Analysis Overview
SHA256
7d35208b00c592d483ac98bed41448ef816aac6e20df697b7fb84cc224a086c6
Threat Level: Likely malicious
The file file01.js was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Adds Run key to start application
Looks up external IP address via web service
Enumerates connected drives
Drops file in System32 directory
Resource Forking
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Enumerates kernel/hardware configuration
Reads runtime system information
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Modifies registry class
Opens file in notepad (likely ransom note)
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 18:45
Signatures
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
android-33-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:59
Platform
debian12-armhf-20240221-en
Max time network
806s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-0 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-0 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-0 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-0 | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:59
Platform
win10v2004-20240508-en
Max time kernel
667s
Max time network
676s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\file01.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
debian12-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 19:00
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
821s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/usr/bin/node
[node /tmp/file01.js]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.20:443 | tcp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.17:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.17:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | extensions.gnome.org | udp |
| US | 1.1.1.1:53 | extensions.gnome.org | udp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 151.101.1.91:443 | ocp-ingress.fastly.gnome.org | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 19:00
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
0s
Max time network
823s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/system.slice/agent.service/memory.soft_limit_in_bytes | /usr/bin/node | N/A |
| File opened for reading | /sys/fs/cgroup/memory/system.slice/agent.service/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/cgroup | /usr/bin/node | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/node | N/A |
Processes
/usr/bin/node
[node /tmp/file01.js]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 19:00
Platform
ubuntu2204-amd64-20240611-en
Max time network
384s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.83:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.163:80 | se.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | _http._tcp.laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| SE | 194.71.11.166:80 | laotzu.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| SE | 194.71.11.138:80 | saimei.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.gemmei.ftp.acc.umu.se | udp |
| US | 1.1.1.1:53 | _http._tcp.gemmei.ftp.acc.umu.se | udp |
| US | 1.1.1.1:53 | gemmei.ftp.acc.umu.se | udp |
| US | 1.1.1.1:53 | gemmei.ftp.acc.umu.se | udp |
| SE | 194.71.11.137:80 | gemmei.ftp.acc.umu.se | tcp |
| SE | 194.71.11.137:80 | gemmei.ftp.acc.umu.se | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:50
Platform
win7-20240221-en
Max time kernel
184s
Max time network
118s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\edit\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\open | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.bash\ = "bash_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\open\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.bash | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\edit | C:\Windows\system32\rundll32.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\file01.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c19758,0x7fef6c19768,0x7fef6c19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1428 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3020 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3196 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2408 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2416 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4076 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\fun.bash
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bash
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bash
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | papermc.io | udp |
| US | 172.67.72.198:443 | papermc.io | tcp |
| US | 172.67.72.198:443 | papermc.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 172.67.72.198:443 | papermc.io | udp |
| US | 172.67.72.198:443 | papermc.io | udp |
| US | 8.8.8.8:53 | bstats.org | udp |
| US | 104.21.35.128:443 | bstats.org | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
Files
\??\pipe\crashpad_1748_LTQLHHSXHQLSWQKV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 921df38cecd4019512bbc90523bd5df5 |
| SHA1 | 5bf380ffb3a385b734b70486afcfc493462eceec |
| SHA256 | 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f |
| SHA512 | 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | f9aaad4ba56686b732f585534a79ba29 |
| SHA1 | d8f7c5244b305dab6e9a157a032e6c09cb599db8 |
| SHA256 | ad233529f61ef20e088a5f0068bea402097d028e06849c14468506aaa292d824 |
| SHA512 | 04101d276be1561515b76167f32df22f14976ec36ee485687f709e18f52aacde2c5508b1fb068b1e744b10b6192954942cfe0992df62ae1c4ba01da1d928eb3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | b609af4f8ac31c8ca07d489d909a6902 |
| SHA1 | 32450b199004e269a69fb211dff176cdd5170976 |
| SHA256 | f5ac7e1c949dee2187d2d94e8034da9727eefefbd3ad9839c70356c1f05fabf2 |
| SHA512 | 0717c49d0051e1a69f175fa95bfd7deb4b8071e11e9b8bef3199f7dbd2b126421c7975cbf54a7f0bacd10bf626a640991d03bcd166f9fa2ffd1b860007b53c38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57194779ca7b21a1da5202b8ac68e006 |
| SHA1 | 11d4dd69fa1650373c54984d758b74c1ae7d0947 |
| SHA256 | 5581815a95d1a7992ffeb56e82fb4926497d2e0a98aeef3de66d0b19f74ec384 |
| SHA512 | bd2779b12547deafc8356413347b49a8b71f748464cb040413bf29eb42676d94ea0172c59dbb8b2a42d0d4451f046fb40c98bdc632d4ae95d400287f5203e460 |
C:\Users\Admin\AppData\Local\Temp\Cab8FE3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9112.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 660ce4a16acfd9300d7d90586907b91d |
| SHA1 | dc2213e37a480a8c328390ae7bf9c4e988f30693 |
| SHA256 | c22d29c44f1031f196777e7c57b5e08168507da9d140fc19268e2d10e2926e36 |
| SHA512 | 97318da2923df2aae809ca77e88ce65917b3a596602666df5a34fe77f5e3b4913b17a020b613c576f1f7fa02166e7e21f21d411aed5ca9b43217f7bede95378c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9855d678dd1fb5c7ff3b38bf84e99b5c |
| SHA1 | 1cb53c7b0edce095380e9eadd20af245560855df |
| SHA256 | dfd09e94f97377df51751eb927cb42a145df1e52cbd0fcbbd0f23056d4523c20 |
| SHA512 | 79341d7e4c26f32fa09321ab8885ae255885f9f66d6784eaa24441040770528ffef0e2e30f70d03e4509ab85a7b112ae4cae4203a91dc078964713ac318f092a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 10ae043f674a7b29549fe2db9d79acf9 |
| SHA1 | a746bd5c28c958bad1668f82e9eba544920397fd |
| SHA256 | d4de60b0c228062f5013732ac47b31217edca12d7c51c9fd5b24fd4d6ed5e5df |
| SHA512 | 31be2e4834f372f8fcaf2a7fa91a25a11c5ccd7dff3cc9d64c24f0c3c9e784b02e723c38e466cad6f0a490983fa224ad319c3c212f77206dd934e6385048f02d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6d8d3b6388f7afb3a5f1dc584a138f88 |
| SHA1 | 51c2f62b1e45f3904ba984c234be15d0172c93c2 |
| SHA256 | caf5ea6ce22fe095809890b0231bcf4b3e0b86783525038c55fdbe1646ebcd9c |
| SHA512 | 4c1310958676cfc973469b8215ea3df9303bae33a549d8225f7741ea0eac24d8b65c88ebb635fc0077185bfeadd88ef5e4c2093c6bc04244b8aa86d2cd7185bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\11d73317-28fa-45f0-a12b-a8639b5f6583.tmp
| MD5 | 5e40f06fecc929ba7f0fd9e002b9b99b |
| SHA1 | cd83374eaaac0ba012f86447de30719ad0f95567 |
| SHA256 | 588dcf5f9a46edb3d2e5976b79e053b0f56295b30dc9a206996ea4d6a1d5f2f1 |
| SHA512 | 43220600b4e448d1e0a25f341fc1b79d5332cf096a3da471c3a0b1e5a582e6a5db2149567e120e345a44606bf65fcb8edffeda4676b8a9d106359369f58ec56b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb6e767aa07aa394168c3ec65c9d3cb5 |
| SHA1 | 2538b1daf5ee99422d36c2497e5fa83ba0c05ff5 |
| SHA256 | 871a0b3c60b7a69fd5a90e8309d4baeebb410ab6b0ca69d84ea4a7d636f86989 |
| SHA512 | f042012a675bf8b4539b76598e3ffdf8fb5a524754e7a420059ea61719bbfdd3debe82ba839cd4e389719bc64c27da26a980ff1b7e8e3a1ed7130b4790d8f69c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea9b914f49635576fb96ee033057a508 |
| SHA1 | f401f51581c13b3e4d8be732dcd237055bec91e7 |
| SHA256 | 07dc8b7ae5e700e2e36299cba5a6eeffa1c53807701a30d7551d744e1a0d66a3 |
| SHA512 | e755d0dd029d43b71bed599232d3244387d908f1c79ee3106ebbe4138b6626e9377f1c2b404f0306db377780c9317dfda393bc87e7994dd74dea3357079132c1 |
memory/2432-493-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2432-492-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2432-494-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2432-495-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\Desktop\fun.bash
| MD5 | 96db3a4107eb507ebb9ce86f1b172e2a |
| SHA1 | c1891a0edaa4de3c5d510afc9dfcf11561db3a5e |
| SHA256 | b0a6c77ad0b003d97234240bf05fb9cbd6fb393fdab5f185c68a2e9d6db72c4a |
| SHA512 | be903f0e4eeca27ac6906297a38de3a3316f738a23e27ea585a793bf24f4b6d9b4af32a5074338c07ef2231410843a3f779daee87e529548608f279917dc3335 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:59
Platform
win10-20240611-en
Max time kernel
315s
Max time network
621s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\file01.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 19:34
Platform
macos-20240611-en
Max time kernel
1559s
Max time network
1548s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/file01.js"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/file01.js"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/file01.js]
/bin/zsh
[/bin/zsh -c /Users/run/file01.js]
/Users/run/file01.js
[/Users/run/file01.js]
/bin/sh
[sh /Users/run/file01.js]
/bin/bash
[sh /Users/run/file01.js]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.213:443 | tcp | |
| GB | 17.250.81.65:443 | tcp | |
| US | 8.8.8.8:53 | onedscolprdcus22.centralus.cloudapp.azure.com | udp |
| US | 52.182.143.215:443 | onedscolprdcus22.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.59.171.27:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.77.118.129:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| GB | 17.57.146.9:5223 | tcp | |
| US | 8.8.8.8:53 | 24-courier.push.apple.com | udp |
| GB | 17.57.146.150:5223 | 24-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a6ef4856e99c9d8e1d9bb762c5a8503a |
| SHA1 | 25d5405ad91791b716ae5a56b37aa2b393854967 |
| SHA256 | 232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa |
| SHA512 | 582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 0a500c9b15cf7c97673e05dafe644263 |
| SHA1 | 345f019a0eb9726c785081f185f404285b8b8175 |
| SHA256 | 1ffc756b41ba6718c330c46545cdbb8827f13b4dd6e069097f4d4853000babaf |
| SHA512 | b418220705e5df7683dedb19696cc71c8fdfd9e492cd4b6f11688f08b3c0627bc1358116b4c7bff373046fdbac73a94471b3dae3e1d022d8637f844845359c2c |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 2f01f7a00c85e424f82b00b2bf794a7c |
| SHA1 | c75cb52aa31012888dd7c65373d5faba6048c425 |
| SHA256 | 23d6746cb1c1906c9cfb5c69f7377f7cb68965ac0708ed1d600bfd3d3c34ce32 |
| SHA512 | 75131e0145182653cef2edbb968853c9cb3c26c37c5821f3cd69c3ecdde7979ae37e74ecea8ad333090a473177c6dad43bc34f94a8fd104cd4c9b16c8f7b54f8 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:59
Platform
win11-20240611-en
Max time kernel
794s
Max time network
798s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{FB0D94B3-7ECE-4A73-8C93-FE78ED994AF6}\.cr\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} = "\"C:\\ProgramData\\Package Cache\\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\\vcredist_x64.exe\" /burn.runonce" | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} = "\"C:\\ProgramData\\Package Cache\\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.com | N/A | N/A |
| N/A | whatismyip.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Feather Launcher\locales\en-GB.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\fa.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ml.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\libGLESv2.dll | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\bg.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ta.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\th.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\af.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\en-US.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\kn.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ko.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File opened for modification | C:\Program Files\Feather Launcher\resources | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\Uninstall Feather Launcher.exe | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\fil.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\it.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\hr.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\sw.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ca.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\fi.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\pt-BR.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\sr.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\he.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\nb.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\sl.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\resources\app.asar | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File opened for modification | C:\Program Files\Feather Launcher\resources\app.asar.unpacked | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File opened for modification | C:\Program Files\Feather Launcher\resources\app.asar.unpacked\native | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\de.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\mr.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\es-419.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\id.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ro.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\te.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\v8_context_snapshot.bin | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\vk_swiftshader_icd.json | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ms.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\LICENSES.chromium.html | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\cs.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\et.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\tr.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\ffmpeg.dll | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\vk_swiftshader.dll | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\gu.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\hi.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\nl.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\pl.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ru.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\d3dcompiler_47.dll | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\icudtl.dat | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\zh-CN.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\resources\elevate.exe | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\el.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ja.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\lt.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\sv.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\ur.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\zh-TW.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\resources\app-update.yml | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\chrome_100_percent.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\Feather Launcher.exe | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\resources.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File opened for modification | C:\Program Files\Feather Launcher\locales | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\bn.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\da.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AE043016-3897-41D4-870B-1DAEE62CF152} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF353F13E75C402D3A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF590CF4D64038EB33.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1D9D5A4E087FEAEB.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e600576.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF288715198318D7DE.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB31.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF94A2D1964AC32E60.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFE1FA974975E1C174.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI842.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{12A2980B-E47B-491B-92F5-0BC703841ED4} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF97D603850D3F1545.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6F9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e600575.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC4C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e60058b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFEBCF9FDE833C8AE8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e600563.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e600563.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e600576.msi | C:\Windows\system32\msiexec.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000753d210c0538cc610000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000753d210c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900753d210c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d753d210c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000753d210c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632107534820996" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.30.30708" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-423582142-4191893794-1888535462-1000\{6D0590AF-6632-4CA8-8B6B-48AE01271764} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14 | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{12A2980B-E47B-491B-92F5-0BC703841ED4}v14.30.30708\\packages\\vcRuntimeAdditional_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\feathermc\ = "URL:feathermc" | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{12A2980B-E47B-491B-92F5-0BC703841ED4}v14.30.30708\\packages\\vcRuntimeAdditional_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\PackageName = "vc_runtimeMinimum_x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.30.30708" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\DisplayName = "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649" | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\feathermc\shell\open\command\ = "\"C:\\Program Files\\Feather Launcher\\Feather Launcher.exe\" \"%1\"" | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\B0892A21B74EB194295FB07C3048E14D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\feathermc\shell | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30708" | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12 | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\feathermc | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0892A21B74EB194295FB07C3048E14D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\ = "{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}" | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\PackageCode = "F96055D82F2822E4CA2882E9779EF982" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{AE043016-3897-41D4-870B-1DAEE62CF152}v14.30.30708\\packages\\vcRuntimeMinimum_amd64\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Version = "14.30.30708.0" | C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\610340EA79834D1478B0D1EA6EC21F25\VC_Runtime_Minimum | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\PackageCode = "EC0A963907F595049ADA5482152F864A" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{AE043016-3897-41D4-870B-1DAEE62CF152}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12\Dependents\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12 | C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\610340EA79834D1478B0D1EA6EC21F25\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 308495.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\feather-launcher-updater\installer.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\feather-launcher-updater\installer.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\42.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\file01.js
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.0.1431420651\2068120461" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {096d3ac5-ed4a-434c-8ad9-672910ff867e} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 1764 1867a323a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.1.154924569\1014276393" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3acdb2b-09e0-40bf-97bb-874e1f5d9620} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 2404 1866d689658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.2.1868953846\178419592" -childID 1 -isForBrowser -prefsHandle 2588 -prefMapHandle 2772 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {658f3771-959f-4129-a564-0d557071dd6a} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 2976 1867d215558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.3.1175796407\464443186" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8f57536-cfd0-490a-a383-0ca38123acdf} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 3572 1867fbebb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.4.848490323\377978543" -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25469574-2d2d-467c-8347-181f3a3b4b56} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 5188 186818ea558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.5.522914008\1327535703" -childID 4 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be2dc19a-0039-42cf-b289-c38051de67fc} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 5320 18682a5d458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.6.1700545798\2101714791" -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5528 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66a561b7-f091-477d-8b93-e3cd07f6884c} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 5524 18682a5f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3132.7.169551732\1912304586" -childID 6 -isForBrowser -prefsHandle 5848 -prefMapHandle 5868 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e00f83-7e14-4a88-9c7f-18ea6400f8b3} 3132 "\\.\pipe\gecko-crash-server-pipe.3132" 5860 18682667b58 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff297e3cb8,0x7fff297e3cc8,0x7fff297e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4660 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 /prefetch:8
C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe
"C:\Users\Admin\Downloads\Feather Launcher Setup 1.6.1.exe"
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe" /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{837870FB-BEF4-4940-BF5C-6EFBFCE5EE30} {C46622B3-C214-4E9B-A187-CC1D891C6A14} 1608
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\VC_redist.x64.exe" /quiet /norestart
C:\Windows\Temp\{FB0D94B3-7ECE-4A73-8C93-FE78ED994AF6}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{FB0D94B3-7ECE-4A73-8C93-FE78ED994AF6}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\VC_redist.x64.exe" -burn.filehandle.attached=632 -burn.filehandle.self=640 /quiet /norestart
C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{407AB248-6D75-4621-AB0B-045152A2EAC6} {0C81AFC0-AFEC-455A-A921-01F8A647A1BD} 3076
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=952 -burn.embedded BurnPipe.{A1844AC2-02A8-4830-99CE-2AE169CB1291} {6A0FE22D-CFDB-43AE-9AC5-8F93BDF3B92D} 2208
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=604 -burn.filehandle.self=620 -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=952 -burn.embedded BurnPipe.{A1844AC2-02A8-4830-99CE-2AE169CB1291} {6A0FE22D-CFDB-43AE-9AC5-8F93BDF3B92D} 2208
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{58FB01EA-BF4C-46E7-94E4-8938CE0041F1} {3793CBC5-E8BA-4157-A295-A9D7B270200D} 2540
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1688,i,463037334992111425,17606824007911157659,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=2012 --field-trial-handle=1688,i,463037334992111425,17606824007911157659,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1688,i,463037334992111425,17606824007911157659,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-mod-watcher-fork.js"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-skin-watcher-fork.js"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --enable-sandbox --disable-blink-features=GetDisplayMedia --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3388 --field-trial-handle=1688,i,463037334992111425,17606824007911157659,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,17445106611589885661,10853087969552128012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2909ab58,0x7fff2909ab68,0x7fff2909ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4532 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1852,i,16421993689947539631,12641522333052852451,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.22:443 | tcp | |
| N/A | 127.0.0.1:49734 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:49740 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | reviewed.app | udp |
| US | 172.66.40.124:443 | reviewed.app | tcp |
| US | 172.66.40.124:443 | reviewed.app | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 124.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 104.27.207.92:443 | www.whatismyip.com | tcp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 104.27.207.92:443 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | api.whatismyip.com | udp |
| US | 8.8.8.8:53 | global.proper.io | udp |
| US | 34.117.39.86:443 | api.whatismyip.com | tcp |
| US | 18.245.175.113:443 | global.proper.io | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 8.8.8.8:53 | cf.whatismyip.com | udp |
| FR | 52.222.201.10:443 | live.primis.tech | tcp |
| US | 104.27.206.92:443 | cf.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 113.175.245.18.in-addr.arpa | udp |
| FR | 52.222.201.51:80 | live.primis.tech | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 18.245.175.113:443 | global.proper.io | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 10.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.206.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.166.233.64.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | abcheck.proper.io | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 18.244.28.23:443 | abcheck.proper.io | tcp |
| FR | 18.244.28.23:443 | abcheck.proper.io | tcp |
| US | 8.8.8.8:53 | static.vidazoo.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 23.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 104.18.33.178:443 | static.vidazoo.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | video.primis.tech | udp |
| FR | 18.164.52.38:443 | video.primis.tech | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 34.117.39.86:443 | api.whatismyip.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| FR | 18.244.28.120:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 178.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | rtb.primis.tech | udp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 191.101.209.39:80 | tcp | |
| GB | 191.101.209.39:80 | tcp | |
| GB | 191.101.209.39:80 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | feathermc.com | udp |
| US | 104.26.11.70:443 | feathermc.com | tcp |
| US | 104.26.11.70:443 | feathermc.com | tcp |
| US | 104.26.11.70:443 | feathermc.com | tcp |
| US | 8.8.8.8:53 | fonts.bunny.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | images.feathercdn.net | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.67.133.54:443 | images.feathercdn.net | tcp |
| US | 172.67.133.54:443 | images.feathercdn.net | tcp |
| US | 172.67.133.54:443 | images.feathercdn.net | tcp |
| US | 172.67.133.54:443 | images.feathercdn.net | tcp |
| US | 172.67.133.54:443 | images.feathercdn.net | tcp |
| US | 8.8.8.8:53 | 70.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.133.67.172.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 104.26.11.70:443 | feathermc.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.26.10.70:443 | feathermc.com | tcp |
| US | 8.8.8.8:53 | 70.10.26.104.in-addr.arpa | udp |
| US | 104.26.10.70:443 | feathermc.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 104.21.5.84:443 | launcher.feathercdn.net | tcp |
| US | 8.8.8.8:53 | 84.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sharpness.gg | udp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| AQ | 31.25.11.56:25565 | play.pvplegacy.net | tcp |
| US | 8.8.8.8:53 | proxy.minestar.pl | udp |
| US | 23.230.3.79:25565 | sharpness.gg | tcp |
| US | 8.8.8.8:53 | play.jackpotmc.com | udp |
| US | 8.8.8.8:53 | leonemc.net | udp |
| US | 8.8.8.8:53 | na.stray.gg | udp |
| US | 23.139.82.131:25565 | play.jackpotmc.com | tcp |
| PL | 51.83.225.30:25110 | proxy.minestar.pl | tcp |
| US | 8.8.8.8:53 | mc.roleplayhub.net | udp |
| AQ | 31.25.11.117:25565 | na.stray.gg | tcp |
| US | 8.8.8.8:53 | fc.twerion.net | udp |
| US | 45.59.171.244:25565 | leonemc.net | tcp |
| US | 45.59.171.198:25565 | mc.roleplayhub.net | tcp |
| US | 8.8.8.8:53 | feather.zedarmc.com | udp |
| US | 8.8.8.8:53 | firevanilla.net | udp |
| DE | 89.33.12.24:25565 | fc.twerion.net | tcp |
| US | 8.8.8.8:53 | feather.blossomcraft.org | udp |
| BE | 163.5.76.7:25565 | firevanilla.net | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 8.8.8.8:53 | eu1.monkeyhost.co | udp |
| DE | 51.77.68.8:27021 | eu1.monkeyhost.co | tcp |
| US | 172.65.189.179:25565 | scufflemc.minehut.gg | tcp |
| US | 104.247.112.161:25565 | feather.blossomcraft.org | tcp |
| US | 8.8.8.8:53 | 79.3.230.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.82.139.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.11.25.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.171.59.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.3.143.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.171.59.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.225.83.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.12.33.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.76.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.112.247.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.189.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 152.199.21.175:443 | tcp | |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 152.199.21.175:443 | tcp | |
| US | 152.199.21.175:443 | tcp | |
| US | 152.199.21.175:443 | tcp | |
| US | 13.89.178.27:443 | tcp | |
| US | 13.89.178.27:443 | tcp | |
| US | 13.89.178.27:443 | tcp | |
| US | 13.89.178.27:443 | tcp | |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 8.8.8.8:53 | na.stray.gg | udp |
| US | 23.230.3.79:25565 | sharpness.gg | tcp |
| PL | 51.83.225.30:25110 | proxy.minestar.pl | tcp |
| US | 23.139.82.131:25565 | play.jackpotmc.com | tcp |
| US | 45.59.171.244:25565 | leonemc.net | tcp |
| US | 8.8.8.8:53 | firevanilla.net | udp |
| AQ | 31.25.11.24:25565 | play.pvplegacy.net | tcp |
| US | 45.59.171.198:25565 | mc.roleplayhub.net | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| DE | 89.33.12.24:25565 | fc.twerion.net | tcp |
| BE | 163.5.76.5:25565 | firevanilla.net | tcp |
| US | 104.247.112.161:25565 | feather.blossomcraft.org | tcp |
| DE | 51.77.68.8:27021 | eu1.monkeyhost.co | tcp |
| AQ | 31.25.11.113:25565 | na.stray.gg | tcp |
| US | 172.65.189.179:25565 | scufflemc.minehut.gg | tcp |
| US | 8.8.8.8:53 | 113.11.25.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.76.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.11.25.31.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudmc.dev | udp |
| US | 199.36.158.100:443 | cloudmc.dev | tcp |
| US | 199.36.158.100:443 | cloudmc.dev | tcp |
| US | 199.36.158.100:443 | cloudmc.dev | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| FR | 92.122.166.120:443 | aefd.nelreports.net | tcp |
| FR | 92.122.166.120:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 120.166.122.92.in-addr.arpa | udp |
| FR | 92.122.166.120:443 | aefd.nelreports.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| FR | 92.122.166.115:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 115.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | fb0f9edc6b02195daf70622457acdb29 |
| SHA1 | 414bdd4e58cbc40071aa6aba4cd4e98e340f4419 |
| SHA256 | 5bb4851a9da20e1104b8742ce4725bea5a667cff4bf88fb45a92e6f7785b6710 |
| SHA512 | d900d66775843ceb9a0c51eab349c8e53e645b79b0a10012b7f3d666493f41cd6481bbe8cb1f45cfdfb5aa140179028ed016b6804d5a9995d3e6d1d683ebaded |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | ef00a32060152f9a9dcc946cff6b5fb4 |
| SHA1 | 047a809b3afc9c8893ef8014ca9b562c9def5625 |
| SHA256 | d9016a08b54a0f7940446f10394c60023e14b436eeb9f25d433fcdfb7bdb8a6a |
| SHA512 | c7783fd8155ab9320ac28a004e6857d207802052efdb0cb827d8712418b186d64749ba1f7d077522b9531d2479a93448ebbaa2f25d6d482a869bff33646cb500 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs-1.js
| MD5 | 781c51d1b6ff1caa184a02f240a8f4ed |
| SHA1 | 88fffe5e9c24a9e44363df13fe3247eb12bcd8cc |
| SHA256 | b8193bdcc3a111790d6a9c8a3230b818566e39d0d62e6498b2eb8c91dfb431cb |
| SHA512 | 5398c7fe0afc33c4cb25aaa388c937e15b61324201b98899bd372305cd19a6e47c211ed044489a73523f9604b2abab5327ab074103fa5da454af1e70a728696e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0428e1621fbf6361a905c7cfb5608ff3 |
| SHA1 | 3539ff82a2b920514fe1f0de78aba96a5a583911 |
| SHA256 | 87a0a119b3e06d396a88a85920be612ac91cad8c8245fad4bc5b2303c7af93c5 |
| SHA512 | 755930ea3fd5cf2ec79e596baaf3aa6e2a78392ad4f8a662f4c66d092517d09954997fc02448c34d9766c410e976ad4986fc56c17fb8354e8105b2cf93f023f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 79c34fc7da84a7de304874eb0791471a |
| SHA1 | b6aaefbff5bd762f314370ff639bd974d2daa069 |
| SHA256 | 3cd22f8466ce5bf3cbfb5aa082d492b9d2b02561b9fa6fa288c78ff6c02df885 |
| SHA512 | 59a0382ceaf75acd60ac202f9daeb253cbaf277d52f0ca542367d23e9d9c5ab09dad797b60cf44c9f2a08b808d28e693f26a61cfeb91342208472547e5609425 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs-1.js
| MD5 | 01fac6657716ce322038a0f4789febc4 |
| SHA1 | 97d473dacb05a8fc17c609ed0d79841d8e77fce9 |
| SHA256 | e15b3673070befeaa6d1a5ceefe1530da0a62c9ea9061fba626fa634036e09ed |
| SHA512 | 43bf62c87dbe87efc7d52a209e34ec280055e864bd9c6149b50130559faca0bedf89bd913bdb21804b480e0020d8d850ae9126bfaae11fa42d67b24c4de671d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore.jsonlz4
| MD5 | 7aa8f90713ede53ec018dda52eddad5b |
| SHA1 | 0097d0ccf3fb48848369d6457325c0aefb79eee9 |
| SHA256 | c23fa9324b6d0b0cecc14d2f0f0e3995325a8f18cecd00eb29f9e3ee068fcb3a |
| SHA512 | 8b0d6e05220332df70656a95265df8fe46436afd305ce72e3b7fab808553da4c855a9f62d7bb4b21a86c97fdff0f9921e105d3d55f828615aada733ff0d26a17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 68de3df9998ac29e64228cf1c32c9649 |
| SHA1 | be17a7ab177bef0f03c9d7bd2f25277d86e8fcee |
| SHA256 | 96825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43 |
| SHA512 | 1658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf |
\??\pipe\LOCAL\crashpad_2592_IZAUYOXLZHTOUTEK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f738fcca0370135adb459fac0d129b9 |
| SHA1 | 5af8b563ee883e0b27c1c312dc42245135f7d116 |
| SHA256 | 1d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63 |
| SHA512 | 8749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f71d5b6bcd78f39531de1e0f8ec1a5b |
| SHA1 | 06882f594861b777729d062de6812cd873f27fae |
| SHA256 | 7c3a5f38b3939e5267ffca516d1096b6d3e3fb4c5edb8b176ac241d84ab6d715 |
| SHA512 | 1c7d518163e410bb2721534c9c07061577fc64bd014a97ea950d09f7cd2a2156c340ea6e3eca3dbed30432afd9217ebf545312edb82c75c71d369781686eb2aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20fed5f75f4461a7fb89d55a26fb0fbf |
| SHA1 | 654c1022ff663383d4acdfdd7f06d57f859d4a84 |
| SHA256 | 11851434e202dfa42afebda18ec6870a2e95fb30f7b2604184f01a4d34389681 |
| SHA512 | 6013106568454a8bb71d489693446492a356d57751d7992a251102c85d1f73b272169eed7efaa3d1741969926e0a2ac10f491d8d44a6da95f2f29058ce54ef8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b1b3ee70402cfa45114523cb2c54b6b |
| SHA1 | 67c16a39dd5bfbf3d32d40fac2286d5ae97b2ba5 |
| SHA256 | f34c71debd99305b8d096932ff957eeca5dca0ad1750ae321275ec99949a429a |
| SHA512 | c4edc72bd14730f73e0f27ef8161aee71844537a1d61abc1e6b6c667ab35ef95b73f6b8fbbb7b7eadcdddd8cf06bb1df0b144595cded6e73bcaa729f04659a46 |
C:\Users\Admin\Downloads\42.zip
| MD5 | 1df9a18b18332f153918030b7b516615 |
| SHA1 | 6c42c62696616b72bbfc88a4be4ead57aa7bc503 |
| SHA256 | bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa |
| SHA512 | 6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80 |
C:\Users\Admin\Downloads\42.zip:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4fde04c87f3a800c4f2572d908623304 |
| SHA1 | 30ab3d2f2a4873ac1db41a4b36eeed55720e537c |
| SHA256 | 6ce387c03243dcb3f44ed2729f26fd9f25003b4fba38baaed4ba5ae198f92ad5 |
| SHA512 | e9f2ed0523da4dd03e761cf83976621d5911211e3369e2d66dcfa6ab582090629315082457877806c683d50ee36eb1281ab7ec1d6ee0d34faf1b0490e00c06c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cc7cc.TMP
| MD5 | 95a3048e94eb2ce3d0767e16d1bc7f3d |
| SHA1 | 71a57d84718ba613bb80652b5b643964d5143e59 |
| SHA256 | b295ced873ecf0c7301a20b25787d2b693215db9084a3dcf573e677f5d0a9155 |
| SHA512 | 11ce77c90e52a178da21e73fc9f0b219e9281560f151b9524a5b0de3bc191147deedd841ff84deddb9b234da015a3f708c0b79b4937e77caef8022a5f7b96bbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea2cdd1083960fd6fea6515b4439e985 |
| SHA1 | 6679423ab419bb7d9f7a47cfe7d0337811eab122 |
| SHA256 | 321adaffbd93a49ec17747edd25e7f0b78e6c9dba8e1f09532d4eb8ebea9d55e |
| SHA512 | 515f685d7182152666b02eb203a3dac8c94a81a7dedc9c373d3481c6beb4a3e452760e7a3d263c561b38e5945cf358354ebb7530705d794b2101167402b05d14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b8bdb2fb4114cd5c965c38db2b1849b1 |
| SHA1 | d46e9612b2b84e18ff11354296e0dae7d918f8ec |
| SHA256 | a7c49b198b6c1adf6c2baee9582e0fe043285e832d0b371a598acbba0a50dea1 |
| SHA512 | 2246ae9d99b228fa5275008ae2ba75a9acde16d412443f7ae5aae07e3a1f5eb3b86dce86406210298a156009f038317b2271dcbec18b0ce54c42b5ff036ffa8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b970ad3c1cacbb65c4257206434eb8d6 |
| SHA1 | 0df3bcd26859abc8a31957b9fb5de7cc6aeb9aae |
| SHA256 | d8774116d668b683f5a8b613cd238b1b3febf8875f6b469cd15863e244c663e8 |
| SHA512 | 2aba2cb98d37f3cc69b098c1ed4c487ab5f3056099df7128c13ffeb3d1e9e8c9abfaa9810439861d6715a903ecc5764283aafa8940c40476df1fdbbc664e0e85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bfe66948d1dd46bf6a27e59d7f38239 |
| SHA1 | 450b80a53ffa6cf5dc4e9f90ece3e51a79e2f945 |
| SHA256 | 43e007a92ba6bf5565e127b290e019232ebe1f4303a0ac417dfcdc0908273464 |
| SHA512 | e99721d750ac4985f14b247e8a770040e6269d9472f31e697d4f4684cb43cbc7e488624ac257357ce3910dd057c4768e6851a263c2569bc99dd023302f4fb1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79c5bfa7-e66e-47b9-a45c-4f9c6d104b0c.tmp
| MD5 | a715ec674321fb0083430f918194621a |
| SHA1 | 2450ec08b9796fffa1c3434ef71c7b88dc3313f4 |
| SHA256 | 5f0b5d442b816857db1b7e045225a6894c82b3c5dc6ac006ff070ea56ddbf00c |
| SHA512 | ab37f8ae8c5689dc904922903d92df8d5191630e216b3ccf8ec069540e237b5328ab51776522d303a769b988ed4f513b4f59fa3863c23cc3b298ec38acb73904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 52a90b1b38c1bb6326572d2038e69e63 |
| SHA1 | 515114a45c31a3112509a8b9d1364086bfc77fda |
| SHA256 | 7a3dfd784291b07859f547b321d760e97a675b853c4eb62985df0eacd37fcfdb |
| SHA512 | acce567dfec2dee12525f7a35207f89fe77044931f94fef6323ca0e1e1f12b1d2f9db541fb4cac655b9776b881914c2723a59e679aa8e8bf640d4098975f96e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40013af964c31c2c8de5b5997bc52237 |
| SHA1 | 2c9a6ad5d4ef54383a38695f4fc40ba748a5ba51 |
| SHA256 | 3699fa8732ba97606bd13ff842976228a7296b3e0cd5c91206b90168f8f72498 |
| SHA512 | d45705e09171f8362fd97e71b8c485c6110de02e48f36466f4a06c30ccea37b97b7c7f3f9a259542072129a54a71bc915060e8511801d4553c8f6573440e580c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 9e3f75f0eac6a6d237054f7b98301754 |
| SHA1 | 80a6cb454163c3c11449e3988ad04d6ad6d2b432 |
| SHA256 | 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf |
| SHA512 | 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 3c5aac3450b3eaa0f417971ecaee7b69 |
| SHA1 | b3af55759f53c11420de104f5398f75e4610cf9d |
| SHA256 | 5a62b6653dff9c9f5b183c5010455b6c4c30750c0ad75af829d5b767d0a02562 |
| SHA512 | 7eeeae645b45250d6b32454c052abd0cbff37fbc78b92006ec74a5d82d4c908f9bb9e873e9c1b2aaeb499c5639ffdc88a5ea550c5ab1064afdd09147d365fb71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 60df9d74e78547c08a28ee2c4274e43e |
| SHA1 | fff0f4c007b0da36fc0657892881fc28aa773e38 |
| SHA256 | d6dd2fad8470f70783c17341af7358f79a5c902c182e6f2a377817cfd29f10fc |
| SHA512 | 80f4e51bf98da4dc8c60885f8c71647f3e188ad9995afc5236bf01aeb5df36ea00578a90f662e1020ab4becfca2b17d99eb79f673ebe7b162ebf4b3873440599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f51165308966fb3984bb5d9ad6b7444 |
| SHA1 | e6a1add29d2b847d7d57edc7f0a9c28b4219889a |
| SHA256 | 825ee722418fb1a5bb05e63d39175e66b7dd6b5e058a5cde98e33286efba636a |
| SHA512 | 4f5038e298b8c3ae60b3692d7fda824358b15d6a315dede3e31ea0bb81bf08ec0382a2ece3a21efd50e130badbd44182de9a5fbfa186920c9baeeb89ca12ead0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42e1f9d7ecdcfb8eb917bb1e84fc1425 |
| SHA1 | 3e428d28fd5af15a049d53869807f2935115fc48 |
| SHA256 | 958bbe3a84cea9a486b0d965aff926fc083a3d7f8b0521700525cfc16d257b25 |
| SHA512 | 7f930b503eaff02a2fc861cb235bccd1cd68759b929e3989ec9d07351496f8e75f46acecaeb1cb827e9edc018b8f881b6a5788184a6f457e0bb71fb6a486efab |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ec32944bc68c4b3d932f5072bb4e2ef9 |
| SHA1 | 77a5c12618ed5ac82697e392cbdf08077938613a |
| SHA256 | 325d0051b6425f5916af0f558de10f035d5e220c2549687d754fb40b7f92725d |
| SHA512 | f1781bf16e44e357a3e83d9c410e2670e3a37b01d48a512569185e307df6422aaaa3b470b0eaead3f81622d3f87d33877892022efeec4f533837bcdc61e7573e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1371cd6daa40cc78e03e86b681ac90b4 |
| SHA1 | f9d497d9c4101d35b5b298bc43e0fb542ffb9e41 |
| SHA256 | b12450887cfa37f108dbe32bdd087a27b83cac39fbb187cbcfe0e402d4397a69 |
| SHA512 | 434ace7c4e290cd94605c24e36142a58569228a51ec55aaf9e245ffefd07c2cd26982778b7605b58e04aca52ff1e9968c1f6bf59152182533e676df4062afc6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7308b9dce1304cd2d4ac21cb83f76819 |
| SHA1 | ac89b1f87bfb1fe8a3df1162856dd1131c36c322 |
| SHA256 | 433f867a86aeabf422e5acd943f72e9b72b44d10c8964c6e0f5c7aa34988794c |
| SHA512 | df2cb81c4a3e9e17fd7ac5efd4baaa26f1b5361ea6c123f0819906b74cb64f52be8f325b6b7e4e3d3ea39f375fccad72cca86365205e9692d559cadee91011ab |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | db974b6ff968dce08083dd281bc75baa |
| SHA1 | a0624064ec10f07b18949cd67639d6006301a2fb |
| SHA256 | 638a05a65317e0e8114f3eefad5d132f9d71b2f30a4903a6e4908c76baed9852 |
| SHA512 | c50a0e2f86022ecc7074efbe4b05f77c8e6577694cdb4b4321a6fad79bdca8cb37d89953f012b3c54b0f61e85e3a8ce6f09a430d0f6c8bdb032d3e61b34ca31e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d65abce87b56cdebf59b873bb9ecdc3 |
| SHA1 | 142f8459600d73a7eae995429fe72c5fdb479fb8 |
| SHA256 | 1e2c4e2fbdbab18bdbe7b3b65c438227d74eabfe23d3919099c5e721d794470a |
| SHA512 | fc780026995f8f11cc08d071c77336eb8f3c93149ea78e4f4ceaf6b0453030e89a81ccf973b89cddbab03d7df3035c4e8082af416c30172b7f20c194ce3e8296 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 400815b33b4170c747b481a7dfdebbb8 |
| SHA1 | fd6b62e3b73e7af52128bd9ce3b5e75362297d52 |
| SHA256 | 02bef31a10c9224b2d99bea07670af1cf15dd6ac726d4e5793c7abd1bc8aae0b |
| SHA512 | 22034394c7742153e3cd1cae04dd48c68cb72cae6a076581bb58f7defb2fbc8ca4040e3a3de48fbb121e84179144b1b85b7cdf1ad4855570b446c4bf8c624b03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 739087a300e305ac65d8b037e2032a2b |
| SHA1 | 4c7a0a682c54162df4b0235c8b3787ac2f78c18a |
| SHA256 | 3d7a6be59216bbae5976777cba7927cbcf8273c3abe8fa3a0e9c647932dfd649 |
| SHA512 | 3105a3094d4d889395f509076551a25f813f0b729a4a22549bde6b004a80bb1bbcf7dcf7afe67f3bd6a3d2b5de434f8dbad5f4693f52e9f0d7be4f723c817508 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b5aa616e6445b16c2f37bc76c12c7905 |
| SHA1 | 75be59679c5a921803afd2ba5d2a5f22a735d64b |
| SHA256 | 1605e0225aa7e385f7d35711ff5328122d75e75e7108d6019c171ca580167cbc |
| SHA512 | 147e1cfcb542992af7e97c1c6417caf3871aed4d756565e1b5732465c8a22be6a55b8426c449e4635f46f225956543d04340533ae9e6cdeb6c75180dc32079f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92f3a4788c0c697b4929e582a6abf198 |
| SHA1 | fae9841bce5ecbdf25295f40f45cb9ea7e0b3515 |
| SHA256 | ad13ac2743c877f73712b01f971ce0cf43193ff69820b74c0ad1151a1cfcc159 |
| SHA512 | e16ea062f56cfc77df8e1d4a2c58aee33bfb3d51d2229d8ad24af05d92d5423db0ca5132d97654e412f5d7ede9abf6176e4a13d2e7e1a7d4a307b664a05c15b5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e2419825e5450fcaf2c47f5915865634 |
| SHA1 | 61be1f5e166fcb69a582bcae3a3819d693390a04 |
| SHA256 | 45eee90d201493261aad0348a38234f10a35790315bb5d31daa4545b0c63dbb5 |
| SHA512 | 1d4d59a3f84d9bd25382af7ca5f1819613db42b771236ef1708b418734f3d78145eda9232afc8a79d9e6a139ce46163e06bce97cb4fa6c23a7a88108fb969bfe |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4994c74db9dc54dd6696358ea7034022 |
| SHA1 | a695b55fbd036bab7834d5770f9cfdacf5b95bbe |
| SHA256 | 48ca35006b0646c435bacaa9ecd4814309b9aa1b90aa97cd491172dd880a9557 |
| SHA512 | 0641a99d20d35ffcfe93b05e2509c89c9a90ab7204a379f66312d72409256e346c54eaf8f439774309fe8d2bdf6c5a0e93636131ddc5c3a97b31bc7621c66b60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f05a89e07fa16eea57f7f16b3e01ba05 |
| SHA1 | b93faadfdcfe54a2e42d64de2a7d7f164b1a9337 |
| SHA256 | 7a002047415c48626c532f60dd30d9eddbae3ee6ddd579de88fabd768356cd45 |
| SHA512 | 3db826563383a09b95262138eb4691cf7122c311b59953f7bd6d8c642d329b2290279e7cc14a77826cee3dbe6056d449efe237d29fc911479a72c9b92b57f5f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | d2c299586fe5d9ba67694f9721a4d1cf |
| SHA1 | 72d4d8c3f08034c3c14a4bf04b51854b38ae970d |
| SHA256 | a245918f09af8647f24313833134d3ddbfe2a282aaf34a06216b49f6faa73873 |
| SHA512 | 47315588220ec8ca7d10ac83c7e2eac41f5788b49299e8bd06549b21641e1c8333f2f1c19a17722987ebd563d2abd1a82985184b00aee283b3b75d4bc38210e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a6c304d199b10391cd3e747a62c46845 |
| SHA1 | 6182c23bc476b44357af0cd745cadc1d2729aeda |
| SHA256 | a99ef98a1ad25b871bb656cd925e57c7509e0a556f13f1ed78b46ea6207aa578 |
| SHA512 | 6c70211ecb921d26af8ff5bd950ebb68452ca907a4c01bd38a114d3109615c00f161bc59becd1e0e7ff67b3aeeb5688429f0b92c79628cacfa8c62a1a09dbce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb4ef10fb4edcf1e8c853dc27a052f6d |
| SHA1 | 9885c557a5472dfe489675566f7086fd2ae571ac |
| SHA256 | 7904996ede8a19c31c7c60c43e1c364eeb9bb4644eb8f2beeab6a4e7cdef0340 |
| SHA512 | eb69c4b2b06b4e481397bb22417e0519257c4925cb77c7e4bd0037d05d4c188c70ec32309141b43d9e31ea4dc0972ea5842556414617cc8d0ed5b7e735d7fdbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4042d8f7376884df0783bd5c3331e856 |
| SHA1 | 2e79a90e3d1e0b41ca6df33d18518cafc7763e80 |
| SHA256 | 4dfb958edf988c9d8d6341d8fc953303f66632e22e824f131ad75e9c3a186d78 |
| SHA512 | fe3ae15e62191b12c1a6558a6b6eac893dfe1d6a3db43aba3208c17d56559724fc19111e0c1f2dba500c7fd699d6785f59d2ee834f8cf3d71c7fe66a4e556495 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1c9344ebcf73dabafd9c2435b6059e0c |
| SHA1 | 851a4c78a630d7db932f6cdae630b068de4e3c4a |
| SHA256 | d7a9eb67cca3f67a0625450b51db56f9627ade52cd5bcda93761a193ac63ab32 |
| SHA512 | af954cceadf83311cd61bfadedf45bd79376bedb43bf2c775ce434d7e7a076f90b48c8d0c6292a29456f8dce38ba89f2d6d64dc9956b26cb0bb2a271297d5dc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 215ed7975148b3dbd40a7037821c7525 |
| SHA1 | 30104d3dbfd9905fe19727c9f56cd7b221725f3d |
| SHA256 | 97cb3e0279d4db5a537ab7082f38f7736fb58c87ff3cc54caffd9c842d2fd1aa |
| SHA512 | 9d79cfae0c6cc89e5fa2a9e6d7e81dd5f9e5674ac51e82a822e1fa0c73de97fdd17f86351f4a2e3f70e22738aa959f5507220c7381dc4d3baecc44734279ed64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb0caecafc43c66d1d39a90b41fe244f |
| SHA1 | a6854b93f2ccc3ce3e9f41109318f280ac167ab6 |
| SHA256 | c2916a23a0158886519cfc88c195d266e2fb869c8aed47d31153c7a3cee742ba |
| SHA512 | 5a06d7c55a6e9d59c839fa90520abfa8ee0453027d48aaa2e263ace4ae6eb385536b6637cd84606f61b88ceeedc7f2592fdd61b49d8d5034ca1e31d3ba62d69f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cfcdc1f37affe43efb7fb97e767b97cd |
| SHA1 | 6bcebabfa2ecb42c5369673c128ec5891a402259 |
| SHA256 | 83ca49ee275bd2da3f4a2c606d96f0f71ade9692492352f3bee037cf7b770a71 |
| SHA512 | 0e1db3df137d9c83a23ae9cba299b939e07a28c0f1dd7d1e3fd802687f87e525dd3d2c0554a32ccd6c74100f4b542e723cd44c6698a3b0d066156129cc09a1f0 |
C:\Users\Admin\Downloads\BlockSplit.3gp
| MD5 | 0d5d7bc6226045e1b01cf4d8ed51fda8 |
| SHA1 | 335368d35a2a66f276e743fcc2ff7f6ec9dc2315 |
| SHA256 | 38b16843a8be706c805ffd04ff7ebde56375253b2d321cbf63d9e0d89dfbc265 |
| SHA512 | a0087992b8b5d3ef17de69a86d0767e6e6bd5be9ccd02dbaf7464161c261cbeec49950f89f3880bd3e4fa92a785cb19635a3467e49fcada7c424b3ccc6684754 |
C:\Users\Admin\Downloads\RevokeJoin.pot
| MD5 | ae491fb6b9eb10446026103140af8cf6 |
| SHA1 | dbdf8c65e723f55976aa60f05dbc7405d12e3197 |
| SHA256 | 681ac1d6c4ed97b39f5e5738cba07a8f15e81a83a1242380ca7ae688c7c94b3d |
| SHA512 | 3781309b2d22437aa143bd37e04e3f19efe6fe7de20c1f60672f4d0d1cf0a089df422c3e1a539bfbd05c9e7f5de64e49c372ba42124bb3b00ebd8c548cc9b3ba |
C:\Users\Admin\Downloads\DisableLimit.php
| MD5 | d5180a4f583fa5469981a748f2e9d08b |
| SHA1 | 78aa0cedd78d06b10f0fd45b3f585f11f5be8586 |
| SHA256 | 4511f5fd7b22097abed6a7d701e240f4007b1b4a9619592a1ff6545c2f3018b1 |
| SHA512 | d52dce68de0ed126d53c3861a24887ff46137e9b02269d9171a97ec08d243c4a74c6214040a4d227c381977aa7705f9e935d8cd7e26e95e13bbc600d865be70b |
C:\Users\Admin\Downloads\CompressConvertTo.dwfx
| MD5 | b79207417b004824a1b76624409fc552 |
| SHA1 | d80d8d19c4bcf80d325a477dd2e8acc48bbd5757 |
| SHA256 | fda126c6e57a044b90ced57ec9ff1d225bf86502e0f6c8190c5ea265077ef97b |
| SHA512 | 9391c81cde59e1a9be7da6dd37c6665a4a69e378f046a674126d9307d71a4bddf82472a395c6b4f8293b851e1b28261058957cd9590bb873a689ddb33f21740b |
C:\Users\Admin\Downloads\MountInitialize.mpeg3
| MD5 | f8449c664b6995d801863ada09bd10af |
| SHA1 | 76f63a245b2fea5350b1e1f95dfd2325d6f20d90 |
| SHA256 | 68795c3a66463e01f7a2930893a6c3a984779f2ff90fe279090498a8c80a5e5f |
| SHA512 | a79d97d14913273fabd58667573c4559318bbfef90c2d3935cd7222a64c5302128d1d7830490a81df0a4fd6172d500f792ea799cc12c6d4316d13fa0c7ba7603 |
C:\Users\Admin\Downloads\NewExpand.xps
| MD5 | 6f254739dff42beb03807c39b77dbe6b |
| SHA1 | 93f75e414a3309888ff9eff441e2a11c4538fed3 |
| SHA256 | 12e2e82f2b4efd3071f050ab0db2e7098dc294fce320f7de86401d81507728f2 |
| SHA512 | 86ae76a3bde4aaf76a4e99beb3c9a5d0806282f0901cf351deb0d2d5a8009ddf00fa25a783eec8e2af6aa4f2964c40ad92dbdab937aff8f50148e278616782f0 |
C:\Users\Admin\Downloads\SplitPush.wvx
| MD5 | 0afc873f6aed459042c3a81229342780 |
| SHA1 | bc9f07a72be910d54a98bdca9ce2fbc2b26ac28e |
| SHA256 | 9da97c70f7e0fa2f7198cfb854001b76cb982a6aa8886e145e35ebe6ff01e22c |
| SHA512 | 1e3e09a0f4fad530e8d4c818d58e60ce12439f426dd33a3fe6c2f6487af4e3fd9d6220de4ec0d581fa3de0c6695827227d62c1130a45b009f648d94075a70eea |
C:\Users\Admin\Downloads\BackupSelect.ods
| MD5 | d1aa560aeec905ee7c9efc2a8c2ff7cc |
| SHA1 | 11d9e51a95f09e7e6d411078672fda142bded057 |
| SHA256 | c41704ed8bcb9e1317e3fa8acbe4a6b1fd7e6a80cc0b162a9b2c8cc3ccf5fc27 |
| SHA512 | 95bdf365f984711d40200bcf9bd63801640e8ae281ab0f89c3e2485fe3773c297a1f49172fdba923b5c1a11d26955310747d4a3154deda418507ffbe7b008630 |
C:\Users\Admin\Downloads\LimitApprove.WTV
| MD5 | eb2d8a972c39f90b8a8a9b08108bdd20 |
| SHA1 | b390293f7d1249c6e029f1b23cd184566ea9cc39 |
| SHA256 | a80bc177ea24edeab2549d39ff25441ffb9374f71b7269b1a74fdfffdac6e12c |
| SHA512 | b2c843ad9181402221ead927d848be722619ab6568f2d023d186b7e1c3a2f8b28a475b9cf88e284b440463c39cba8bbf16387aade43648ca7d4a6c3f8554d8a6 |
C:\Users\Admin\Downloads\StartResume.mp2v
| MD5 | a246c626a9f667cca6208c0399b69371 |
| SHA1 | 64547fcafceca6ad9525f69516526be20174671c |
| SHA256 | af5f360ea21bac53834778386a80d4b61f96d183473c0f8f787d560c192fbc8c |
| SHA512 | 5c2204ef4d0fe1543e463b3b54e16ae8489032272f0628490f3e5beb75b2d8ec03f4bfea8bdce57be859e1c120476515f2a33739066b3847c65fdacf28928ec9 |
C:\Users\Admin\Downloads\RestartCheckpoint.xlt
| MD5 | 2e9e57196158769922fea43f9565b88b |
| SHA1 | 0150581daea2604f392ab56c473375878967e58f |
| SHA256 | f2c099ed9ac2ddbe2eedcef580844a7cea41d84e259a0fae1b95fde5213b1465 |
| SHA512 | 46aa24a6d04358ad9896155cfb5fe8f30ca69b9c17a425f36031b24b18f196c4222335f25ce94aee909db66230ea05d7cdf55d31870b8f863d3983652b8f6a97 |
C:\Users\Admin\Downloads\PingCompress.mov
| MD5 | 5bd62eee55e2952800f51899289df5b2 |
| SHA1 | 209cd5abd526b50978feca4ecb0b990fa847662f |
| SHA256 | 9ab8eaeec5fc6a398045a6aff6e3a4332efaf832bbbe027d19606aede673985e |
| SHA512 | 801850e4dfbdabf4b7c8cbf465461246dad5bf05e85ebf44aab9085060c800032b4eb5537ab44266eea7364fcdab91c793e954fe5c988239a258b045407a37e9 |
C:\Users\Admin\Downloads\SyncEnable.lnk
| MD5 | a3613be15c06ff8d69c3067fd016d8e3 |
| SHA1 | 9c164438faf792e6baff994ae336338cb67e50ce |
| SHA256 | de219d3374b5c567eee7d83c98400a9fca853159b024cf61ed5c6da4e7df3c6f |
| SHA512 | 53e03c48d773b28ca232f79314ce10258e3a50de9ecc4044140bd72657e6df4ee408ed51d5387e0c5da983be1391949675397923f8535e363ea5ae9d425b0b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 324b90537ce9c6e72658602c99e8f604 |
| SHA1 | bf02bfcb11f8ac654366ecf908489d23d89a7f4d |
| SHA256 | 6e73b78f76fc9938fc19571a2f6e81abfe0fc732a85b6d20159aaf32fb46baae |
| SHA512 | 3ae749b4211ef4dad1aa0749a63cb366dd79ce12271b15d581d94494c101393f64fde87a738023863d2bc9430b447242a2c21ee1ab74ec830c6c8b056de48577 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3bab45c70f22646cf8452c30903810cb |
| SHA1 | 40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766 |
| SHA256 | d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc |
| SHA512 | 85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c |
C:\Program Files\Feather Launcher\chrome_100_percent.pak
| MD5 | a3d4515d3a33a407d313a62818e82a5d |
| SHA1 | 967ff9a6774a66f7b3299af4fd5d70961ed54d79 |
| SHA256 | 662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0 |
| SHA512 | 0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\ffmpeg.dll
| MD5 | 68ea02ddbfdd0aa3a694789ee6d95bc2 |
| SHA1 | 326354fda27d5de1a7bf23b440c6eeb889c7c00d |
| SHA256 | 0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99 |
| SHA512 | 5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\libEGL.dll
| MD5 | 655672c205e37b079c34a4427118479b |
| SHA1 | e1d595a25e76f2f1be50f0ac3046e82462790d69 |
| SHA256 | 498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36 |
| SHA512 | a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\icudtl.dat
| MD5 | 6690f2b2384e1bf8961fda96a4d07691 |
| SHA1 | 111f6dd9833c653908431621fe8fbc87f1135632 |
| SHA256 | cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366 |
| SHA512 | 6a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\libGLESv2.dll
| MD5 | eb2b911d33f5ba82109a0d5608c28334 |
| SHA1 | fbc578fbcfc88a132438b38e97bb87c16a9f698f |
| SHA256 | 2404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977 |
| SHA512 | 19becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\LICENSES.chromium.html
| MD5 | 997768ae7eb8c036425bed10f766e823 |
| SHA1 | 2ec99026b977f6603a8a7890bc05594a9a4f13a1 |
| SHA256 | ab30ee348b3257ec2f19fb5733e64278438be792f1280ce0f28eae0c9cb8943c |
| SHA512 | f408b817b68861cbad62425e0bb8726f876d36a2212186a8f948d5c825c95ed819dcc41284d8ad8ac11e7ab7ff6141588fededd01c287780f84269846515f639 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\resources.pak
| MD5 | 2cccd68519bff7f6a45380607940ca9a |
| SHA1 | 107ed8e7aaf2ea4d8b290afc023fdede16e47254 |
| SHA256 | 44387afe96c6d1cc6b24e6e05e42e92eb51d6c520743fc8e2eab06c683ba27e3 |
| SHA512 | da3c67f10ff1d741f6c4d5313f8f1887ad3232b33935d5576d321e2d0622f601fde3f3cae24b23f00e8e7f7f48aea49fcf4fde12aef2b396ea5697566f8b7128 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\snapshot_blob.bin
| MD5 | 17b5a28e6aa7ef49bea7555843937313 |
| SHA1 | 8c740e68f009c3d03db74edc347cc5d1fac7b1b8 |
| SHA256 | 2590aa136bc101f1075e42cd8939c7679ceb35b773c989be2ada49acaffd01a5 |
| SHA512 | af7efffed22246389d6a834cc8d8467e965849ffb8fbecd4d192c0596d1a026c6ddbe49cd2029163fd77bad22906e80446512bdb918875a7fa96c6ffef65cfc5 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\vulkan-1.dll
| MD5 | 58871cf606db440509b56a3f764e72e3 |
| SHA1 | 312e810cfcfb663b0da00eac3b87294c0b035cfa |
| SHA256 | ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea |
| SHA512 | 07279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\bg.pak
| MD5 | d9291d2f1e816471f691f37c5a4635a0 |
| SHA1 | 201f26fff690b95f559d57866d7db519364ac27e |
| SHA256 | 4a7d229dbd7ca53bac0438d5705a8ecad9e33213f6752e58624da1b9e9cd571b |
| SHA512 | 074b46011bed5750dd49ec5e021b02850d11b235730c27bc2d0910a69f2f1d03c79dbe692b5dc34b7be28ab071b8af6c639151ebb10364f04b8acf4615c54270 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\vk_swiftshader.dll
| MD5 | 17bb7a2a7cd8ccd96ed19753cfc75bec |
| SHA1 | 7c996eaa179fd472a572a0efb3e243a81b283977 |
| SHA256 | 070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8 |
| SHA512 | 80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\v8_context_snapshot.bin
| MD5 | b978b7e83b574a43fe766af2b670c1c4 |
| SHA1 | ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d |
| SHA256 | f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96 |
| SHA512 | ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ar.pak
| MD5 | f27d0b588bfb76f541e9a8d83c74fc58 |
| SHA1 | 23d01bdf7e1a7d9cc34a53b5d0e9a221395d0f67 |
| SHA256 | 88645be62d0421ace7b2c44df7de67a4a83b04977049bef82b465f60f06d5560 |
| SHA512 | 9406a3150e40a5c93c9a2ba82030b334161273ec3d66c8812cb7328340cafd0ce549f178cddcd00bfc227a258e8aba64305be203fb6502fd87f76f224d0a7126 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\he.pak
| MD5 | f7f22a75ba2cc2a2d1094ecdc60a208b |
| SHA1 | a631ebc0d180fa994b3856f706ea75714292a7f6 |
| SHA256 | 4e972808f0a25619462a0390105e8a869037341a30b3481b3c80d918009efdb2 |
| SHA512 | fa7e27d931421fa504c6731e4aebfec0908c98f72c2ec7341195ca907420dfedf30f68e0949e3824b6368d64244de3bba6a7183d3fae424a0e1de69bbfa9d71a |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\gu.pak
| MD5 | 9ad27f9e3aa9356d8398a823a5a90762 |
| SHA1 | 65a3b8b786a245e307bad3966d9ec02094c06cde |
| SHA256 | 984aed687408ebdeb291a57893034490d6acfe9d34546dcc3715f33c8907ca61 |
| SHA512 | 46fa7165714cd1b7c1e2389c85e2ed73f40125491959cc458ac621f5e156963f0fc141deb1c973996a15bb2b7b835ba36806db762ebe97b02159d64d002a93f8 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\fr.pak
| MD5 | 0b0722d0c9187ed3bb445e66b9f73668 |
| SHA1 | 426b41bc9677861b61daf77e235c20ca70b5deb8 |
| SHA256 | b7b3e4f04dadde5c228408c32c55f088372181cad5b71df515cdad8dd1ef9e6d |
| SHA512 | 4d5e3d6054cef9f903844a0822906c612def3d4c3319a7114a54421ff1a4d3c523d02d457d5a2ef8636d6f4183392f64d821c6ab2e8b79c9930e95f7a36a891b |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\fil.pak
| MD5 | 850333b9705ef8ea07a6a9ded5904040 |
| SHA1 | 12950aeb4d7f13ff335c5012e1d0af0da50ba541 |
| SHA256 | 742705b1c87900f6e8f02fa112d2cf13ffaa6c09c62a7dc34a2cd6a29608dd10 |
| SHA512 | c464725f7f9702c9e94a7491e963664fbfb2b07507ade4f32fe2372eb9d0313bb229fa8eada511b338d094780341c24cfb59f745471b0b82fbae94ebdc8ef4e8 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\fi.pak
| MD5 | 71f7182ad054b5294d1a3c8fb91d1612 |
| SHA1 | 13a210397d6352912c35ffcfceb0e2ba3910f7b4 |
| SHA256 | 0b41ce33c0036aee83989ce4ffc2d096b2f6fab77634e4bb500ec70a51b4e0bd |
| SHA512 | 157f11807cdf4667efbc93cf2f3134d9d48b6eb08b941eefb7b085dd3e110efc42c78ef554c0faa2b46e0155903342c6b5b6b20f796907138619b880bcb2d2f9 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\fa.pak
| MD5 | d7051343f1cd16379689a2a28a614bae |
| SHA1 | 7dfb720048bcde2282c682d5653fdaf3b55d89cf |
| SHA256 | 4c00aed6cd9f9f6d2a98c157cc10a07f4f09fcc18b72c048eb6777a2600181ce |
| SHA512 | 3d4284a0c4c528be1b9466582bfaf2cc1acf9a03ce9cdcb27ba2481c31cd841b0a70912ca388dfe1d3cdbc58c82e095baa961707a344d03cb0db777a61b5cdd3 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\et.pak
| MD5 | f6b7f59ef4eadb505faf6f939adafecd |
| SHA1 | 738f208a717786f23d124201aa16b377b686cf50 |
| SHA256 | 8e75989893f0d59f6ccae2042231ec8e7dea6fbc78210700d0d1d3a67f6b1d59 |
| SHA512 | 195bec3a111c498cb4b791bc7d15b459014717fe4270cd82d01e6e4d1b12bac03e267b7699b12e43db5c6cfd8625b6358bcee039aa18edf593f824fb27bcb38e |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\es.pak
| MD5 | 85e0afd9c09f97cecc025f31fdb6269c |
| SHA1 | 13b9ec632e465c31fe6e88b1e3c186a2eacf5de6 |
| SHA256 | e1a9180677d2989137e8dd381e6c847c47b385a6d3e965a047829479317736ae |
| SHA512 | 0371b816522bc43b124ab8dfba3ac55e63c435276031f7035075a0767a11f3d73b5991156ee6ea1770d0115c09cb653c9d3fbda4b2d9f1e00b068c9d7a2f8db4 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\es-419.pak
| MD5 | 637dcfd56428fe96bb0a778b0cf8a660 |
| SHA1 | 1bad857d600d00864edc3d31529cf4ef6a49b580 |
| SHA256 | 45f136986a226b1385189997aad2f660d0f518cc9871862250736237e0b105cf |
| SHA512 | 66b5c92687e97326af47258d38ec523184ced00855ca385515c64bfb9a7e3eb8dd1f885c4db5891bad680c670714bf9e5574483e34265c1f7781c8a7e7af9301 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\en-US.pak
| MD5 | 1e9b12891461eefd9db12e537965329c |
| SHA1 | bf2346e045f79a70218890764b9318fa86886b36 |
| SHA256 | bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7 |
| SHA512 | 3f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\en-GB.pak
| MD5 | 0444defa8f211ac4eabcc760b14a5b8a |
| SHA1 | f143e080ba73f83c77d6c095ab8be1f71f763532 |
| SHA256 | e252661d412a068610ac2e2a64609f21f71c64602c579a14d7e6ee59d08fdfc1 |
| SHA512 | ef4977e477c3c39c2915e82162bf44370a3e2242a2fe57b43a0c2342171d02278adcec9d602ad4d4021a6554ad85a55d4635ccf3cf97405bda30626379d875b6 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\el.pak
| MD5 | 79077480619d88f5d4d0c349e86de169 |
| SHA1 | 3b05b9de0d79e6cf82ff5e482dd1626f58d1c858 |
| SHA256 | b4bdd19191dc4bc22f8a3ecab032f034b0c0c0669e9a5ba1b42717ec0b5b418b |
| SHA512 | 1fc5697c798c83f70345700037af7aa22acfac5a3c7e319dd57d587a35b7e907ecfdf175e283df365e31c0f824713743a96cc56b60e9c1f335bda80fcfec38ee |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\de.pak
| MD5 | 8ae896d9d42d65ae82093eefe5dba356 |
| SHA1 | 57b6175fcd23ae0dafc7eebbdaf7cc26c1ead0bc |
| SHA256 | 6e8983727e035e77652fb453192871e435dbab03ffb3088a86ec918ef01b7f37 |
| SHA512 | 6271a6e21fca7793964199489d21d1fb8d93eff2cf1979b3da7ca6eb22d4786a28a6e62b6ba0b8907a6be7487d5c9c45d8d372eb34ec16ddddbedfd49dfc475f |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\da.pak
| MD5 | 528f37f3f0f7b145a979d5c241b4fa0a |
| SHA1 | 553184bd357c6493e73c1a1dcc5d142e1a36f0ff |
| SHA256 | 19444d709ff0b9343aef93a640c505566572a0f3121012716d2af937c08d6dd1 |
| SHA512 | 6a58016bd952dd93026e81bd240a5d02b0538c61b3f0422ce4439a719d4c0d76caada1f3177d4c4942c0b573844c7e42d202285758dce8bdd8c44115ea4b068d |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\cs.pak
| MD5 | 11a76a16e2f94290a6671b2fa7c782bb |
| SHA1 | ccaecdb49758bcff8fe31ec0907b3a4a0f1ee6d1 |
| SHA256 | dee2f88b85753600284bb4acc844be1f0edd5688f98340770bc042aecbd73fb9 |
| SHA512 | a19845703cd2af109c085383307eff88e8f2ea4f6446541ba1f0bba89522e714d43cfa355af149a9a12ead96ab389b27c273a53dd15a93b401f6f7eb4d43886c |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ca.pak
| MD5 | 711098caf9322fa49fbe4ee2ba794a7e |
| SHA1 | d567f076ed6b8b1479c566efb155ba491401f140 |
| SHA256 | 95758e3b0e83067a8eb8f135f1a9f6112db18ab6a21981c5ec32c899c729a159 |
| SHA512 | bcbff969d9e3ed54f6072b359f911c0c9ed875b12fc7a29002e9a251331b4d47b7c0d740ef1c596bbc8828d6e32f216f41bdadf0873a0a85ea5b65bc8770158f |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\bn.pak
| MD5 | bc688ba7dd2b0f9946ac98a1df15131f |
| SHA1 | b453ec6785191b3dbd5d78e7b25b9481b6522b32 |
| SHA256 | 6ad844d2b22c8fbf3587ea603140deb1475dab934ac62e402dbf1c6946dc882e |
| SHA512 | 3d60102975a6acb39ad5f750128ab4967bdb5a64eeb398c5fc71e5fcca860eb97487df4e85269a5ffdc1f030bae2ff1c03d61b08565792f84696693aef8119ba |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\am.pak
| MD5 | 1ef5cb04c40f553fad6dd74295ff4588 |
| SHA1 | 9065653dc4ec508b657fb86f45a69114d1ab4be1 |
| SHA256 | 9aa0bee97cd6957d3fa1dc43e3bc45b7fc4f55df6df9a33faa7aeaf6e2c46a71 |
| SHA512 | fe766d0841a1a247442e85b5e4890fd3f83c76686e61c2243ed93a373d7c4b9a79558200583e58fb17cfa64efe053d61c582d83beb078a62ef232376e4741ead |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\af.pak
| MD5 | 3ab2fcf223a5fefe8a186741b3507e14 |
| SHA1 | 9e851c09c08415a228fad02ba87a9caeb29e3b9b |
| SHA256 | e6db19247e92d007323f9e0ee776c423a6a8a64ab321c9d5c964cf137e390a4d |
| SHA512 | c1259f7953191b7c89694d826f4e45564d4c7b6be2aa7e85b73c5a6f723894b139ba62d215def008f45a95215fb3da7463e229c8ed014a6db4b03e64133891e9 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\hi.pak
| MD5 | d0b36880a50bd87dfab2ebaff24c0ea9 |
| SHA1 | eb1f30d0092b4900f332cc2162f9f1c52ccf4da8 |
| SHA256 | b23dd1037a3d133ef29b73f5fd90765a7af9f0f69b24858343acb084a59b01c8 |
| SHA512 | bb80d1ca39707b96601433f9b10d7857950aae2075d173d5650af2e3a6e6fc795ba4a6ab55888933b9f0e62bd03d362af42357ba22c75a1ad599d153582f6bab |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\hr.pak
| MD5 | 5858fdf0f665ef6dba8a4e68ae175974 |
| SHA1 | fc8085083e4b38462c42e6ca5ae67fea408f18a8 |
| SHA256 | 66e85a46152b7baa26b2fd8d6af3df0ca67f54b75281aa08cf6a0f7e769aee8c |
| SHA512 | 6b32b62749b2e1a8921faa425ffe69f1d3bb3d8ebceb74f5215c355a35aac8220ae8a0624c68ec45123430cc731812504fc22bfac1d50e810168f3b3509176cb |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\zh-TW.pak
| MD5 | 31b1d4dc9c0fbabb29c2e32c759e7238 |
| SHA1 | 45810ead9541adbd12f15eb63bf33f932f7e48d1 |
| SHA256 | 54469b7be7f1c7cd972e77d9853813d41b515b2ef8a3824e7fad2646b3ebb3a4 |
| SHA512 | 10e76d0226cda5541a3352c8111b16d59d563e91512be4e0ddcac9b71e0c2f5953ac170d8a23fa1c6d523d3214057950ccb7a67f922921d6c34d475590055856 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\resources\elevate.exe
| MD5 | 1d3e78a104f30be7b3f7aa71ffa7900b |
| SHA1 | 53463a970842e544c0784abb748d4ac6c17e511f |
| SHA256 | 158f83e3dce35ad8943c73d3414fe02a4a9ad73527ec4dbd73c15a94accd2345 |
| SHA512 | a35df4ea88a8e44931dcf939958e6004d3024c9d8afa892dcfb8755546505f33fa70b7c04a3d85627ffdef66c08f2fe341a1756a63323fdf6fea17f71f85bdbf |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\resources\app.asar
| MD5 | cad3e01bcb66e7411b1c764acfe8c0b8 |
| SHA1 | c454e64152d2e4e0e45301baf5d436b3bfe75427 |
| SHA256 | 8074b9131dd6424ae5b6dcb8ba256933e677ad0392df8e4a444ec98df81dbee5 |
| SHA512 | 63b884a98fd494c31f59c5bc61ca5f7f777e466899d978696adcae5c596dac4a3043124595ca678ade392ee417b675e375f3aef349f4ef280b3872af66a59a58 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\resources\app.asar.unpacked\native\cleanup.feather
| MD5 | 7c2dc9165c530f4888ac63233c040560 |
| SHA1 | 41f5048d8365df3fd35c744ceb49bb5ff0e63edb |
| SHA256 | 4fcdb7229bfcaa4b158d0a2b4092e76d8145a1e82fa432c99a7d5ad11eb84e9e |
| SHA512 | a6dcc746353c736d848ae3eed110a519e3db52195f4f02193d322220948073964e53e4d082cf3a07765c48018f357153257cd04d5f5f3d05bb44dfd400b2932b |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\resources\app-update.yml
| MD5 | 9300d1436965c7c0933f53bd16bd332b |
| SHA1 | 96246ceebfd51faa9470f9152d0925f6cc1983cf |
| SHA256 | 53c824fd08de03ee221296cb75ad6e8c3cff5b8254a467180197cb308666377b |
| SHA512 | 9683ac45be9771e053fa11a0b13b7fe6866c44385046c3f7b67e77e1fd068f5903bdb1987209cf68432ffc021f8366f6fb002c360e3ed6ae030a8fe3996415f0 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\zh-CN.pak
| MD5 | d9be21bde24de1026279aeb67999b1bd |
| SHA1 | 0a0e090bebc5e4e7550152bee739f220f8ad9e9f |
| SHA256 | 6c364baa231f41c668fb15da586568a985fee2b4bb3e611c07ba97675336c013 |
| SHA512 | d376aaa1d38f20e0cf89131452df6d67489711950a3c89aa515570588797c4d83c5dc467773d3af525a551e0f6087fdabbd2ec3d2b48db4b961f2c1e9932f0db |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\vi.pak
| MD5 | 34f3d7788e213b731c0495b2fe45c78b |
| SHA1 | e7a2ed024e61375077973031e2dc82d924ed75ca |
| SHA256 | 2ca9eb9d04ab45f479b392ca9067d353e5472f863d3b784acfcb1361c6da30d7 |
| SHA512 | 48400842614a31f65278e667b43d188dd44e4e9101c7d3d01ad75569d1182cb603ad07168195364ae53dc598f544f438f846ccfc604db208fb29998b292febdc |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ur.pak
| MD5 | 77ce70fb50d1de7cfdd6b13161a09809 |
| SHA1 | 09d08cfaffbf255a013a8b9727d40c776be51d37 |
| SHA256 | ae2457b6f347d34fa8ecf524d91154ba9b80ee160196d774546c1b8924049495 |
| SHA512 | 7fae3a792a2d64ecbf60ba2b694ddf2b40df0e1fb81b602b878ede856912579b7ea78488bbe998151350df814a8d8b0f3f1299882c9b330d214f9db05de86b56 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\uk.pak
| MD5 | 987144e7837f63de1889492166f4330a |
| SHA1 | f9b5055572eb238b357a7c977c4ceb6f7a768232 |
| SHA256 | d10af321c33d48f5e97abb1c74b76e43e63390b9022bed58437fa4d271283900 |
| SHA512 | 32ae4c6d7e90cc0723ca385fddf36ae88fc803bec790d844eac4c7a67493352c3aa85a49b095178fcbfa4485b9167b6f4dbf0034e7784148383d0084d63fb9e5 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\tr.pak
| MD5 | 8faad383bb39fa15ccc8d07beffa5a34 |
| SHA1 | 5bcd907923c04b310dda718b5eff4115cf42c6fe |
| SHA256 | e31a9cefcbef64d082b77a16a2d5dff11673f74363cf9fc34e36004a62e308d6 |
| SHA512 | 9a604a1e4cbb23d48203d02950465020c6dd5a3556ac6e5ef7dceb0491b8d5c5722b6b73226642f2234885a36dbdcb1f628503b6cf63c84b4a28408d74e82764 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\th.pak
| MD5 | 73bc88a210dcdfb14b6f29d8f86f4f4d |
| SHA1 | fb3392a03cc355aae318902122b7245f2fc13d01 |
| SHA256 | bb8b656b1d2c4cf5f361f59b44abd4809cd774e664dbd0f90b62b97ea125e3c6 |
| SHA512 | 671b90bff006b22ce714971bb8ba87acc4d887f9893709a090a85a8dcabb1ecd72edf54775c77378ae22dfd5ad2880df10efb201b1d4c11a1d304086b8ed3c8f |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\te.pak
| MD5 | d7f858c12123e975b4a862c3df05c0f4 |
| SHA1 | f8d2ffbf76883f5f095e10f3de5694c209c47b12 |
| SHA256 | 29e4d010c6b951c129633aac0f55b70107fd24dcf1062c20e263611e30ab4b93 |
| SHA512 | 1d44549e83b0af8d9c1b5826c970eb8dba5e8159c0ccc3586022d65d1e5234b06cc97ee4a9d45d7d944e882f4c5a12947bf810f73c8c064255ac0f46e35799a6 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ta.pak
| MD5 | 2204d0005209a5a2fe25bb44b8e5ace3 |
| SHA1 | 161d7d4e286d7bff25e3f096923a5a7c7a3cd30c |
| SHA256 | fafe173abc2ca773026b0caa24e693a0ac4c9d0ad7c40258bece10e4714dcb15 |
| SHA512 | 8dc654487702636e28a1fcde05b8b9d2ec71a640c48233dbd5ed0aa174a875e275e310973f7e993908919affb7671282d40a8dd280b24a1c5cd29dc66e4f9abe |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\sw.pak
| MD5 | 8e490ee67f6c53f9916715b0d32257d2 |
| SHA1 | dbf51ece8c770f38019f497bb10966feffde0ea9 |
| SHA256 | a8d904e4871efa01c72ef64bab601e6cb1de216db4a696966e90fe1b733bef17 |
| SHA512 | a5774b930e4d5f6d91049fafdb6a743fda32f670e9aad9000740010d1b271a4c3c881d138e40abfcdbc6bf98f37fb3791007a74d38ac507b8bf86ebe0ee00c15 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\sv.pak
| MD5 | c5bd14d64a64ac7f361e49035405852f |
| SHA1 | e2484e58f524464fadf898ee0a3c972db19fa9d0 |
| SHA256 | 21c7d459c55f255c6da5a6454eafc836a3bcdba9c99c76bad0f0d6fbbe7a33ef |
| SHA512 | 74443233e16ec24814ebc4e16aa5108ab447c4b1d095c2e18ae4cd2d25fccb13a182fda1dbcc286b9f8b07e80e19ab19544fe758efd90910a4eb1d05c3ce3393 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\sr.pak
| MD5 | 7b929206486e740b4c9299112186a94a |
| SHA1 | b52a4c8eafa2d9439d525a167cb3482f31d7a6e1 |
| SHA256 | a0ef17a572ce510796886b844226b65991bbddcc71b763b91569a07ef23d2070 |
| SHA512 | 91f4676cc8eeee6f3d643f13c27602ce05639b3707bbd950fb0f745242e92d053b74f575d87522a43f2135662870ca3e3eb6ca894737a5d14900b9e48c837673 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\sl.pak
| MD5 | 1dbb16fa2da8c13145420e85cda509c4 |
| SHA1 | 6bee3ddc96a98c1e658299dabf6457fcf90c67cf |
| SHA256 | 5015c0685b66ef38c92ffc4963e144e913b646d8e855f3976e50c8039879cccf |
| SHA512 | a98b086bf9175b7c2b5c25e1208c8f7248c6eed2bc9acc095a52479550b58bd22dfd9a09dd3674f59ce9ef537f27b0dafcdab194158438d0e68d3c120fb97e34 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\sk.pak
| MD5 | ff48eea350d1fe820a47c2cd0f9a93ac |
| SHA1 | 1a069d1f9b278be78cefd290670dcecc463aa7a3 |
| SHA256 | fe43904bfb0072add943ee8d44e9f92a80eb2aa55ce7157de52ea625c277db53 |
| SHA512 | 507ab138d8b6dbabdeacf3031fe4c63687fd91d04d0eb5e27b12ffe1d84c93ee40f69e48853d6bebe177d614e4a14f034024f93397a0e9fe5779ccd01760caa6 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ru.pak
| MD5 | 9cbc09a3aad1ed164062db66c31b5031 |
| SHA1 | ea8fef1cdaccec36262c65f09b4448128a5ad2bf |
| SHA256 | f6b76bf79ea9f03d6bf8a399778a387029baf9a94ad274788514b2086b612bd8 |
| SHA512 | 02b7510ae112a28aeabff0833ef997b1fe0d7ea23818221da8df16db392d4b85792fb60bbb3f3157c912269f5abf0db0aa82364e2cdeaedaf8b2d8fdce2537f1 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ro.pak
| MD5 | 3e9f9e59dd4a782ff7b1f1106df6c88c |
| SHA1 | a0694aa9cc39e1aa5ee6b0cccc0de76b14a8f808 |
| SHA256 | d56825b2ad81fa419b428855d8b3cff01015a446b7cc989d7b17fe1b3b5f45cd |
| SHA512 | 7e03875cc9b5c01838af6b470c541cf7f2402fbbd1b50bf0634a4c26fe417c85d59f53112e1013425d26dd2664c83181591baca502c259e513445a6ea2fdd18c |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\pt-PT.pak
| MD5 | a0e1ae3d3ee87f7031fffd278cce007b |
| SHA1 | c36d4e8db6913f021a0be1d9b8a3e8a13943359b |
| SHA256 | e5c382258030217591f439a4020069378c3362677258d5129c69ef8e25abd6c2 |
| SHA512 | bad63254f3a4fb65a9e7cf00587985cbbc93fb3fc2b48735b59fed3c98ebc1c51fd5e8394209f86c6040d05663b677b6d468cd98920f9b088c6fe1cdfea7b47d |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8bef64a4500a00f0e72944a4a4b6556e |
| SHA1 | 13724500fabaa1c452a253bd43572d40d74f8e43 |
| SHA256 | 1054376071aba92b165cf561b7931a18ae0b29c9ca22eda85c5c9c7e6721e49b |
| SHA512 | 8590fbb13913342c988a7bfbe7abe1483cefca90b801152ba483752804879a30b5f8aa4f7cd55165978984da68937006b675a65d7c6ca93e770ea2586a35ab02 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\pl.pak
| MD5 | b5fa6aa430ac5ffbaf172627733d0a28 |
| SHA1 | 22179851889ee0f30097b0ca7417575f91c9b7bf |
| SHA256 | fb1dc5b556f59b6ad642167f1df9e654517ad494559eb3f441ca8f79d56a86e0 |
| SHA512 | 80dda2de947cf5e2084bcda6623b83ab7cabfbcf5e6fe4d36d3290ee10f18f7be897b29bd3ac9f5be72572e04a7791e008532dee68bdb9647b20532fa38cb386 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\nl.pak
| MD5 | abab4a5f1afd809d2e7d5cad3ea17e70 |
| SHA1 | d57dd02b63849f7798b1ba11efb889075fed10f3 |
| SHA256 | 361d54411d890d26fbe6d1f8e8f8258e72afca143783f9f16145b9f4f5f9333d |
| SHA512 | 076a061a9278d83c76048696d14120310b64fe41a0300a0e0588e1c7ae933026d8994f9672d85c5c76046a3d7eba5fea6ce70fa7fb4cde0990777e3965fb1d8c |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\nb.pak
| MD5 | 9cd8697bbc2b78dc3fe4c022d1fd5ee2 |
| SHA1 | 9b0cc62586e391af46899464dc22df60746b53df |
| SHA256 | fee60b6eff88716fd8ad4a9b2da8b16827753c819671831e2d7dc2723aee3bf8 |
| SHA512 | 30db548a2bc7af38ffe0a1970a52afce2fee04c02b4b61b277d875f068c86fe46fe537303cbbbbb66f3f715268b43cf3b2cdfcd90c2a4157393d6242eca79c37 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ms.pak
| MD5 | aa1d4538fd06a6663ca213e059592f90 |
| SHA1 | 4197b4bdd58b09ca8caf76d0c22e3eda358dbeca |
| SHA256 | d51d9f4fd2be492a751db6898b4c2843b2b6cbfe893bb66ffa4eb8e1a66e7e5f |
| SHA512 | 718d3ed30f8f8052b2c52e8458188880a050ccf14f2929e953e18a551f6abd4fbc87af525ccd2efa353bbee00529cdeb7146373023d598cb6430e16465bf1cae |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\mr.pak
| MD5 | a72af6ed3bc9c364cdd096d65e3b5349 |
| SHA1 | f652a7d21e8cafebcd72cc38891d4b7b908444c8 |
| SHA256 | c20543bde56b4ba78b7efd8a1fd4d6990e751ea7e243c91a2e83ca78dc0d9289 |
| SHA512 | 3d0523ac8ac9e1d9f2e3e802053a14c8c3ea0b45cac0865b10efb23e869236b8103824777b5efd45eda7d6da128e9ec15bc68963bb60cc46a034ef357fd66b77 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ml.pak
| MD5 | 68ba8ab8cdb6bcab0650324a9b2736c4 |
| SHA1 | 5cb7dcae00cfaba7e621373273dc80144319f031 |
| SHA256 | c990dd02ea8ccad94f5002b2b05e74ad258a9b13ec1168732cde06d0723e2a91 |
| SHA512 | 7b4b75d2a67b32c0232b05de4085196484bf52cfeb109f2543c4cb184456601afafe3e05ae7ec9c37666499bcb424346114fc9fd08af65a7af853e42cb16f5cb |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\lv.pak
| MD5 | f0645d37826c1e2923240b745506b7f6 |
| SHA1 | d41a06f30cb4aa187b6f02320db9c743058551da |
| SHA256 | 1af1ac2692035d502e772f976c977936d0feb42f65a9096e0af2fcf8b7df03bf |
| SHA512 | 29ccd6915aced1680eb0ab6ce4554ccbcfcc196a7e1398ae5da1433205c7b2e77ed2bc7349704d1dffafd108403bffe53c36bd018bacf6faf7363f8e35c32a9d |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\lt.pak
| MD5 | 2a21c3d432c272f81edf923308858802 |
| SHA1 | 7dad07b28eaa2db09c341a4670a17016702ea1d4 |
| SHA256 | da21c47633640002d0eb397d9f2685df542b6f5e53ee3ca655340750de2f3217 |
| SHA512 | 8f646dbceb6a13568364f194f1ab95055378404e0ac21a3b4e609bfc1ab3b41869fb3ef4700aa0161ef43e4a394666437c17cf49f7bb0bb1d27fcdfb252ac782 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ko.pak
| MD5 | 2f216c3e58b73f7981d61034d707b53e |
| SHA1 | fd47331e07c8575057aaa58b1068e82721073300 |
| SHA256 | 7b87b2795f4bee5d4ea37b959ef9d7815b4cc39ba3470d97006370337c3e5997 |
| SHA512 | eb07bfc41b76e4ccac9346f9540208d184291cc443028ce74cefdead0b2c63cef6c92862eb5c5479810cbfc98ad2a60d9281a6286d25a78ee12e8dfcb2522288 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\it.pak
| MD5 | f21eee789d7b89f4c1ac03bcc95b6391 |
| SHA1 | 754ddc787e22378c3034c78dc126e49d952c1ffb |
| SHA256 | 94652279dd554461d91613fd2cf295e0c68a7fa46855c53172781b15a5b2bcb7 |
| SHA512 | 588640b61bc8ec60d9d6a6110544b0d191cf0d084e17bc79ab19177eaf74899c1eccd7b0f0f6852182b48b19596446e819ef0c1d64fbffbc87552a8d0eddf49c |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\id.pak
| MD5 | 437540fba9de2809d42dfc66ad78d664 |
| SHA1 | 0ef84382147c9ec2c1f8f248f7234506d0f3785c |
| SHA256 | 788a4e41a8e6b70e714913b4894a48fdf24799f7a20320565c523b233a41a8be |
| SHA512 | e893b418457b2aaef7605e36a61351b43b18b38ba675b2377bbf7744c7ba83fb66db151faf28f9bf0361f874cb4dc93e4bb1066cb7a5fb6a41b1b97f907c1dbc |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\hu.pak
| MD5 | e74277eadf72ef7164e03a0a38d8f6f3 |
| SHA1 | 0085e77f0a9bf30d290f1eaf24466a12789a1c6f |
| SHA256 | df6c21a38bedd4c6d02ab60650f4c34537e238d4c72b96b2857973027542c3d8 |
| SHA512 | 27ef60832a863c4ad3ff0816ee03b8bdeb584fc83654f4b1061786014aea92334ed44482321a370836aba7e08cc4b0992a8ece81cf8b98e42cdc76813470ecb9 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\kn.pak
| MD5 | be3dcd0f8dd4275662a01a381bf294fc |
| SHA1 | b97dc0e112e1b66ab3b9b7679cd9b2e8d9e40cba |
| SHA256 | c06445ffccb52fca884686db4eda33d315d8340fd653c199c0fd8a07d1872720 |
| SHA512 | a9b00474ab5d1ab88bc005ff53c8d7e33a103d87c2794e38bd6819de629969d9dff06bd4bc7c2318ada4de5a61d68462bf5e0464c7f53a4250b4f617f99ad32b |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\7z-out\locales\ja.pak
| MD5 | d453d6bf0d493cf8a28dcc7e32149cde |
| SHA1 | fe164f188b61c6b0c243262df7fda8fc612d9e82 |
| SHA256 | 1b3bcb7b6482cd9b005aaf30ccde3b4f3603f0a9e1d0f2209d70ecc74f7353de |
| SHA512 | 1588071999065dc93959ac36557e321881e7f244b2166c0af76deb4083d3e9580e6d0dac1fe474a49cb43cebc76a3f0ed400e750c090886c77e85ad0dea86c2b |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Windows\Temp\{2253BE52-01C5-4BC7-96DF-138F17B097EE}\.be\VC_redist.x64.exe
| MD5 | 464799b58f1090430afa4aa6183bedb6 |
| SHA1 | f2b3d878516031e4d968fa8d7b160a14e51688e8 |
| SHA256 | 42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571 |
| SHA512 | 7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b |
C:\Windows\Installer\e600563.msi
| MD5 | a074f9ba7166e1f8ad9db84ce76d843a |
| SHA1 | 2a36a3d8707f8b4fec94e26ec6e2a5df721591eb |
| SHA256 | a3ba9b962f0e5ecdcfa3f9ff7b25bf7b61d78abe5f393ee45f71ef7ce0d9d497 |
| SHA512 | 8ef81f2680f2b2de0453f2f2e8f209257c38f0e243a55d478a0085415af1483771741b09009eee3b1b78530016ca53c38b00918c5a6a91d947576d3b061bd31f |
C:\Config.Msi\e600568.rbs
| MD5 | 8bba38d5596ed90afde896dea079b22a |
| SHA1 | 34d4b627301065e1dd4445c298b5b70925de783c |
| SHA256 | 4c0d60239eb090ebbc7ece79f731a95d87cdc311ea37eef635f0f06633a46ec5 |
| SHA512 | 8b186f5facca306f37b41794b3d2c04a9989d3319ebfe821a28d39123fc8c2d01274edec7ac4401ebf6d78b9bb497a08bc762f47253f1b1bbf97b118468e48d2 |
C:\Config.Msi\e600574.rbs
| MD5 | 26bab5359c555063a5fd2b1f854fbdbe |
| SHA1 | 858f16d37486b393c4e4b0cfe03c90e31d32f16c |
| SHA256 | 33c6c3e4dd0d6f09aaa676447443d048614acf5ae4234029de8bea4d8e0d5019 |
| SHA512 | a0f974e8d91e2e12efce2314a153621f22a55009bd73370b7c896939fa13b182bea2126b5b672dc95162eed3a644f28a0a462fd3b25e210f2b31ed4939fb199e |
C:\Config.Msi\e60057b.rbs
| MD5 | 3aa8149a02672fe0fbc2624e0461f1b0 |
| SHA1 | 87614dcf395b525589f2803500ff6809812b7abd |
| SHA256 | 2b3faec7fd82c627e478f1f169dc429b7b14e1030857497ef963fee0f3714dc9 |
| SHA512 | cbde8851e13e08ff861a04f1d7e13dc879655cc36927b355637a25974894bcee8cd9401df3df018c4b88d45b9ec724291ea162b08122ed56705328cf85e513ff |
C:\Config.Msi\e60058a.rbs
| MD5 | 93a322e2a29deb8c5fdddfa47b612264 |
| SHA1 | 6120f097d9b115dfb0de743b64b859f689567a00 |
| SHA256 | ae25c760ccd1077df0e1b62051ba4032675ef71bb2840e5195b1f343a76ce44d |
| SHA512 | b3064aade53c3fea8d97eb3a85b64fa419ee040e992b2072e05d48dab4f9955f721f191652b8c98a8bf9abdaeda172822033ccbc9d729092572e1acd647f0fd5 |
C:\Windows\Temp\{85794B2A-34F7-4E48-96A9-2FFFE56F57E4}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
C:\Windows\Temp\{85794B2A-34F7-4E48-96A9-2FFFE56F57E4}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
memory/2052-2553-0x0000000000A90000-0x0000000000B07000-memory.dmp
memory/2540-2590-0x0000000000A90000-0x0000000000B07000-memory.dmp
memory/3952-2591-0x0000000000A90000-0x0000000000B07000-memory.dmp
memory/3096-2633-0x00007FFF36970000-0x00007FFF36971000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsmD451.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 21da024ce71da7e2d51562309da04c08 |
| SHA1 | 31a6985e562ff76ca279c5dae5b9b23fda78a682 |
| SHA256 | bfebcaa0b1bc75a9e6aabb47db8097091eb00049b87f298fa6d1829574cef631 |
| SHA512 | e0a032ca5c1ae9869e9fbd4f1679c081f5e05b24e3678be9a7d38ec95f4c653fad0fcc640930466517af64921078320c14b5b7f7a0555f497df6c4224ae4e895 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Preferences
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/6008-2928-0x00007FFF38300000-0x00007FFF38301000-memory.dmp
memory/6008-2927-0x00007FFF36E70000-0x00007FFF36E71000-memory.dmp
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Preferences
| MD5 | 2bcdb103a78f05e85d26b4ca31e55011 |
| SHA1 | ace4c47c8797ba34a68256c2c3fa99c2763dec07 |
| SHA256 | 7cca0af6149769a7e939843e2ace489312faef7db756369312b58072a3bd1164 |
| SHA512 | e8c911204572c1b2da763ba3918c69ee1423132fa3dd5e1fdee603f76b1aadcdf207441ca5a5de92a5dd38c86e49a3ab3ae5422ae8a76953090ad57339fbad2c |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State
| MD5 | 691f05e984e15bc1ea890c8c3e59340a |
| SHA1 | 0b47da052af4ccdc70b5bdd6ced6e3bbd26566cd |
| SHA256 | 2079ca9208bba980475f8071b47146724e75b8127aaeb66ce9676cfccef09bb2 |
| SHA512 | 570ec840c5330f3ad4b4c3ca4ef70514877936919e6b74798ea3aea12155093fa0eb25eaac1ef9efbfee3b34994705c2d7a097593f61bed9cae9f5cdd7513996 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State~RFe60f82f.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76c81d2c7fcb64d4e18a7ca1a9f72ed1 |
| SHA1 | d8ee7f2d786a698fd13bdd8ab9f4b9d696c57ef4 |
| SHA256 | 9ea1da263ed95b1e336fd3a91cf4e21ebbd7cd6f5a825d6f72304048c1b05c79 |
| SHA512 | 9a6003f429750d5d48a6760cc74ef17d59adda47ffccc169dd43c32b209479b018a3a629c486089a0d58911c64a2c154270eb590290e4df49df21a8e07d386a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 983ce89acaf3cef95002eb61b90906c1 |
| SHA1 | 73f6f08dd15a2f338c5c390c7d1e6b3154efda58 |
| SHA256 | 86a4dc91347279b436bdd0090f0058dd654230505695947f0fcf223884c028ac |
| SHA512 | 33ccac321c6154a315239e5f4e4540d55414a1008b89edbfedace9bf419de43d6efbd7c6dc01562b72f18801c1392a2c9c1f4c972058e22dd3bb0750dd3549b6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 8f5df72b39085ba056732e525f5557d9 |
| SHA1 | ede82e85d1a1bea159b9501810342b892515a270 |
| SHA256 | 113d398107287e198d7165ee95f4ff03ef6fa8dc99a80b52d21bf13ead7f1628 |
| SHA512 | 88c07d173dd3b49e4b153bd72fcb9d8e37b5e85263a7ffc62eda954854938eec660169fc755f316a3f497871a4426e5076c015be298ecfb32feeb0f5e1ab208f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9498fc49bc5af9e385486330df65896 |
| SHA1 | 6ca86c56d7ec5806b0fd5af28bc6f90ae606e131 |
| SHA256 | 18dfd910ed03f39dcf3e0644f113654bed4d39963f5d81ef706cc1d7364e9a79 |
| SHA512 | bd4a51180c517887c403bca9f75b0b15984c57bc516763951dbc26def8f0969301822737ffd6a36b83e35fc9fb0f1b2abd6b9acbc119e7c4ce89025c97aff56d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eec04fba861d6841f5fc992f90c1877a |
| SHA1 | a2a6f08af444058119cde53b78cbcc5a77cda893 |
| SHA256 | 40d55264931c5d445d0e51b49bbbc4024a970d08f1f2080a7a01399d8cfc903b |
| SHA512 | 6d5350420d55938acd039d519a24111eb85be5283f50da11176c2c875aff5fd4949ea06d12e9ccd1c4c2c81b89856a70876388fd1ca2db12f65000b8152e2068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 561bbd912379fe5c7170e4c5e40051b8 |
| SHA1 | 1afd8364deab0c17a73be577d6de10decf58920f |
| SHA256 | c509a37a1bf569c0f393d05e6966bd00f46a9db136130114ef3003afeb77ed0b |
| SHA512 | d8a724f43f4deb22c7f1b2765bef0a878bcae6f18fbefd546180547f89598eb22dfdd185ce6d8e246ee26d1f74a5b511180c8094f75a1f88f99248c9598293c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a14497f1ef7021135db19ee764ade866 |
| SHA1 | b8c80fa7dd197a04f20f7afb85c86d7035a48019 |
| SHA256 | 21c0ef956558809195787984205c731c48952a07f6abd65eda5b8241356e20b1 |
| SHA512 | d4dca7c8745921b01c098f665f126851f3e03196df5d8996e060eca16a6f3ee88085df5fa91dbf2584aaed27d69d7e4003573bcdf3f2bd90cdb911bca085c257 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f509d69fc4f8a92cd1acc33665e5886 |
| SHA1 | 8e76ebfcb0484207013397493d6f60e85303d834 |
| SHA256 | 850932581af3f61fee38b44572ccb69dcb2708eddead483d48d0e282ca10822e |
| SHA512 | 17a424acf5b7d09d8817dcb7d4ca655e18572cfe25f6a7485161e26b8077e399d893fe5a63b59103f77f1dce6cc739fdf9f2be7b4273f5e467792249913e8cb4 |
C:\Users\Admin\Downloads\Unconfirmed 951206.crdownload
| MD5 | a6d494dd3848d0f01084e79b28d10604 |
| SHA1 | fe1468da78a6c5edd8e7f8df9d90658cc16a2623 |
| SHA256 | 64bf7eb71837e1c8a23b1e19201c05eed72a120fb31b1905b8a872e22a519300 |
| SHA512 | fea37d35608867653eb05bbd54ab10c47dd271560a6f02b4d2806eb44a94a4a469bceee1683f0143049e5881153a2a821df1ca2ce8e61703af28fa4c60afeab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4a122da55cf5c351a21adc565ae02ae |
| SHA1 | 4a1f3c3cea3af03aff9379a636e9845cde07c631 |
| SHA256 | 39ce03444cd31c634fd1fdd18ed056fd2a29e61f997532cf6c8295d0875cc349 |
| SHA512 | 4c43d986cbe749a172b6d8159d54d0ff828cc2f74e1fa5d27c53e91d7f8674534c4b5410f5b8ad730068fe608c4bba4d76f655ebfb8777b48490d0c1d36dd21a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7fae7368c305327f83c8109335c6014c |
| SHA1 | 4df775a2bdea1af558b420a547bed2d29890791a |
| SHA256 | 5cd9c933dd80a0b062be5e1cf648776a6a8882dcc42e73e34524997f2e5e0f8e |
| SHA512 | d18f8eb09481986ac82efb18417135761b83f9acabcf7946ef9407651f367ef214b12247faec57e2804103953f88b3b9faa16a4d1ce4418c6ecefbbf4d33b599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 466612257205e268acdc57ab7d8a6337 |
| SHA1 | f05cfcaf1d4f6af4f2991d9b8c756cae836d1526 |
| SHA256 | 37cd27849098120fcedd0a3e6c0942c91d51d88e9541aeaffb1c8a5cf42b7a05 |
| SHA512 | 7655b4f1a33784b4784f13ec8eec49d3e20d981bb3f070c145dd85609d0d7e3b390e97562ef534cb3ebd93460b4415d0f9c0943bb9ad1f36812942608f26e8eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5347b08fdc3a7361e237b8df48f1296e |
| SHA1 | 9b25bd22d5b4650be20fdd41d3a2d6e8806b90d8 |
| SHA256 | 7073f0344144af5e32ef712548804065a2224c19672644c3a5b2e5bee8e0a1e1 |
| SHA512 | e40752fc14400968414f2545b81435ed5142a8848588176cba0a66a5342879bef80e050f863ebb89ffe310390bcbdd8064600489da6da3940757581dde425b3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 552bd4ebc17e10ef421ba24d20e19295 |
| SHA1 | d85ec785c5112b60609510e5f24518cb292060d7 |
| SHA256 | 9b2694b7aa4b3499e32dec2c82958c434c16395e5e07f8aa83d20ca6334d21f3 |
| SHA512 | e6ec4cde393ac55578d787c565385d1be4e7e71534851ac36967519a535792ab4257ecea27a0c2704b2f7681bd9a500577a8e83816215542e93fbdcf3b16cbc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a1efca7a-48a9-48e5-aeeb-b11680e1340a.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 82eaeb35c926a1c7be9f529f29ddfc6b |
| SHA1 | aff055d3fc692df43d84b5913b6cb25a8fb8ea52 |
| SHA256 | b4f0381365c7bb293175fcc45d0e80b52739c1349243a9e898c5736052d8c9bb |
| SHA512 | 18053291cf922543d99306259b8885f83e6e4204a5b3243776ba5ad2c19e45542cc81b75e718a32d186ee1092503e8e7ab91c7ce8a9d7522db97ddf1778e0b6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1b1c56486b3cd9baa11d66bbea8988d2 |
| SHA1 | ada225e80f4fc463003dfa54bd5ff7a5df0e7be7 |
| SHA256 | 524a9a258611a9d14db6d084318d74d35060a584ea53a748f5f3c826a3051eb1 |
| SHA512 | 100a4138ac79c11db32b3c92b5688a14f11bbcc3ac59c6dec0ffc4724fb751c6fe72755222615b22dd4448ce4fee6d4019b823cef60c5bb18bb2bb75045e10a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4425d86c07aed0419ac96fd6f737573c |
| SHA1 | 7e3500c88417d0c2f000a6c61aae5302b20e5bf8 |
| SHA256 | b844a6310ef97d594a5c2a938ab92ed6bfa684274d8b1025ea1b92049c03393a |
| SHA512 | 9c60961ffeda929c1b1acc291d5fd168ea4a820c605db70a0ef607a3c952564a6d7c487db9704d9bad9e2e0ebfdb063b2a1ea3caffed1f40b5e22ef1897feecb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c2300b7debfc97613cc8132594491612 |
| SHA1 | b402cd4f25bed00bf5433e5a951a34775e06c3db |
| SHA256 | e8e1d86ae2a0cb5267f9365f38dc3de1c358a06cbeafb874b93c87c2fb406bd8 |
| SHA512 | 45d5afd1690606d43c8c5921c00b95bdf4a5e789abb7f05038de3b11ab2ba521638333dbb69587a864735dcb0ff98a43f254f7824a2717aa5acb915bc4cbd6f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 254f583824dc8104943f17855cd58b7b |
| SHA1 | 1e15c04708cc27a57474189091e6b17b79e5427d |
| SHA256 | 6aceb0dbfb0dc6f2426d1280fd26c7eb940ae2f6b2ee9426d44357afaca0c196 |
| SHA512 | d7e52ea13afb31ac38e477779fa32df45ca25adcaa175d94bd9b6a11ea4584dfebc0477bac615b718b5a376dbeea20bfeb3db19dd598dd6fd9dd3615a4372d24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cea94e11d80bbf077dd211c57329fe0f |
| SHA1 | 54f3f6e1715cbf9146204c17d91db94c85586705 |
| SHA256 | 8df2b50a6911239e4cd5a364ec3b23b3eac9e30de69619c0a22457886d28c58d |
| SHA512 | c04890ae3d9a95ed3ff7c391b430ff0aedc1bca61a70c28a618283d60151e207e6df75b3d25ed3b1472b750e636e4c06137501b82172aaccb489996dd553c465 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:46
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 18:59
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-18 18:45
Reported
2024-06-18 19:00
Platform
ubuntu2404-amd64-20240523-en
Max time network
592s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.54:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.59:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.59:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| GB | 185.125.190.26:443 | canonical-lgw01.cdn.snapcraftcontent.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.59:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.59:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| GB | 185.125.190.26:443 | canonical-lgw01.cdn.snapcraftcontent.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.82:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.163:80 | se.archive.ubuntu.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |