500e700849
SHA1 917e08c96f8a26672699e039a238e7fa710fdf32
SHA256 3cc4291591b72d1d91bd32b44e7d3170362bf950c6ff650735c6223698d65f05
SHA512 200e3dd0409714e1b13ba872ff97559b052236cf53dbc1aaaf90c166b7690573888fb28b7fde20d1432917c43acfaeda8fd11609a03abb951b180d947ef681a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 f782de7f00a1e90076b6b77a05fa908a
SHA1 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1
SHA256 d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968
SHA512 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

C:\Users\Admin\AppData\Local\Mailbird\Misc\CefCache\Network\Network Persistent State~RFe5d427a.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Mailbird\Misc\CefCache\Network\Network Persistent State

MD5 8a429a38670a051256045d497548722f
SHA1 3f0bca8b4a6672387bacad9fa5cf94bed3390e16
SHA256 c7e2d5a64dff1fd33eade25d0f6c70bcfc84606cdaff362589f03e304530d525
SHA512 232b721b2646dda6964bad3a09dea13f77e56c3bdf3187da3ba0d8a1d5b51e0a4b863122e211a42e3607b9171d657c7f4c5528d010747aa0b93fe8ede21c957f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c5d8e012ca6a87022032d0e3370a4b7
SHA1 61b9badd09b4e5283f774f8d8f0c10ae64867bf4
SHA256 e7dbf3385ea3ea342e6db36e7c16c67fb4b79257fd7d71c6c930635507735c16
SHA512 df7907e065914ac1c5606d6ba48d3ed58ca58b2439d94822fcf7bf71193cccccbe88cef376beb97dcc9dff2c757d7cd7024677032fdc13ec4893b1aff27e49e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54b5f8266298f526126e0428d0953200
SHA1 08338296840993d6320faa35a7a467013fcc455d
SHA256 747bb5c5cf7e71d262361106a1066b8bd4976b34d4e99b3a6f0c8a2cb6929832
SHA512 5ccf31becdf12db844d19b224e0091f6e81495f5a2901c90cd2ba3123009a097b2c3186eb908c211dd1a0cd4b6f971ce06b54e7b20d004e6ce9b66b142268f08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8ff06bd3295ed3b0a6df4928f211233
SHA1 c87f64bcfff772914700c2cc2344bdb3efae0809
SHA256 62ee862e8a65e8f8321cf56edd5944260f74a9c5a0ac6460108b0b4619991f29
SHA512 985fb9bec878d2848eff602151a013a86349465b3549eabab29ecd617bba59a4aecf72fb7ea419dcabd70b1e0bc361b8de6e053a3e312ab4769e559b0567de99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8be1cc6fdcde0dd04024660df74330bf
SHA1 68269cad72b361a5085878dd299d500511dbdfdb
SHA256 a2092659634b54872ffb2ebfd27eb08140fe48b56d79c6a04d33cbd00719a42f
SHA512 9f28f4f83b69df629a525aeccb760a821c83ae9a2b2ff0af9d4fd596973b8713f34116d7456ab4be306a07881c60a42a3ee7fa761e1c2570cd341ae2f8717468

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b460450dfcf98687c59bf7b919cff4b
SHA1 ea026fbb4ededbfc6afe124be10eb8698ccf1a9c
SHA256 13f80a8d30801d7aa1849414cb4417ff6af88ba5d0385036c86b1b40ef2edd23
SHA512 9386e15cb12e69fb4231281fb8788e781aa81137ec420125b4a6012b4974e94a5c8ed6d39c652a39f80aed5828a0657164756f7f24a8d2458ae804e51e5cddc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8290536894fb429573f9e97da21f5236
SHA1 e1d9bcd01bc9c5e99523052e4f03d943b31765f6
SHA256 e61991d9f8528ea13e9ae9d813d11cd38588414c4116c671ffaaafaad3b5f44e
SHA512 464b576547d0482026120feb16c33f01978ae824563a416ef94fb6890cb1da45eabd412287d76f3dc52b7b040e86aba0bcf08d4d8cb93c6fd545e69f90ec09e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e32c3b07559aa02a459d1538cf903894
SHA1 7087ba0d13a77c155eb726355a692762a867cdb1
SHA256 054baa3e0d98f50431ecbdb044c98d22f4bce07b08db1e21da5764dadbaf470c
SHA512 c72e09b2c3da3145d301e8654b461c4acf0ddd047c7e9aa5a7a09a1e9227b07e15acefde01c55e2a008fcf270466f230d1c48c87f7b5257f6b623983bfcb5c60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 33fbb85fccfcc4665e8474937867dead
SHA1 425b9790595e0d7b870d4de7d7ef3802c7b9415f
SHA256 a708d81ab590b56a4de77b3edfe083afef2866f0cbc9f937175b70424cae5c58
SHA512 ac2647632670dfff3ad4b0146b567d5245d77da5751460164e343550ea2f8f16ce4254f3eb5140b27ae49d5344ab38af4e34b56bba15e870856844e50d9218ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d84e495ffa9c077dbd8be1fc98b22d62
SHA1 01e0c7fe92d4289d3cd6238be0bf6dcbb8b2ba31
SHA256 a387dac50d85e5501da83ffdd01d5c2dafbcb56650ad7485f9be4cb1362a58d3
SHA512 4fc2f34cea463912873ac7ed871b8c26acf91df0b0263c1cc32e57bf9062ca11f51b8ac052ded8667a7519e0846fa0c133d8dec4026ac14819fd9190a7906146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5020b334418e7a69f8f7169b9665542f
SHA1 da6b903bea8804dbe53d3dc57211c422f7a55a8c
SHA256 518149191bb4f8f695976b62022003e9c7916bb13ca4a6ebe83cf578098aef9c
SHA512 9aebe26f0c55131ff8db224bfae65d7aa84a4fbd5415ebcb1d00e5dbc50668e2873827beffb086fe7e6f5b51dfdaa163b7c6db691458a223d831fbee07b815d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dab40a4db24ae932ac7f40e4d9612b49
SHA1 b999683ca7a033949c79a707a789146aaac979c3
SHA256 f22de7de5afff18f50479a4e615a7026de9161e826836e4105564117c0734670
SHA512 1a4e7853250ebe7e9b457ebe985d7320e05fb5d09ac8a55ea2913e4f644377b52c895f46493a941a625a8bc8b02cbe0fcd91fd64eeb9832ab2c47d4ea1596b47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fba74ac025cec73c57fc46da08dc6b1a
SHA1 f8f698d5eae751cd736da56aaaf90ff9da3e4d89
SHA256 77359d7d565c71f23d08fde41a0d92957a81552847a593be9d53284ade18b6b2
SHA512 63935588d641cbff228d3d488ae499121291b6508fcd90c114a9e545513f9cd47edfab87c2c4fe1858ef1d0d3d49c4fa3ee306eb7bd6b4d05389d53bf5853f71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c38fb9d78dc42f87c9242a5abb503008
SHA1 474bf4a16479ad182d821963dc66659c449307b4
SHA256 ad5ad749f0e1c9db969cbfdbe4902eb5adadb94a7fc49b75347a195ca8296b65
SHA512 d837d3c43ddf414b54db49ff8d1ce92d651528903ac953ae06599aeb07c8879300355ed4beb365134e3d882ca929dce0752ef9c161e7709c336ed264bbdf00c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 485e0053f020cd36dcfb05a5919eb42d
SHA1 9293aad91bbb6cc79f9597d8b2e4363700a515c0
SHA256 42e7e88dc971acb687c80ac91cf12cfba506c4a0ba5a92e6848a79dd3c7498bb
SHA512 f48658cc275ae1b81c172e951ec0d42987bacbd89f1b28d3c2772dd8ca2482e562bec3ab49dfd815dd30bdbc0aa52aec1fd8582cc03b78f85f0403662f62e162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ceeee1bd7829827c7fd17177650e68a3
SHA1 34eb18e0c3f50a1cfb020b9422bd7e93642b30c4
SHA256 aa80b23d30cce3bbf785824d8def9f9698644a516a2c3a5a100312f6fe0d444e
SHA512 5e2e80f67928cc4bd3777d9d7ee30351baed8cf384c845727c2205f2ff14184fabe9af863c472b126b239ff2578cf3f70bf307c0d913ad6db785084899e8372b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0992910bb9515f03233984a345ffc7df
SHA1 c4d5c577a72cc9abb36326003b8a24eab7d8daeb
SHA256 5cd06aee6e549054c3ec833a77d19b27db67adcc59bad5fa441677366de89b59
SHA512 7b2c3a37df958b7b72ba122f82bfda13049d342fa8c92cdc746efb0d17e5a1a6121134a1a9c73673609d91ae9bc1efa13904030e61721160143db9fdf3b9df9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2ee5dc455731ddbc3420695e235c61c7
SHA1 948de71c8ee641194097b8ce47e68dbc7be210b7
SHA256 5e93a97511ffed9e7a433a6982cb530bfb38ead7529cf59a363f492e54b46c7a
SHA512 484d44969bcf4c06519f3998396d2c37b8af4a42afc037901419d400d4a7f84e30606dd437468fca2133e5ee49215f8ac428e78d0210e6eb9825f2007de9190c

C:\Users\Admin\AppData\Local\Mailbird\Store\Store.db

MD5 47a8b6b50c6075c7945f0885ecb0ee85
SHA1 4e4fed01c93ccdcba72daeb1cab642031493bcdc
SHA256 b53620e03e651be7505ec04db1344ff5796e15823a5a713dcf4fe9fdf52195ab
SHA512 efd65bf6b978bb7852a91993b2befaadd7a85ec6a05dc6f1d42d2d3f955fa59501f7c0269c731c16ae0733858a67ca9b5e65b6519bf6493290b77bfe65033cf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1037d3f58dd3e1dbed44b871b2d361a
SHA1 49ae5635a080effea0b081309ab46ba99a5b9d56
SHA256 103cf08365ade3dc51503f5733d62025140c68bee9e8d2bb5a1f238b5dad354b
SHA512 b5106d9be12d0d1795dc964ce66df48cc2ec5323dff166af57eb51e4a00299949bd5cd78a8d756afd81d439211b076b61752e0f6af870dbd0d11bf44c8144606

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c06023997f3d979a187338e9c5d6759
SHA1 9ae967c3c66c6f24c560431987ec5b4ed14e5a1a
SHA256 e9189aba5f9f060afdb79447786b1f8e41400f21dc647eadbceb1bf79a1c5aa6
SHA512 b6949c5356fc149478cf71a56243445f143c43610256b280fcba56f4efc66458745682983df0b22b7812625ffbf29b884917ff4eb12dd41d0432e75f3e9049e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a545506ee6789edb1d6a5fc34aeb7860
SHA1 590c49d449a38aff8805e559351c286d70176623
SHA256 144c1aea6f6335ccd599fcc2f9aa27819023f3bed3626d60ed8d2e6014587a4f
SHA512 d6bdb661f1ff5a7702e6faa2af1eb2e8a0231a25f6dd5eaa595c85633aca5151bde12147c45c91a660f044fc253ba1b804cd5fd8577bf94782361b66c44ab573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 104ca5ebab0a295f9c38aaaaad0cbd81
SHA1 3551e575964e30f3130ac5f0cc444b7e0feb45ee
SHA256 4498885efd211e06b591776051579fdb1e9d9d8a0c86c6ab8cdd5c711afe4768
SHA512 c0224508fc84105006f193d4b637cfc8c69fd69f44ab791ba90ecc3ca96e50bf1dba13a2498b4b00dc6d08e1d71189f58c69da7fc121c344c16f306f0f2eae4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e6d1e24f4cdbcec3fb0daa0cec47575
SHA1 d89072a7a0acb34086bfbddf05205e5dd4b5b82d
SHA256 4077e17481515765de6280566088a73969640ccb8fc6a564c1bcba404f855c42
SHA512 9b77f8aca02db02a4cd44b4c735a09dfbeaeea04c1575eb92072bb35179823f6a07f1daf412537bdc57a587b937e012b437c9f1491fdbab1ea48a53c1e08112f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22693d5aa927bfb78cee7218340fe587
SHA1 fc9e8aca969fe579dc0d21eda11156b6fcc4e567
SHA256 8dd326fe3a603cc534720eb6516a740120ea035e26e716946ecbf924bd54b95d
SHA512 3e4fb250349293e5e04a5d0e50257f25f14ddb7dbfcabb2dd4ff247ccce8599a2831119113d2d8961bc60373ece16a97b0ae08942181d04967864b9a5f467d26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3cd0768cb6aa6999dd59366ae3cd0194
SHA1 57704ec746e98ec37a1ec2e4b19802545d18be50
SHA256 0afb1d82040988f09743e3c5d6595a23cbf708f9fde0b8a054be135212dface4
SHA512 9faf3f9ea62bea798b81b5ea1696a41cc5cb94a1c9c3ef79a5ad705ca513461e8d3786e4e312debdec25cdf52138711698781e1dba138a2ab04eb2a8893d6138

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5006afb972e536cd90d4e889e0f548e7
SHA1 52c5761925b063a95c5ece418a60a85743fb8df7
SHA256 6c7343cbb916ea6a915be2595f0e07a4208fec5694ad5506bef7c0d383cc5d4f
SHA512 15758b08d75d31733ace21f84a154a51f4c02a73d3381a6b3cd4aa2d910d79ca8ee1c4138ff60dcf7d2948873f8db8105fc1bd911a68b299332a2349aad422d3