Analysis Overview
SHA256
1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520
Threat Level: Known bad
The file 1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Modifies Windows Firewall
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious behavior: SetClipboardViewer
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Modifies registry class
Runs regedit.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-19 15:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 15:25
Reported
2024-06-19 15:55
Platform
win10-20240404-en
Max time kernel
1589s
Max time network
1787s
Command Line
Signatures
njRAT/Bladabindi
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4836 set thread context of 3664 | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_fsantivirus.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_fscontinuousbackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_extension.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\dc1-controller.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_apo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\xusb22.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_fscontentscreener.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_diskdrive.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fshsm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsvirtualization.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\remoteposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_sslaccel.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssecurityenhancer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_fscopyprotection.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\wsdprint.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscfsmetadataserver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsinfrastructure.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\digitalmediadevice.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_proximity.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_holographic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\rawsilo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\INF\c_fscompression.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_swcomponent.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsphysicalquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_cashdrawer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\oposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\miradisp.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsundelete.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\INF\ramdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsactivitymonitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_barcodescanner.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\c_magneticstripereader.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystemrecovery.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystem.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\answers.microsoft.com\ = "124" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 05ab35565ec2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3d8506b95dc2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 65e489d55dc2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "425592416" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ac2fe3f15dc2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 49af4e2e5ec2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "599" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 21f3facb5dc2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f04414635ec2da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\The-Big-Malware-Repo-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe
"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.0.1674846874\1216288647" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d04193b-49a4-4c07-b7ad-6348933d42d3} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 1796 1476acb6858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.1.852242514\1928714911" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac47a83d-7e9f-426c-9706-eda7ab1a9841} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 2152 14757672b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.2.465473701\919665569" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2916 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aca4ffc5-dc57-4b7d-b15b-0f2949bbcda7} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 2952 1476d9fbe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.3.48331807\1748486817" -childID 2 -isForBrowser -prefsHandle 3312 -prefMapHandle 3308 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef27360-b050-4df3-b4d5-4cd4883cbab4} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 2304 14757662858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.4.68961746\1625581901" -childID 3 -isForBrowser -prefsHandle 4400 -prefMapHandle 4396 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea9d88e-13ee-4235-b240-700ee5ed5a81} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 4348 1476f9c2a58 tab
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
"C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.5.164659594\380749414" -childID 4 -isForBrowser -prefsHandle 4808 -prefMapHandle 4828 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {494db375-99cf-499a-95b3-ca1ab94c62f3} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 4852 14757666e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.6.1294177679\1658260014" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99e9cd3d-2ce2-4a40-89e3-aa14716f8ba0} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 4912 14770182b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.7.1262488234\574554837" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f78ff44-cbbf-4ae7-b3f1-e11194223d25} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 4852 14770182e58 tab
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.8.1703299477\65047186" -childID 7 -isForBrowser -prefsHandle 5616 -prefMapHandle 5608 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68e03c28-bf7f-4258-ab1a-bf6467f5001a} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 5676 1477233a958 tab
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.9.1173609733\2061073189" -childID 8 -isForBrowser -prefsHandle 4748 -prefMapHandle 4484 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aadfadaa-15ec-4f70-8a8e-3b2eabdf51d3} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 2572 1476c214e58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.10.215757783\186840033" -childID 9 -isForBrowser -prefsHandle 5628 -prefMapHandle 4596 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaac29b8-5bad-4ad2-9d77-98d953115d28} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 4580 1476f33b858 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.11.141390310\836362485" -childID 10 -isForBrowser -prefsHandle 6412 -prefMapHandle 6416 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53b1f081-a397-4a63-be39-92957118f49d} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 6436 147724b5e58 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5e39d7d511bf41849e0dd55efda4236d /t 3680 /p 3640
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 52.42.69.239:443 | shavar.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49774 | tcp | |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.69.42.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49780 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| MA | 41.249.109.189:10000 | doddyfire.linkpc.net | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 189.109.249.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | 124.8.63.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | cdn.jquery.app | udp |
| US | 172.67.164.99:443 | cdn.jquery.app | tcp |
| US | 172.67.164.99:443 | cdn.jquery.app | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | 99.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| FR | 18.164.52.95:443 | script.hotjar.com | tcp |
| FR | 18.164.52.95:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 5.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.172.64.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answersstaticfilecdnv2.azureedge.net | udp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mashable.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | bonzibuddy.org | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| US | 198.187.29.31:443 | bonzibuddy.org | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 198.187.29.31:80 | bonzibuddy.org | tcp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | 3.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
Files
memory/1452-0-0x00000000741B1000-0x00000000741B2000-memory.dmp
memory/1452-1-0x00000000741B0000-0x0000000074760000-memory.dmp
memory/1452-2-0x00000000741B0000-0x0000000074760000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\365911bd-d153-4024-8dad-0595e94ded18
| MD5 | c98c6c91b6ee5b77b6bc80c97992a343 |
| SHA1 | 41f5a4c599153586f57fe088867154819bffe886 |
| SHA256 | 6cd02d04f5b8130b44c264e2ca065d0694a5ded0f0a0df0122510cc5d18bc537 |
| SHA512 | e16f71654e37c6cc056bf49261847b01f7cbc1652900135165e821192830c06c508fed97c1179c8d379be85211b96cb15f81d47c494aab831f8e0575f597e43c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\1a60969f-bb4c-4512-94fa-880e78c50266
| MD5 | 1f6c38b64f6b8324c298c581c0e96d3c |
| SHA1 | 5ea9795d005bc11a4d63652da2a4f580fc87b9bc |
| SHA256 | c541d83a95be44b6148f7fc56f8782ee4564b9d57e90596a6edd48964087ed19 |
| SHA512 | d273a84caf8db8d6867f0eaae3cb314ace255fe32cd7ea58323e2e1c751d30b889e644a87484458865ae846b4d732b9bc6d67a99a2873568197ca82d268631a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | fc68f065cb5707c45d8f3f94164babd3 |
| SHA1 | 4dc5470fb750959cb3c9bc59c90ac2644a4739bd |
| SHA256 | 9c54940a17a2eb62ce379fb50676d9d710c873a255585a10ca27698ac48d4771 |
| SHA512 | f9a303e4bf12de4eba241cfcce9d07b5d57229a30ac25f4863040b7dd4508002d75638e53e754958f44caca101c385b37198d9aceedec443f921f25e8ca1c642 |
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
| MD5 | 6cd33c4030171bc522868727cb7ef11c |
| SHA1 | 76a60a75773a1a2a5ec7f28ed404bbbd8ead084a |
| SHA256 | 79b7e8e3c1f6fdc3312eba377e8c0891ea35303f691987283fce45168bf2fadb |
| SHA512 | 5cb2d83e5d77018e5b6d94a61358c289a141816aa64a78221b703125430a6eca2e82b4a3cc2655444c940494e7cbb8e410fb07b12a80787f746669ad2c5cef10 |
memory/4836-83-0x00000000741B0000-0x0000000074760000-memory.dmp
memory/4836-84-0x00000000741B0000-0x0000000074760000-memory.dmp
memory/1452-82-0x00000000741B0000-0x0000000074760000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e7d901ad03d22078f4c42ecc83c3bd45 |
| SHA1 | 13ffe2ced2026e6b99c39a96d006c7832a72ba17 |
| SHA256 | fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17 |
| SHA512 | 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9 |
memory/3664-101-0x0000000000400000-0x000000000040C000-memory.dmp
memory/4836-104-0x00000000741B0000-0x0000000074760000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | b3906ed757db8a8621701926ccdafd20 |
| SHA1 | 3ccf4263f8b441874597ffc67464efae353b214d |
| SHA256 | 5ba96c5189b69ad26e5c2bd7251c6b9bf0c228768368f1f6bda2a2cfdf4052c6 |
| SHA512 | 010c21baf34ef1249046a7a001deb0737a32b48ad8014deaef4a4c3026e6adf90eb8e0ed145ef0a2b6c7b6245c65a63545a578391019f1e9b7e878b4ffff3448 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2e60d75736a8e0e65bf6e193ef36168b |
| SHA1 | 980cd97b422d22f3456cb0b64eaae6a92180ee0f |
| SHA256 | 7769fa3894a5e2bb8da80971e3c17b05df1aeaada38c4604a32f7c28e47f9d7c |
| SHA512 | 5eacf8c9815a5961c2dba83d115f55b6d4a38482d348e00642c3f34512cd4279e4bc364630aae88b00e2c9f6ceeffac7725f0a0b2364201845e619b4e88b1916 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 449915e59d4fba66c9d705837f7c2bce |
| SHA1 | dd69f73b237292779cad529ef06715f74233c396 |
| SHA256 | 82512c20481347a7f46116ce4db15e46efafd5f097f4794eb2e659c2b925a93a |
| SHA512 | 1a4670b9761b08fa96df95478617902a32d1078635e742d2a00ceefab498eb7776d32c28702759a531ba9acfe139f81b15054a2f0023a56311591d02b85119a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6207
| MD5 | e7f4bc3b303bb9e1c764f8e791b89829 |
| SHA1 | 1cebdfe64036cf8be137fe1ad3929312eed7c14b |
| SHA256 | 780ca2ece1c8b73757a4436757e1afd57dd828662af5f0e893b96e2d0ac6350f |
| SHA512 | ce388d1b6f832627d3674b2073b1feb0e69dbce19b93c4755fae98ecb7af850e9333d1a32eaef0fc85ef92a6d56d214fb12432a2564a9357219d2e42797d9694 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\4187
| MD5 | 829f88d4e81940e84245ea82d633541a |
| SHA1 | 67157d1982675d19b9dab6e47f1274378305cc16 |
| SHA256 | 326f3a91498a9313f5fcc2ec20a4975a60464fe04b7a70ea85eb53d48cda7e52 |
| SHA512 | 80fd4763c2f81335e0878f39fc18281c738027fa16fd9813509f4e13a4605aa60697fdfa868f0914e9c78ec500d1f4adee665dfe1a0fa3444e28dfa60765b4a8 |
C:\Users\Admin\Downloads\4CT_s0XN.zip.part
| MD5 | a043dc5c624d091f7c2600dd18b300b7 |
| SHA1 | 4682f79dabfc6da05441e2b6d820382ff02b4c58 |
| SHA256 | 0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a |
| SHA512 | ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 99f605c41a6922b198444bed766e1bd0 |
| SHA1 | 7b30322179d82b9c158c98f90f1bee4321a6fdb8 |
| SHA256 | 321bd21948c5bc092777056502f5f8c4bd74166b3ca6a263994522aa8a4f0b37 |
| SHA512 | 1927083002cc39978f1c7820e5755d1b70c18d93e0300cd52d79e4f155c328e9f5e6050949b21ea84291ce73dff4a3aaf847470cba058efb162776d272369ae7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1a2e68c3441a0c0b42bcafaad7592fce |
| SHA1 | a1ad106c7592fd725d997b12eb76f042bc4169fe |
| SHA256 | a8df05e9105da96686f38f33e1ad5f465e3010f439d63756e239c1272a6e2c42 |
| SHA512 | cb4107e13f795589d32fee418877f45ebca6e77ec443ed6a7a54ed57c6a28fd74b287a60fce19976e48862eddc74b6e803f1f9a50971effb59a05def148aedde |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 921a0a437dc67a11068e493d1ff25fc0 |
| SHA1 | 0c39ae476393eae7495014f9fca5eb682a7f6bed |
| SHA256 | ed4db07bcf2898fd5e4758d73eec6f76068c6116ef9970f98fdf66a523a2854e |
| SHA512 | 4e9d0dedf237d16aae87a78b9760dc734ee6237cd8e92d65515e1600646b8a808de597b5c7d8a42fe0bbe37bb7a05a6c96ae2d51e0ebbff4351c4a320dab1974 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 70951152e2b970d277a84805af3d79fa |
| SHA1 | b78d4fda385cda10bcf3681c9395a10d0adbbf90 |
| SHA256 | b3385ea1edde938405b18f75399b0abb220fbb806d7a5bd6d4494ca98cb47cad |
| SHA512 | 23ebd3ee54a0f1f619ddddbc68f652b622476b129f16ce7732764fb36c2b9e01c1db3d9a4c8e60327c76eafb147b97ed3eb0840cb6cce18f34cb6e2d747da9a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9b61899cc0f5e256da2ecfeca121fcdd |
| SHA1 | b5cc85842c59e36292d088b2b3450b0e9508e60f |
| SHA256 | 3feca04faef5a43fa5b0d608e49c81eefcee1c3330c1e74752bfe5cc8a2dbbc3 |
| SHA512 | 0b5a0385dbcaaeab2748acc36a1745baa155d92ada96a5e825e30a3186b79351b3809a458495b5b2ed9f9814a47617876d7b0dc1e7e90d5cd0004df2854b02c8 |
memory/5320-583-0x000001E69EF20000-0x000001E69EF30000-memory.dmp
memory/5320-567-0x000001E69EE20000-0x000001E69EE30000-memory.dmp
memory/5320-602-0x000001E69C260000-0x000001E69C262000-memory.dmp
memory/5800-612-0x000001DF64500000-0x000001DF64600000-memory.dmp
memory/5884-637-0x00000180E8720000-0x00000180E8722000-memory.dmp
memory/5884-635-0x00000180E86D0000-0x00000180E86D2000-memory.dmp
memory/5884-632-0x00000180E86A0000-0x00000180E86A2000-memory.dmp
memory/5884-645-0x00000180E9600000-0x00000180E9700000-memory.dmp
memory/5884-767-0x00000180FB1F0000-0x00000180FB1F2000-memory.dmp
memory/5884-765-0x00000180FB1D0000-0x00000180FB1D2000-memory.dmp
memory/5884-773-0x00000180FB420000-0x00000180FB422000-memory.dmp
memory/5884-771-0x00000180FB400000-0x00000180FB402000-memory.dmp
memory/5884-763-0x00000180FB1B0000-0x00000180FB1B2000-memory.dmp
memory/5884-818-0x00000180E9040000-0x00000180E9042000-memory.dmp
memory/5884-845-0x00000180E8F20000-0x00000180E8F40000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\js[2].js
| MD5 | eb78dcae8045b93f91382513f7d60dcf |
| SHA1 | 254e8bd377c38a6c4b208dfb1bee599c8400f42d |
| SHA256 | 6f912e66e6fa91c7739d47b81fab7b54b67650932e82aaf937145d29287a9224 |
| SHA512 | 5691633a2b481c015546326422a46660cd273e9a983216771bd69f47ab8f76a737ae2e5ef36d80680a16f7575363139f3f3987730a605326909dd301b3794637 |
memory/5884-970-0x00000180FC540000-0x00000180FC560000-memory.dmp
memory/5320-1032-0x000001E6A5C70000-0x000001E6A5C71000-memory.dmp
memory/5320-1031-0x000001E6A5C60000-0x000001E6A5C61000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8L81Y5DZ\PCOP[1].ico
| MD5 | 6303f12d8874cff180eecf8f113f75e9 |
| SHA1 | f68c3b96b039a05a77657a76f4330482877dc047 |
| SHA256 | cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e |
| SHA512 | 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5 |
memory/5884-1050-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1079-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1078-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1077-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1076-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1075-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1074-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1073-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1072-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | de267d22725822128d781cc00373bdb2 |
| SHA1 | ba290061b8628d4d720f7227860d5dd03d31fea1 |
| SHA256 | fca9679f42b1477b3ac5c4804d27a8b92f2338663e7673463815673bb7344293 |
| SHA512 | 3a579e96cba5c557dffe1b2deb45bf87502b67f1a05c1793ddf310c2155d0479cc009cd6596ae989eee8e02ea898fba3774f7bb45e17a7da0a607d23e1857d10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\61BB0FA9756698B3EBF308E787FA1F275AB80717
| MD5 | 5e25beccd143700338b9dcf895f3e908 |
| SHA1 | da77a8cdf018373fe5cd8b3e6122674482895b18 |
| SHA256 | 40f748b44a5a3671160a18d276582198a75d98f8e0dc1c988d83680fc4e59e02 |
| SHA512 | 70a6adce369f34adffdc4924f154039a5768a7b08825c4b1b47792ae32a4c1d1ee5cee5ffb0dea25373dc9ffd3cb72bace9fb761c2ad4308a7694bd81e75466f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3C2F3E2927F45F391F6B6A8E81323C20E7F71E79
| MD5 | 7ebb698964292429041762ffab76aa1b |
| SHA1 | 4948c567e4415cfef383a434fee28d95bec1428c |
| SHA256 | 6b4a5de37438b541b92517222ed6476374418fef368787cd6e1cf6c6c8dbfbb6 |
| SHA512 | 478771cd38f9db4b79acb93dd58e2fb603bfec11273d22ee82806e37c006617c381c761f73960687aa195c79d156f45bec403e40f9f7e2455d29d4805abeec20 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\927C368A0B960260B5082832E33B7747C6416733
| MD5 | 6833fc1070cbd6a0635fffc56e6fa640 |
| SHA1 | 7a43ac675a86c081ce346cc8c858fa0511465251 |
| SHA256 | f4961218a703dc54e1c35c4551e9d39a0c45d33c6f70ceaca721df0e88b51163 |
| SHA512 | 42805db75e75c802e6d223662590df9391acf13537b4956d42584014025accaa3cc6b708c17fad22163b95ee7e53ae396767d505250351f56ddae97d64a6d083 |
memory/5884-1166-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
memory/5884-1165-0x00000180E8FB0000-0x00000180E8FB2000-memory.dmp
memory/5884-1167-0x00000180E86B0000-0x00000180E86C0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | ff809dfd7c3d5a4f6d0054fb5468e738 |
| SHA1 | 3d03cc575d57727d77ba38bfe6daf55401525a8e |
| SHA256 | 23366362f514e2ecf0b5e82b0847ab45b7bf92de603c7461a22f6d340c3bbb7c |
| SHA512 | dbcc4b1ac5ce3fbc535f9cde58a3b13e62bf884e00ef05aac026323eb498c33b544753f88797fa666d9b9e4114e424bf335228b439dfbe1d4560b7b91abe5101 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 94fc7692db2a5295e65e644c81d71f98 |
| SHA1 | e399835fd713255e57588ff1ad8c9b31b199c1ba |
| SHA256 | c3bcac98babfb244708f92ae40d63f37b6dba8a6d212f7817e5c8e3f4603c597 |
| SHA512 | 7a612fd8c90c2abfc377de8d9c985e97961e7e8cdd7a507a347d2a497251b267c815cc24052a7240277c88db608b80d927c109994673d31ff748b5e96748fdf9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | ecf64da67bdcb5a1667699e145278b12 |
| SHA1 | f075d38e976968daf0dc36bb6892887a6f919cf7 |
| SHA256 | d6ff01235e59d33b55b19b729eae670d5536d72cec4566c9a23d6a00cf211d7a |
| SHA512 | f46ae7db1f401fb07e3501375666f7d709394b349e3f67e1f8885c357d6d79976244b8823fef3da87e8b0c504c2dba9748ca9b46871d78327611e5d4caa0b0ff |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | da25198746f9749ad1183054c1895ed9 |
| SHA1 | e30f6357ed3fc013be31e121ffe271d75dd4e98a |
| SHA256 | fdb8db1746b36827d6cda1c8f80ffe519f0fdf29a8468d389918f74c7a606f2b |
| SHA512 | 3650b12a70dbbbaea6c12a3359646c57728ba1a9604c5e3892c5b89de71d3cd9c5c436adebaf28bdfd689df9525e61c6107cd3ce69c3d97b61fe5cf825008166 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\10WODER9\answers.microsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\wcp-consent[1].js
| MD5 | 5f524e20ce61f542125454baf867c47b |
| SHA1 | 7e9834fd30dcfd27532ce79165344a438c31d78b |
| SHA256 | c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9 |
| SHA512 | 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QP6ZO89V\favicon[1].ico
| MD5 | b939aee911231447cbd2e3ff044b3cce |
| SHA1 | 0f79060358bea92b93ded65860ffbc9ecae3dc14 |
| SHA256 | f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c |
| SHA512 | 8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\MeControl_v6QmZT1KIHvYorogrcRgqA2[1].js
| MD5 | bfa426653d4a207bd8a2ba20adc460a8 |
| SHA1 | 1c3777307ca89baffe14769945eb2215c0c2700e |
| SHA256 | f07fdce076d91c554de135674b5ea92a3b72348d33c72d43f93e7ff9a5bfa490 |
| SHA512 | 56643373ee5af3f6f1ec20da41998b99a5d311aa9b550492683e2ea2a07146939e3abec9c10b525f5a312bbe2b6152d6c8ec3b9e2174c79c316cf21db764c8ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5
| MD5 | 43b8ad6561300d3afaddd262f4bdcfc6 |
| SHA1 | 9e2fe9ee23c00a05a8ea68c593a7e14d1f5df695 |
| SHA256 | 3cc837043a941a68da485428d42f88a2da4c99aef7082d890822e80e01ff14af |
| SHA512 | 6e84e9dd3cc10b11ffc06bdb1b38bea2f041326aa4a355db366ac7e3297e565b8ac5cab04fdde760ae8b5f4564e2dae265250f63d5936f3ad1429b07ded01423 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6DD2D95B4CA2DFE7BF3A7008BD2E99BA6C6E7C52
| MD5 | 18c73d89e5ca18ec466c839e4ff3aab5 |
| SHA1 | 6788187fc4e86047085480cad112a2249fddce86 |
| SHA256 | e521e10b8eed2ce0bf4b8947027da49c90f649e929a3665144ed321e2725bcdf |
| SHA512 | 3511de5bd4e9b5fa087787925cbe546c072c29b96374c6b1c26e29f1f5a0e32f59669bcd13fb22e8788b409ea3593ba62bc741bb895e220f04f9036dd07f6ed8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F63C822E7AAFC0ED25190A22B0F0D8103B08D6BD
| MD5 | 3e56ad9216408b52883ed2b3f30d6345 |
| SHA1 | 5ed1642853863c585053d8e5bc960f0d239dc7cf |
| SHA256 | 81da190c3c4026120e88b53298ebf51dcda58796cd7a07e96ffca5c7177cc8ce |
| SHA512 | d6b41e51e55d18dfcff592d369ad4f64cf2687857d4a0740965d2ca867ec467ace01fa6a31fbfa4711975bc7fb9ab40cf970a2c3d44d3d2faffdfe6254b2950b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\14021B4F90C64F8926972A07525D347801137726
| MD5 | d6a9bfb330c2737cc1605d33855a2b44 |
| SHA1 | 3feacd8c0e0925d3851f5a1ef54355f583d489a3 |
| SHA256 | aaa8cdba6093d6a47b6ec65fc7d75c049262e992b3e4815211b818b40693526b |
| SHA512 | 3088b5e99c6e82a6f4b59c09d39b578d41080d44e05d90a656d25b1c0387c090c51150c6359acbbf40a411e0a7685ad4a6c2081c6e10295a00e2819db05f5068 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D964636302D374DC68C4DCA2362B6B75D9DB1ADD
| MD5 | aa27c985005a0f385d740f5226ce4eb8 |
| SHA1 | 56a4ebfb631b1fcfeab61f1992036d11f414e4ff |
| SHA256 | 3fc3345a0a616229e005daffbcc76613d921175a985bb025f0682c07eb8c8e61 |
| SHA512 | 484420484637bd7a0657385239f38311c3189680ba7502c74f617fbe32929c24c394f401e293b0a5233b86365576f0983097f9211dd968b662f31fad82199cb0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\91F31F756AA32DC0823EC30502996894D0DBC749
| MD5 | 50d7e67b5e139ab39fe6d2c71647ec92 |
| SHA1 | 12430256fe72d47cee1ae06cf541ccc5cd5d5014 |
| SHA256 | 59bfdc26f1d211dca23c7708eeabcb78de548ea4037a82070cedf4769ff95b5a |
| SHA512 | 5745770928d66ccbfc7daf6056a509d0571346a9fcccb2c290377093b2906e6429a5e243b5c3191d7ecfe57f5ea7395af9ae17cf17a68afc4cbc4e2a2d266255 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D
| MD5 | 0bd3884baa692387f096bb1ba7e0b012 |
| SHA1 | 0fca35e18be90eea5763dbd277d2716d287aebce |
| SHA256 | 0743e4e781973f6c732de8c75915d84da2319b6cd1729ee81c387d1d02e21ae6 |
| SHA512 | f70de014f95d7a68d20a45c6152d129600d3ea90b3c8fe3304844e15f118b92dcdf47283794363d6d1a824150ebacc9a221cee5f124703d5e3f099aba59461ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E9BEC073147047EA8C760B036BF12413005CB4C3
| MD5 | 9f9bf4d0a4d939ad32af927b511cc9c3 |
| SHA1 | a7a858d3dec2441cd432a2376ff1f7b04ae5ae5d |
| SHA256 | c0179f3b1a434dd2166b03c4ebba31d495749a0f2caf0c97f86a461495a65680 |
| SHA512 | c7e9e0c63f0fce6c6f08e35067e55f1ff1e67fe23d89262c337f2933ad562d5b4bcb09205763c9c5dcfc019bcc8660b09cb88f664c31f48abf26e0155c37dbcd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 30aa2f2f73269a824fac2e02a9ec2790 |
| SHA1 | cd29e35b937bd326529cd7f166afaf658b6f3ed8 |
| SHA256 | 3e21647912f377ac6e49ba6cccf05c8989dc7894cd980c5ba0b770d8fa955ccd |
| SHA512 | ee4f77b3fc48337e55d099090ebef1d5ee949ae030d130e467c32c253e0c893499f2ceeade1ead5b9140c134254904fa00d7b85be3c8fe673beebb86b4aba80c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5C778B064A4A9E66650E0A0DB3FA61FDC266204D
| MD5 | f4fcbab1c9286cc122ca94244aa4fe9d |
| SHA1 | 7c870556b3e5587104990ba83290bc703d7abfc7 |
| SHA256 | 79eae684d265ec280a6a132a840ae2f16ad636c729164f97e3cede152e8efcbb |
| SHA512 | 401b833c8168411fb9d5d4a2252d747e380f37f3624025626e10095759f1e84f293f9c5619ebbdb9de06c4d17d233298f74f825a4c534e3f064683e6342986f9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\55B18594DBFFC465EC162A946283139D4F972F55
| MD5 | 90b4b03dc454627c17eb7c6b40ff7c69 |
| SHA1 | 31ad629f0bd8b03452898b53cc1f2f936761f10b |
| SHA256 | 4f238c2dabc9a1f19fde852facaf804bd38dcd63b97087e037d26e57c090b686 |
| SHA512 | a3974b128ccfb4e4ba7ecd3acd86fa606b42541c1c31323e66592a14c5f1d640f807cff7559900be9cdf76ce39b8551aca4000824698759db05fa66bb325a136 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2F3C4B2B8EEE63E659E2FAACF3FC155F3C8CC28D
| MD5 | f18f5a5131c9f5bede330e737ca08f51 |
| SHA1 | 05f8d4b7c3e79118b5af65c7bad4a02ba57f6c02 |
| SHA256 | d1c54c455d7cf43ab6fadf046cc850fe9d858204954a15b2f401cd35620b5eb2 |
| SHA512 | d3865a2bc0a2b84f0aee6891c7e6daeefb88d66767faf912cdc7e092f00c7812dc3fbcca62a8f6f39b1fe319db2801be169d979714d40a5d1e03e00472c5f93f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5E31ECAEDCBCCEACD1A6D08188BEDF3A55231C82
| MD5 | fbd89f2d5377a55d93f43c2b8381b806 |
| SHA1 | 0c95142b3d5164bef4643975f4db88c34860574a |
| SHA256 | 65ec4837dd75d67734d4bb099cc84d79a5b5fe62b299553d45fb51fb561d3bcd |
| SHA512 | 77c29e39d10a05507c1b544434b3d5a8e1fbbf1805d1a56f935c8f522d2bf88a969e63df2a599b0f116b5123ccd6e462bdaa7c37c515870aeb45ee3bf3facc44 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\940168BC7346883DDD2D7D35B0EDD2695DF85721
| MD5 | 18eef33d04710f6bded17c83751e52c7 |
| SHA1 | c06762e1447b6f48de62a0f7a07193ce415e640b |
| SHA256 | 59c491b4f47b635ea13419c5427c57d51cafb6dcb90d3bf73ec61d26ceedd93b |
| SHA512 | e902ac55105fc253ae60d8b8f892f9cefc23055ca59e6a42851dd024a81973055e903813334e6f0ef3e5482bf85dda1243b9139be5cbbfa92fb1381dfc425dad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B86B02EAB8400C58B2F4F42B69E218D9C5FB9327
| MD5 | 9d38b65434bde0eaf7df2a56f99da8bd |
| SHA1 | 598517e344cc7326c00506c2b1ac1c511f24afc4 |
| SHA256 | f2f5ed83739c92b8e41438298ab53dee0f0ff61c3b19e111fe71971cd56afcde |
| SHA512 | cda508021534e5110c2383bfab78c23b38bee2bf83d8d4fae6b2c6f6ff9312b65051c0d58800b7db3e05c7ce6579523eb5a227f81f0ac4613162c1bbeec850f7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F4DB32A33BA8ABD54C2F4557A74CAE91E42459CE
| MD5 | 4a06f396d6c4764419f051e978a9a6c1 |
| SHA1 | 665e85d1ad1a86b30345973d34e515019ccd6e2b |
| SHA256 | 77095cdda6daa2f670f4cfd4fadcb894c5c2281fe2927c3a721d7d19d534a4b0 |
| SHA512 | 8e522c5631c9cc8d20121bf08b4d70383150f9e1fce7c0a211b00d722881579ee3a44c1a614e3ec73e135773097469fc7534aad7887e1166a581c8af795717d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\15B3D98D082AFFB95B1E0037D95C196D102BB227
| MD5 | c67ed9dda29bcf8a4db027bf9f0e2026 |
| SHA1 | d7014922bc372a0f73bafee2893cdf47a84f8021 |
| SHA256 | 00320004c2635ae115419fe052096beead4fbc22aadde84b63a132034200a58e |
| SHA512 | 827b55649b4877519a8e59cdcc7622faf10c72533c7ed1a3c9dbbbc8924cd093cd2b433fddd5e254369dff2d36b86a2125748a45e1bf2a7ac905f00f16623018 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A0D91930D3248D88263AC1A5FE6FAC60DE487747
| MD5 | 235558de62eff375299d96531ab52696 |
| SHA1 | 542bd0d1dfe5deb507e67aa000ca1f7084de7c38 |
| SHA256 | af11fb1d2e96fdf6c67079c9a7b0f4016417c057369f682032a80f5062e9060b |
| SHA512 | 0db7c63ec201d9baa64388305930d10f0e48b6f7f681eae3cf49987348928feef6634eb5ebeaf956cdd374efa06c98a05d6053b07834243b5dd688c29b6e6b4e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D35C09500437DD22D7C72D16F29F6C78D8E3C45D
| MD5 | c7ac7ce4565152f30863af7f2af1c423 |
| SHA1 | 7c27017743ef468acc71887d2fee80de9370eddc |
| SHA256 | 4b6659ecd3bfa36dafa010bb8fc653f207f6ca39473bd1513aaff9942d8f9eaa |
| SHA512 | bb85c071660241aae2d65582f0c18b97f8294a65e6e81043e2291ef431d4a14657f7734d29f39b9580ff72d146be456e0e38a29f73f1368ae0caaea28158f6fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\13BBBDC7384D3C89877814BC469EBD7191776DE3
| MD5 | 6ae22b4dfd6e19f4b9fab55da11bdc04 |
| SHA1 | e7ea73e060456117f95957225a898e3cdf08d993 |
| SHA256 | 123ad1ad5d82c43c8d865133aa2da92ae01f6996b2fafc0b2f136722508369cc |
| SHA512 | a5558139ad981198e92f109d13ebf24434ec688da1064ea7d01f96ec84e931a531ac53c2e5ab93b479d8ba8f873984790d42630ee8ff5e6a6c136cb7dcaeaf2b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1995068FCC2F18290C959877CE6C5870F9D99980
| MD5 | 0b8937baf7849d2d207edb7ba31222a1 |
| SHA1 | d52e33019b50b2a8217f15444f262f346210fdca |
| SHA256 | 56ad68804837f8462adb68049d8eaf41b7b321034f62a62067d07c38eab3cac9 |
| SHA512 | 30330e4571c13ce29cf87cf8f33aebd0fce090166ce018b23129395fbf861587fdb1937c4d15bd3202816ec0ff529dff1103a895c7cca834f4372361448cd991 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\400067FE5E52B27F35DC7CFC571C8574358EE108
| MD5 | 847ef309b7f12cc5fdc597a7ab029613 |
| SHA1 | 0e0a87129dbd9ae0105e9240b9a982065b993011 |
| SHA256 | 6b7576e16b670ab716281ddb088948968fdcd8349ba66dab898d72a921544b89 |
| SHA512 | 450853245223c777eb9a6aae17ace2aebe055cab78ef2e2ebd6dd071aa27183aee151e893c35273164ee762f284b5b8e915cd90b6bdbff43f74c77c62d680acc |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f1603493d47e03f8fa419452a34cd044 |
| SHA1 | 4553a1f9d5c5545b65964d40f63b421fb4fdb2f5 |
| SHA256 | ebd64c469717d65337ebb4534948886bf861d0bafbed8d9a49a62e11fb364860 |
| SHA512 | a87cba2f7e53c353c8272011dd777b44073b2236b168408d0e6a54f747e5851ba859af0082813bc7bdbca08a775e10c7ba7271fc6b118ab08436d02c6b12c74a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 32589541239e210e67fdfed2952bdfae |
| SHA1 | 0cbf20d88ce207cff5db8abdf361eda65ed60076 |
| SHA256 | a58dcd092b87f393fe6f4cac27d71c388a424ff9fb41c8a9dbfeae64dc9c4a5c |
| SHA512 | 2a5ce5dee31f0033eb3488f10736f1c8910c1e44b31c9d16ca46e11862e9b750241e231854aa02fb95bb82c1c3f572a3430bab07e2b79498e09376395dfabd57 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 20b00e678b9da4b61aabde80474540b9 |
| SHA1 | 8a4fd4d17f02916a3c3c1d11f50372ddc0c73101 |
| SHA256 | 6607148d8a2ffeafc362c6990d8929720e92072304db2da2886f3b34e4ae4a0a |
| SHA512 | 9532e44bdc6d6cfaa69f36dd913daaa5f8c9e44cf2fa3dd10535b8d9c7ba881b7bb22ef0f553d0b041bc11bcad367eb6cc170e3bcd59d4029f5de5f48ccca9ea |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_C1A79D1FE71F363FF5592ADC5810C56A
| MD5 | 64413e0a7ead3e87a297ed947a5d0743 |
| SHA1 | afa705e7c3305edb67b3ad8854bf5a9360b14623 |
| SHA256 | 9208021c0642793ca9937431126f8a0270f86a7f59ab5424df8c9d7e15e33a2d |
| SHA512 | 16742352b9ad3810e58154e249e9def202d8caeed830bb9758ee9737593f3065170da0d6237e38b5a3c5d0f5443b02eba4bf8cb6909bc6ae9bb8db568fa980cc |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C1A79D1FE71F363FF5592ADC5810C56A
| MD5 | 01f00101d9a1dfdb20612e8aee407c76 |
| SHA1 | e6528bc8ae6e589a64f41a83d653de2f4187d0e0 |
| SHA256 | 3b1d5c03969437697acfba349cb1d04e450830bc3ca1f97fe6977135d419deea |
| SHA512 | df1ccaecbadd723a698618bfaf00d37c78544015315d674eb81e366a05e19ff0a0628f13041071ab3bdc862c103722c01d3fd78b22cbfb3abe30cea0bde908ad |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ogptdbb\imagestore.dat
| MD5 | bedf0e256b65398e7f12c97671d0a202 |
| SHA1 | b8a28c79c15a864c1cbbf3f4cfc3955308a13f80 |
| SHA256 | ca468c45a5fc0a36c0b061239d823de4c8b0d27d853fbea170b9c861c88abaaf |
| SHA512 | 92629f16f9c80a8cb2f8428f3bca58599bad9ceddcc15d5c8103e78e039804b7401fdeaf12accf5c7ba957f908d21434f2d0c4a65f0431fa21fdb001f28da6f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YP09M5HB\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c3d938c1719842300121ac29b48f57a0 |
| SHA1 | 44f941312aaf05b3d9b19173c4745f97497726ac |
| SHA256 | 0855834045901959e048d3b32945b232a897b7d58ad5b4f73338c6d21ef8f722 |
| SHA512 | 16dc92318dce8e9061fc3b5ac1259cf7ec1b3f32d5a06612f9b99ddd35b90f4019fa05496e821f8c505fe828020e5c77c77ccefc8bb934f376e770df55930ce2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 091e386ae5e162357df8f9f81986aedf |
| SHA1 | 6ac6f4e70165ca653e2ce1b5e66167b35474d406 |
| SHA256 | a210dbd0190355d5607c281d463894aa13484dab5d58961ba45d68015124e6a4 |
| SHA512 | 2a0d4ca5fb97c86a22109efbdcef99f8fd7235234f41bc5c8d094d8cdcb3221d38a6c4208e042deff98d7881aed523c533a4a21a453558b0dfba9cf5d07e3a95 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
| MD5 | 3a9da816cefeff3e1a49772c98341809 |
| SHA1 | 3fafe670fb73862f9a21c1fcd3dac6c080b2cb33 |
| SHA256 | 1e289cd48dca18c4cc37ae07e3a1ce4aab22110bd9de9f48ceb8d93503f2dfb5 |
| SHA512 | 5bfe567c59644043d5bdec6564bcf82fa0406f7859e73773cc9379329ea4e99fffcb3a3aec7d1b589d0711a4ca430958cd4960c080b458f60842ea231195f4bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 25bf8af2003b9fc590d77b5e1f3126d2 |
| SHA1 | ead08fb388d4f79efc367839cf3223eb4df71c35 |
| SHA256 | e133622dc573ed7d9ec080f3f71ad72b7a3821013e1bc04ebbe65a1975d40f3a |
| SHA512 | c4a821ff1954f6388a429aee3ade7c0c0a2d64f044b754916165270f4fea59fd80b555b5bca3620f116fcbd98db9506ba67e4700b2399118a81fb573a2f4360a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R2LDOCJS\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_B441EC39EB4ACEE2E6B087F41A16B664
| MD5 | d30f21387517b6bd18f9e64194944186 |
| SHA1 | 3de15f8ce4724bf59eafd83b844e32c570e5cc1c |
| SHA256 | 446e8b0cf6271a9d93c78ca117a0c1e6909767f9536dc22234c6861b2e84c23e |
| SHA512 | 9ddaa112b0a7534bb103648c503bafc7475c6df9516f0951db34314061ce48ab09c1a770450277f5664ff5e932215135436dcc5bd11cacd8f537471f0f257f34 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_B441EC39EB4ACEE2E6B087F41A16B664
| MD5 | 6eb3e05ae9142509d6784d2041db6ae1 |
| SHA1 | f20ef35691e98d712713846b85d8b79ed38b3b2a |
| SHA256 | 114a38c19b04ce27545457f72d8eb79d08216bdac2d944b2c192fa2d2633017c |
| SHA512 | 93d3795e6fb35ea9845cc29fe12261a686dd1eb04d041001de7394d17e785a5857cbb367f5ea6b255d22e9ae59f8ffb5743427b5f15e0ff56f32f5822c55d02f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\googlelogo_color_68x28dp[1].png
| MD5 | c4a931d597decd2553aac6634b766cf2 |
| SHA1 | 6ec84fb4a2745b4b71520241be77db1fd1013830 |
| SHA256 | f56402b127698db4b4dc611a97a6f081d04c4691c60522c5912d189e37c94a9e |
| SHA512 | 4932e0f7f38085a7c52539bdd5c7f470740e560a4471bea30d12ef9e3efe77f6bbfac28d26c62a245c43d98ebf74c824b2b414843080a27edf1563a5f874ac84 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0F8A7FFCFDD27BBB160E676477BB4A35C5F94496
| MD5 | 5a619af42e42b59568703852c738ed27 |
| SHA1 | b1f625c414cae17098c787a95f5dd4750992fcb5 |
| SHA256 | 3df6f7f95d5cce3b3e4e60f0a7521b9ad17f3d4ed68df85873070962263d6d29 |
| SHA512 | 7a3fb84ff4c092da47dc5c9d4833e27c1d22d4ff806fb06577dbc90ecbaa64706e1b0da3c2cd1176954b306a2a2d046dd47e5a97b5cc00b05f20139468e61fbb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\362A2863B926520F7524BE03AC6D496DD5B3429E
| MD5 | c3d7385faa9b682a1967077e7e7b6d33 |
| SHA1 | f2aeea30ff774783f42670268ad18bd6cf62eee6 |
| SHA256 | 1a9cb169f62c89bf665b716189c8f6e75d0800ba1a21271cf29315c7ccd4b364 |
| SHA512 | 6eab97c19fa206a7ef726596245a2a8fd949811c03a5a849207556ccb7dd4ef42e5c99e86feb9fd4dfd74e8d43bb7a26272dc82f99e262a909358d5c8a8b189f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\028C0894AD87F10A73B973631F70818724BAD700
| MD5 | ee15b620073665e689e80a4ecf32bea1 |
| SHA1 | b7f0b9f69e61bed5692a91171738354c4c7bf032 |
| SHA256 | 32634f2f6864403b613b150631806a08369c60b62927c69f1505ef20c3c3e60a |
| SHA512 | 79fc5f9ab4415a2b7ba640bd25d3a72bde283e1132546ea98b0b8aa5a6318078bbdddebfafe4dd86f70c6b15fda643b6871a6d7b7a5fc9e18f2be4493a48a11d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D221128EFC811F033D8D88CCCFA6A7F7B5A532E9
| MD5 | a2d71d84ff5d494e4c94bedfba4bd1c8 |
| SHA1 | 39fc1a177f94321cbcd0d2d82bbb51d4de30ce65 |
| SHA256 | 20ab71c6962bd2dc4260efab67d067b28a86e5f62c433f70f560d1f02dbe8878 |
| SHA512 | 7ec5a191b625c9f8dfef93d9998c75788c811f09b0881e31fb20097c5ba7d3a1bb3cf11c52a3a48aabe4598cfe1c72120b033f19faaa3597dd27d5274a9fc1e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\998D735EF9EE803039B62430D297F570047A8584
| MD5 | d8df626536a90b572038d4f34c59c9a2 |
| SHA1 | f8278f1f390e521d8a1f1de9a4c8ee46478f9dd7 |
| SHA256 | bbef017003e9478fa9de2795a6bcc5f5dd55519927d38cf72b7fad57e04a44f6 |
| SHA512 | cf4b885c6c02a373c2affdbe53b51fb2855cae916863f88981167623e53c1114510dc5104e972633fdb2e0ac5d5c2c9997b554e721c7b443fd2865b5a8546cee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1F94A3B019E2B2B47E2356E16C996C9287E700CD
| MD5 | ed42be0f68d33504fc99758046954e3e |
| SHA1 | 6feebc56753ee8e8f7a597fc36d70640c6d1ed7e |
| SHA256 | 93e62d0aa2c7c08d9df82aba1c67e37be07aec455d77905f7b9c0dd4214c03a2 |
| SHA512 | 83bfc2ebcd79c99786e5584302991e2113fd0fca73690a3d644df62c6602401486eb58f1a8c50459604381a2d055556365de1c13c8d02b1bf1748103f7a91473 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3A763E8309D53223505DEBC9BC338F9AA7D8E484
| MD5 | db7d4de1d87624c55317356e36469647 |
| SHA1 | d4a23d257a8a37942a8b11e69a5162fcd9627162 |
| SHA256 | d8c393ef1975ef927e5587ad813e7bda8ea793134abf7c1a0f029bf69f9c62ad |
| SHA512 | 0fba095c11db6b8b83debd62af1ee1289a50b4ab0f10551c878f282ebecc41f5d01a2a84f57359d95c61007dc53b3b4f7bec920ee695abd901bb6bc191e5de4f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C57DFDE96EE24C0FDEF64661AF5B288FB848B69F
| MD5 | cb2d26e87f02d6f9b23ab6e1839c8e13 |
| SHA1 | 6e27b02bb567a80460e5b506426316d367da6a30 |
| SHA256 | 25e00419501e7c09a06f6d9eeb1a36c651a9048a5ed69ac76fa5a0d753b6cfc2 |
| SHA512 | 5f8c3c3146082a8dfe0e9781465649b33f122f84c58caa812528cb5bf73bd4e1b15c6ee51774641fd2aa0abe50e5ad73d6f5c7c43aa081e9fafc71577e7b08dc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EDDF96A8C55BC9E231D510A1EE12DC42BD1BC7E9
| MD5 | ae999db3258272f4fd30e75f1f53856f |
| SHA1 | 3d9acd3880f9d30cddb5cb9d38973bcde58bb3c2 |
| SHA256 | c7f2e60686e66553a46bf092f546202af9895a35082000589716432fbe27fc26 |
| SHA512 | 58903d884b118a57bfeaa51509a442c95ac2babaeb7a43e4d51d0162a850aa2744494f6791175c81d29d152d7e0be687af85c2eb78a2387746a7e8f019cfdd2e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7F7F8A063E61AA519E28A38A25F8244B903F8815
| MD5 | de565673aac20a9d2b486ed9181c408d |
| SHA1 | 129d9a0955cef0bbe92720bf47c53f8aa55a9d6c |
| SHA256 | f4852e9d874e01f518c843f88a547868973ba64d85c9e8b768cf61efa4583a27 |
| SHA512 | 2f4c232b6bc2a6642e1f39f9af7b1ddbc6eaaeef8d6f3488ae568dcc38f85b39e8549977f9c52be1777c7e57864ca3e7149e58132ae6d2b5e005155d200c1b49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8107661E821032A9B67FC2BF2B10824A0EC8E0CE
| MD5 | 06cc17a53b81909013006cfd3483d99e |
| SHA1 | a358f89ec2baf8d84891879ba8a233754c06d420 |
| SHA256 | 6ffbe1e980b049795690761be6e6b1c58e5a07443958d17290c4458ed0fa0b28 |
| SHA512 | 2de9d1a029239b0abd06f7c264516ef8244ea66536185691d38d28b095cbfb9f006ff77716a7ad761e621eccc6257c8e576cffed34190d67feba0a5934acac02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D4B85DDA6A34535BA112F801AAF04B7288D88769
| MD5 | 0ba291715d44a9bf311fb66875029515 |
| SHA1 | f8cbf87cd2f4ef6283b21af075424f5a6b476c37 |
| SHA256 | 494711424e057d66e02b137554b68337f4e32f093623dcfab26539c2cbc94e6e |
| SHA512 | 9a1a5940f2f005523cf62402842aa86cdf6d886ff624f48185aac181ffd2d47c4d900117b1d553772a1d3c29b56a0ae7098c5842e4985c16ef0ac2c06c51872b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\40CC905C745109B0E136DAAB2CE1FB167775B38D
| MD5 | 9a8b95862715c7bcaedc0d54a9901c03 |
| SHA1 | 788552ec99244fa4f3a4a1b465e7ecf077c77274 |
| SHA256 | 7ad32f55c7bf7b5d9adf6976d652edc3048add198f350e303b2861937c4d08df |
| SHA512 | bdece8aed789a51626efc934ddb451a41cd38bcdc5a2cb8d22cc1c31684108e6f06eecacb1538cbd777ce105ba64b28fb0419bea3ea14adadedcf80dbc2f8fd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\64DF5B1C828AEEDBAC1C52AE35E3A15E3AA9CFDD
| MD5 | 85c2bd8307bed2784b282ec58c7c1134 |
| SHA1 | 5489cc2f71b1b049e3ecc7c5190792cf05a7abe7 |
| SHA256 | c7d9e4bad0a7d40823e99f33a63263319be11445dd9eda40da6deda8fc715339 |
| SHA512 | d82fa4e7eab98c1b9eef28ddf15ea55dccc1d847c28783f89a68432b67c54b51a9062858903ce2d7864a0c007793bc4553592c55ebf8ca70b278211dbf614265 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BF27C7E3DEA6587FF55C5286DD19C819E5D73D43
| MD5 | 36c1e576974bd0320625d6a37da62f3d |
| SHA1 | 2cde59f7ecd9a0d16f43f5bb46f26b7b366b00c7 |
| SHA256 | 1b17e41e3bb3d29b522a62bd6055ec9802549a69dc2bd9a6b6791aec83021a95 |
| SHA512 | 1264256b753311e6e1f879371af8746d0342e87f637854f5e2290baefbbc8e0c94e1608cc160fd28fb591ce135274958ee0a1b71a289facc7482b4a4782a7200 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E37F0C9F306DC48775447C1CB63D24537A2B4D38
| MD5 | 8329e528b5f17ac70285cba647c05469 |
| SHA1 | 229b647035c92c962434a25775240bf754ba5c9b |
| SHA256 | 3d86b94c55334695672a7497ab1a746409ee1df2ff32dd06df5bd2fb42a0eb28 |
| SHA512 | 3f9f128ebd944e1d9cfd2084bdc7f901d24b8a281a4c6876d7a6c9437de31a87faa24002bdb1b828af440a7ed1560e0435b72023be033e046cc6a5924f8bdc25 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\661B57A7FEC975BE995C5BC38369D93F8809E894
| MD5 | 4cd0ce75b80bfa756d400a6a6c6dc12c |
| SHA1 | 0a947a01fa56f26a64b80ecf8716ea2a7f39ff70 |
| SHA256 | bbdb6109351c8ab27f872925d28e18c6aaa2999311874a3f2e0c5a925e5ebdb2 |
| SHA512 | 2fc891db97b9b2792de71e8f75d60c3fc1fe477496a563dfd387ff02c077e382335f683e464b949808a402dd7e912083269615766b24edb8f48b79f7bf1f3d5c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E023456A23477BC8816E43FAF08B541C0EDB959B
| MD5 | 41492de325081df679245627520f0eb2 |
| SHA1 | 539a57665360ebd1461217074521d339ef1689b1 |
| SHA256 | 2e1b682690f9726a31068c83433ce874b1364b6e2082d42f1c8c17b1eb030f7c |
| SHA512 | 1945ae8b9a79445c960bfea19af6ad5f66d7ebca9535ecf2c6a746ca83bb6b607fb10f34fa03e0179b72692e9204373d7fafa6bfac50cedd9e05fef37e0f0d8e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FA1B9D3C1A25373DF42557B3B89A2060E0EC94DA
| MD5 | b3a93c311e4fef364748388c05de4f11 |
| SHA1 | 24271d0587fcb3b1cfdda3cccd9e11f40462c740 |
| SHA256 | 72538fb179d8dd10c980071688279ac50edd3baddc8e8ed4c6ac3b488208f67f |
| SHA512 | d8bab7d245d318a02c4c758e0f771614292263046a86850bae001b711fffdb7661c36877009387d25c7b7365b0b70871aa0df1518fae9761adb448ae9bee5e43 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0DE2403E40606B9197622D9499699DCABEF1EE41
| MD5 | 447aa854051d2d519a12d59f2d024f5b |
| SHA1 | 17ee75bcaa40db9ade573d6f6a6d272571261754 |
| SHA256 | 3461b984cff01c72984d3ff595ca95788bed301fd8d934b577036c87949787ce |
| SHA512 | bebfaf90f9145a57ce80dd4dfd7134338fb84937ca62cc291e978c91ee540c99206d08d93ab567542c9d55b2649ee9be90cfb0daf9141165a0efad97d4286fac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\00706E58FAD6F5BD6FBB8052CDF9A0A961E67F8D
| MD5 | 60c7efe79f37f0ebfbab35f8057c5335 |
| SHA1 | 3bf887745abee1fc89f0461248eaa94d06b30b4a |
| SHA256 | 95e203f7aaf689ad724bd2792c5325299f0361010726c9ce7b503a48d4d191a2 |
| SHA512 | f2a1faed7887febba9387c9d39088eb8d8090661bb73d94618b966262266d31f43737243baf78498020e90f4758cdad7e4c40a9a0243e5ef88040ffaabba4681 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9C96235CAD726D63F60DE1389F02007E7CBA3632
| MD5 | e1a9aab196238db5363cd90012a95ae6 |
| SHA1 | 9222161b9368890c54748faf5052c36335d73395 |
| SHA256 | 9fe032d36242268969dec3f1df1be8d58d535103c3579ca85c15494e3cca84fc |
| SHA512 | c808b2c8e04410cfef93aca4520f2461bf8fe836b4af26a91a64a01c329a15bac549a9c55fa584e5e45e6f56d6ea4dd216239c068810671e20a07d7e3d91d5f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\22F2BE6046DE71FCC15A701DE0FCDEC5259AE136
| MD5 | 40d39dffeb953d9bf68576503196d7f3 |
| SHA1 | dd1a8879f77319e6fe00ace2a8ba9a02cab8ae1d |
| SHA256 | 469cbe907f1369c02f4ebee56e0bab226cdd7367aaf273081c3689f3bbca0fd2 |
| SHA512 | 29bce6de72bfa58d9d6feb0305b40633528a5b19bab0e06a249c5532d52e633779baeb5c465d08874ca5f3b0cb8cb3fd32705df73cf7873934e0fca2b367a7e0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6018DCCE8EFCE22F8F648A32D28EA223F80C84C9
| MD5 | 3e6432b791b89dd787c2afc4580518bf |
| SHA1 | 7004de991ed9e9d600682e03aab604b8e748bb52 |
| SHA256 | 7c73b38398ac953691923d40440a6522ee9b9d3969bb2a3102ee0f314455fc10 |
| SHA512 | ca962d79dbde87752f23ad0c1878140b43e2d10345a67548501fcb019b2d7bb84b783b07ca3ec47766772391098577e5a912bb6ed42c67a821400bd5148bb2a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\322C58D9FA1562D7FF036EDE528379DF7E825D4C
| MD5 | 9cd0a6274f9aa2f3a6aa4dc065ed6432 |
| SHA1 | 82de000f8cb652149ae1376e25416f81673468f4 |
| SHA256 | baf26424baa7cd9c75d76d4adda67ce471a5db2ef8f1841467a2eb1b5ce8e921 |
| SHA512 | 1910b240e78b59430e666af103c181031011e549370065cff7986a80717107b612902c50f0984a0f5141f726052dda5fd66aa66fdf2d73dc8ae0cd9c1f80d2c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BD8D87D76514649A5183FEE4A5207C7949024802
| MD5 | 7d2c5ae2e2c3ed310c1bdf4a77bbbf54 |
| SHA1 | abc6cfbd11f2ac50d079a2614a8d6f464b452ba0 |
| SHA256 | 650efdb9c76f382b816bc265e083d59e4890fd621ec887c13c306d7e39209bf4 |
| SHA512 | 535d9b352095a962e3fb67a4dfe5c24a95baebfadd2b0c5a6fba7c0adc8c9a11aaa79dfec5eed9d6c964b23ce7faa46305d19486371cb4372e162363e483347c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B92A2A9BF63187E9AF447D8985DCABB17D8BC84
| MD5 | 071381836cd0ffeb4242c0402c9c2d89 |
| SHA1 | 5ee21dc5d6bdf86e0bbf6a896991e4d5be690aa7 |
| SHA256 | e06c609353fb991ae0f93250c2de3374f05d201cd4ddfec46a5cd2a39702aaea |
| SHA512 | 898fcf29cd278f174ea2585b6f39c1173b0fd467149413c20a58b88e8595d0dad78cc654fe03c8758f212e7f848cb647d033917e02f5ade34a41cc4b98b0af4a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D373F3E40C3DFE08FB4090E26F384A581E524CA2
| MD5 | d0e8b2f4e753b7c0b1b91e57eee187e3 |
| SHA1 | a2052625f8865cff1897b02513e3ac770057873a |
| SHA256 | e2c4b22a153b2b94b53ba8ee0b15b21e26d1d9782eee444b58bb54a82072448a |
| SHA512 | 796033bb70bd9e471feba6ea89b05abcbfa45a271bd797a78c4c33b902d6a7327c7e887052370493f405394ee10d66565eb41f5a515ec77fc7182bf2d4d68df2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D1D59FB4C558CE2A8474DECF1A3849FF49942A48
| MD5 | e9efe202a3b867f56fba99eb9a47c291 |
| SHA1 | ea18432da210ec175baa589aeb930ef5db8e8e69 |
| SHA256 | 0ccbbbf4e858614431ae18fd91728a0bf13d36b971a67d4b8f31209f1fc66d38 |
| SHA512 | 2f6690fe6f82cada4607b5c967f7cf69b0fb8eaa874e11f1d1d97d1ae9ab9384e6d25810fe19ff32285c8c4eb32094e2257d00a17e462ffe1036c713fc069ce7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A6CF8300FDFCAEBC0A5D87AB8478DC83A640E049
| MD5 | a37358c994b4fe3ce2339bddb2045cfb |
| SHA1 | 19b211641850aef5dd4348adbefda234cc2799b7 |
| SHA256 | fb61cf5a0d49f76719ee850b722359f669066a2831b0a22c3a4d895cafd77e6e |
| SHA512 | 56d4d77e5931730adbe128db5c6775b2b17c4e26aa1b35bbdc8d22b384ccefafe79d8825199e9d3e2d097ec816298be6aa6354a93a65fc8cab072bd585ea931f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\15B93BC621B274AC627F930BBC2A3DC1A7CF1BB3
| MD5 | 0c95faeb719fc9b2bc81c9db540163d0 |
| SHA1 | 7c3b65404e54a4f1268dfeb9706f9ccae46ebada |
| SHA256 | 081e70a28da31ae3c1bb2a6ff2e4d6b23715345e03fbec4081e6b8d39c7e59cf |
| SHA512 | 52e8d22506e21cbe7137e43a7ddf3fe3c4b3964f71006e20392806213a293a65a739e28bae012212d8b1a528eaa73e48ded479053d7e7af2b387fc31ace4dfc4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d1e12c1db83975d6e460c5bf79f82225 |
| SHA1 | 60ff870599598c6824b9f4f877a42d77ed54c04c |
| SHA256 | 60653324a5190be7273ff0f812d4507d4c3f9a0e1e6c1e545abe3ff10554491f |
| SHA512 | 9a5499a618015ffefcc50abd5ebc6b8171c1eaf9ed82b44380b209b4f31119381d3498bb7b3d76c320f7d6a7692b74b1bdc32d22d82906831bae6d5a595161ca |
C:\Users\Admin\Downloads\The-Big-Malware-Repo-main.T-oL8WOD.zip.part
| MD5 | 0200fa51ca5c0d039b5dbb5a972a39bb |
| SHA1 | 621f1fa52ed823aff4caec959279e53fd966d083 |
| SHA256 | 766be786fb4a1c6fd600db396ec6dd3d73c4f347465e5edd37bacaeff1b2534a |
| SHA512 | 249b59b6baa651e290efea6669ccbb5d2620a1d164829088331ade3d73331442581e3758390ce67ba4c179120b9ddb345692dc01d0a5d1755c3f8dfb50bae4a2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 59bc069d332d566b50a5d191d857493e |
| SHA1 | 6b6a6f7b2e8628b2c3993c375725975001c8b4fc |
| SHA256 | 56f5a967768d19f91309400f9ef2d7a27e61dcb37c123a04a8496b914e7fadae |
| SHA512 | 1526ad94b09beadfb9cf4d7555d07db5ceaac1fbe6ccb370164475d2c4d49e85f8b2b80e5207e64ca30fc5a077870f6af6cf8c7195784108719ae91868d6b375 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\B71ahRmvZorXlt1wrjsoSg==.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3PGMT7UBR8PEJ7PWR5ZC.temp
| MD5 | 9edee0d967f98456300b83939aad0eea |
| SHA1 | 3bc8a7943c4243e378758eefa9e88119c741d023 |
| SHA256 | a8c2de6e42704641b1ad3bcb440e0fe80f60e8fda1fee9563661f7459317206a |
| SHA512 | c549017ec3e740dc8706a39e9f35c008c7c69d466b1081942e6abd9df47c480f418f9748a720ee3de82484c5783f31f97cb4666eda4546ce221c66d6c9d63c35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d24a1d47bead4bd2cd5e957506df60d9 |
| SHA1 | 1529dceed665346122e9b2d448ea8c52f9492556 |
| SHA256 | 7d457dc47e7df148903e7b44fc4c3b9bd6681cec7689369ea9c57b33dfc38619 |
| SHA512 | 7dbaef5e18d2e7db97aa34e0d62b18cd6972d4412ba397fc3d69a8e8a57ed3c62213fcb5d5ccf50a373e791b22de785080839a73c2a46cfb617d1e8983f6b478 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
| MD5 | e023e3712e71175d4be1cc40173bdff4 |
| SHA1 | c6ba46da56eadac3b8d0cd8872116e1e77060a95 |
| SHA256 | a5fb5b76e83a81ee891c2b567383cfc606ab222ac207ea232506f2a9236d867a |
| SHA512 | c3a84cba45fe78806fcb75f5a69f00ff2e47077a7343a146a03846b991ab9896353d388e6a5b6e35604ab3addc3510a68b71ccbe1345165570cff6198c01936e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
| MD5 | 9f530f433dc18f5926ae3fd82512f7a2 |
| SHA1 | c5a524a90dc21f0c522d1edc28dd22ba492d5c3b |
| SHA256 | ffa357867dec302ead6a483712c3efef977b4c2400ebab465b8b65a66cb590e9 |
| SHA512 | 2070a61ff74827d5f18d661fc66d933dc7ce5779b741ee21e9009abc5c9c8475b61ac42385e567c14266ef761f5919883d68dbcc2fed5ac03b52016b2ccd7180 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0
| MD5 | c0466dda5ebd7be13f89ddcd0c000dd9 |
| SHA1 | f78f33f463871e55956ceddc324979a40d57e2f4 |
| SHA256 | 9ece8d6f7a83413e6e44e9b7fbbaa111832faff78a3d833cb9f208d39856c3fc |
| SHA512 | e872be19f4ae2fa3c8aebacf6446739222da2b02b0ea0bdb48c190708f7b362ed1005b869a727bff5ca3139d5ee0b809f3fb74fbb82c784c68edf3ce0f3a285b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0
| MD5 | 0342f37686d6257594772634224c99a8 |
| SHA1 | c51846a360339377f8bc223ac5801a348baabd92 |
| SHA256 | 3ac0fe262a3130af312202741405ecb755f2790491b4f2a92235e78331e3b28a |
| SHA512 | 4cc462783e0f25d401352403c9202a00d7c3d59de317549d4d8fa913a4dce84250956430e2183414bfc2a4f6d2336d618ccbccb0906b8627e358a13de561d879 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | a20dcdd581a69f44e7dcbeeab5084fb4 |
| SHA1 | 61e152b89ab8a04af1843bbfee557d193924ec51 |
| SHA256 | 009768e52ded8da33ac7d96d521e882eef9765278997f2ce47311f637696d9c7 |
| SHA512 | 77de84bf9c5480e704991bc16d8f555dc10891e3a5a7044fe2b133cc49d20ebb78c68bbdd4c9a4acd8e7424bce28a00bd3651f3b852a2a726f3f879a741cc7ae |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 66b3894466136a894d235f8f179434c7 |
| SHA1 | f784ecd350a1407c49576efd92ad9c81d522c684 |
| SHA256 | 8f4911168396da0ce123d621cee1f9d49949a0ffd22911c37a1929f8f146d0c2 |
| SHA512 | 16c80636b95f4849783c7dc51666d2686c9ffd18efde14d6eacd133fb5f4318d24973f31d80349482e6bffe69c5dcfd9eb8f102e3d349c4a5b31774180c37310 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 8315d4fd9719370725f36ccbf2a925dd |
| SHA1 | cbca619082859c1ee22ac43fd6a5d1498a10adb7 |
| SHA256 | aae55c8a8ff9a5287fabbedfbf7df250d303e36a4963d0fec6847646015726cd |
| SHA512 | b98c0a21564b37258f701e0250253bfefd36d44904b35ed8400a9d6067e04f3acc4c6c2f1130bcdc48c17f1b542b3ae9573d9e0864f63ef6b9e6a066d06239ff |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 8e07a40add9e94125b7d4703d942fb88 |
| SHA1 | fb88e7a31ffb11c8ab6f42d19ecdd9fe151bc2ed |
| SHA256 | 06714721dbf600371b08eb0b2b81c5077f06ed15da2d3164dc20b5b8ce39f87a |
| SHA512 | dbbd0a10b66d9049073c73f8c6436077c9ec6b49c81eb38fa242d8d2d1c7b206511f8fcc874b8078efa282841d4da6b8a7704fa162c774d818a4d908b0c900b8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\responsive.search.1.0.4.133.min[1].css
| MD5 | 191acb4a225687f615e56dadb2688681 |
| SHA1 | 47c33c3fdf2ff46990fbe764ccef961974f1a941 |
| SHA256 | bbfeea95c11a1a6049692296da37bb67c0162d39482165fff4543069361b98fc |
| SHA512 | d8d5a7f8af55fd132c495a153d0aed77a8a33c2db9014b43b2024a1729d2aaf268d07907ca0188de1f49016573daf294e08c907958fa307d49f93e0d229608fc |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\responsive.core.moray.1.0.4.133.min[1].css
| MD5 | cc06d54b8c334d95786fe530760878ab |
| SHA1 | 6101684547a56fedf27d50ef3defb09d800669fc |
| SHA256 | 7742d4d4fd8f0946db61c0cf2a7936443d3bab738a54366dd6d2efa6264a553f |
| SHA512 | 51a0a610fd470ffa084f630444d746203820f0cd57ec7d1f7ea8b2f49307df5c0161e4542179eb8abcd219ea4f704c186f053c6b7654003e9fcf2427dce56d70 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\site.1.0.4.133.min[1].css
| MD5 | 3afea3e37b6b00c3684a143167156c1e |
| SHA1 | cf7d2cb177a382a5c7591736608b17231d61aa98 |
| SHA256 | 07d62b7400714fbd65aaa2053e8165562e3a93b29af619f59edfbbf8d065a20d |
| SHA512 | 41813753933e5636e57589e01444de639578edeab986c8d60cca2dfb006a2ea5b031f4d0d569c40945183917d4f97cdc94327ce0dc4ebd04b74617ad23e21c81 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\RE1Mu3b[1].png
| MD5 | 9f14c20150a003d7ce4de57c298f0fba |
| SHA1 | daa53cf17cc45878a1b153f3c3bf47dc9669d78f |
| SHA256 | 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960 |
| SHA512 | d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\moray.main.1.0.4.133.min[1].css
| MD5 | a803fb1e4939fd155fc9a43a5568aa91 |
| SHA1 | 486ade947ca190a8646c61d89250fe3f13a8833e |
| SHA256 | c3a199c3f1e76cc10a583dfc7ddce2ca674aa4a3f56362f1e1a8dc086d905034 |
| SHA512 | 459b25381a8cadd73c53198ff1ce5f625db85ac569b25ce89c04af4fafc679db8bfadec326e44a1201b6fedb4fd158c9496d844b9c5be0f22047a48fb28efe3c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\ca-ae3ce4[1].css
| MD5 | b7af9fb8eb3f12d3baa37641537bedc2 |
| SHA1 | a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4 |
| SHA256 | 928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71 |
| SHA512 | 1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css
| MD5 | 77373397a17bd1987dfca2e68d022ecf |
| SHA1 | 1294758879506eff3a54aac8d2b59df17b831978 |
| SHA256 | a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13 |
| SHA512 | a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\-io-xMNCwasGqLymZ_-Hy1lHlTU.gz[1].js
| MD5 | fbf143b664d512d1fa7aeeeba787129c |
| SHA1 | f827b539ae2992d7667162dc619cc967985166d9 |
| SHA256 | e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff |
| SHA512 | 109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YP09M5HB\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\WAAHGo-kP0xCDM16LGm9-alzHb8.gz[1].js
| MD5 | 9085e17b6172d9fc7b7373762c3d6e74 |
| SHA1 | dab3ca26ec7a8426f034113afa2123edfaa32a76 |
| SHA256 | 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d |
| SHA512 | b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js
| MD5 | 56afa9b2c4ead188d1dd95650816419b |
| SHA1 | c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6 |
| SHA256 | e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b |
| SHA512 | d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\Qv0Qmkr6gTkjO7zSw-CS-5ZVfHE.gz[1].js
| MD5 | 5463a4fcc6967dbb06c1c51e3e1d80db |
| SHA1 | a47dc8a729719b7f88521ea56fb38d6f71be21cf |
| SHA256 | 9c4df84d46da7cc013cf9fb07433c6bc40d75f00121993ad51036fcdcdd145bb |
| SHA512 | 3b18dacb21624e993e8946fa69d9482a05f8f188ea313b06eb6707210e5f15c5be7d1b0f571ba20b2d56686806ad4fff870ea6fcf84e851586c518f62cf29302 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\Y806JrL6RagU8tqNI_iN1M1S1mA.gz[1].js
| MD5 | 02b0b245d09dc56bbe4f1a9f1425ac35 |
| SHA1 | 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673 |
| SHA256 | 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6 |
| SHA512 | cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\jYkYz7NXYQ59P1lMGYsnYUM_0m8.gz[1].js
| MD5 | d6741608ba48e400a406aca7f3464765 |
| SHA1 | 8961ca85ad82bb701436ffc64642833cfbaff303 |
| SHA256 | b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c |
| SHA512 | e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js
| MD5 | f4da106e481b3e221792289864c2d02a |
| SHA1 | d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994 |
| SHA256 | 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9 |
| SHA512 | 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\ARoBVs97L6Gwx5KgtPU1a1RcF6s.gz[1].js
| MD5 | fe1f9add646fe3c4eb695f76b6eccdfc |
| SHA1 | caf4f7fd1142398e9a9386bce595afb66fd41c77 |
| SHA256 | 2d790381800ec6ddb18f82658ff2515866a1e3e470b926d46dd8b46ffffa7403 |
| SHA512 | 1f621757daa2864d4d258c6a69a60490df224ef5dd86a230f8d410e50ac1423a9e0dcb44225c17be2dd14826c54e545626b991cc7741055ba96d1d95d638a24f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\Ymz2b9mIH-9i430DH6_cbhGPzdE.gz[1].js
| MD5 | 9a4dafa34f902b78a300ccc2ab2aebf2 |
| SHA1 | 5ed0d7565b595330bae9463ab5b9e2cdbfdb03c4 |
| SHA256 | ba98a6ebc3a03098ca54973213e26f0bf9d1e7e335cdfc262346fb491c3cad69 |
| SHA512 | 1a8b4fce1c0e585bfcf8f11e0192fb04a80dbde7035a9c8fc426cd6383d6902bd77222331372ea33aa50d92b7cc7965656b11f480085af70267b3fd8355ebfd4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js
| MD5 | 2ef3074238b080b648e9a10429d67405 |
| SHA1 | 15d57873ff98195c57e34fc778accc41c21172e7 |
| SHA256 | e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da |
| SHA512 | c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\VMlMidaxpY_tY7ywmhfPF53xdoc.gz[1].js
| MD5 | d42baf2a964c88aaa1bb892e1b26d09c |
| SHA1 | 8ac849ca0c84500a824fcfd688b6f965b8accc4c |
| SHA256 | e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c |
| SHA512 | 634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js
| MD5 | 0c2672dc05a52fbfb8e3bc70271619c2 |
| SHA1 | 9ede9ad59479db4badb0ba19992620c3174e3e02 |
| SHA256 | 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39 |
| SHA512 | dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js
| MD5 | 17cdab99027114dbcbd9d573c5b7a8a9 |
| SHA1 | 42d65caae34eba7a051342b24972665e61fa6ae2 |
| SHA256 | 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de |
| SHA512 | 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\2lP4-Gcg9EWt6YVOrci4x9k0fXQ.gz[1].js
| MD5 | c63e610f6bfb2687ee044cee7d3e16c7 |
| SHA1 | b78022432ac754cc41335341a8e07f2676bad789 |
| SHA256 | c150d5e192ece8d69ba8029d87ecbc66674013b8418264cc86f0abcb0da0a38b |
| SHA512 | 11029009d8d0885d16a4b546816cc0f22f51ffd035fdd87d58eaf432017947460a1a78a543c0eb3875af49342a240ea606aced23654bc190ba6a4b7101e13a3a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\kQ6wepHqrhSvkEN5YIou0Xit1qs.gz[1].js
| MD5 | 000924653089bc62ec4ad13e65669311 |
| SHA1 | c4a5fdd00192ee02bd783b93ed9c39495b47f3e6 |
| SHA256 | c77f2b9b5001110f3a0885b7de784493612a7ea9dcb5defc74caeac5ce799d5b |
| SHA512 | d77650b346576e678b3895c9d1ecf43c69806f4048511c5bc826397ecf3ac3e84558f036d2461f8d43c8501684be4a2880eef930fa31926c48a39c01451c7b4b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\rEyf5r6GntWGoi90dN9CzUTNUOc.gz[1].js
| MD5 | 8898a2f705976d9be01f35a493f9a98f |
| SHA1 | bc69bec33a98575d55fefae8883c8bb636061007 |
| SHA256 | 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108 |
| SHA512 | c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\fHuyi8cU3N_FKljgNDAU8JiBqx0.gz[1].js
| MD5 | f1cf1909716ce3da53172898bb780024 |
| SHA1 | d8d34904e511b1c9aae1565ba10ccd045c940333 |
| SHA256 | 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01 |
| SHA512 | 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\fDgf7Oh5R8mPygWLQcaNRoJGj5Q.gz[1].js
| MD5 | 3104955279e1bbbdb4ae5a0e077c5a74 |
| SHA1 | ba10a722fff1877c3379dee7b5f028d467ffd6cf |
| SHA256 | a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1 |
| SHA512 | 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\l2ZGlGtYcjsLZbymH5iHvGzi5Dg.gz[1].js
| MD5 | 65125851782a676455b556d771d3ac70 |
| SHA1 | f201fd1277fc51d53ebb8611cba3eb2c083bb3cd |
| SHA256 | d763f1e7e5ddde8e9c79bce466a9f4fffbd1fe8018e46ae7c75df5fdc29cf8db |
| SHA512 | a2c9f13bd9be96d7fadf43ff1b02ac357767b432e63b80394ac86864ce3f8bf306c5cb52489240540dde87353451eef2d298f840c585670d603c31694c4abd29 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\we5MTeTkjiic9oaBxzZpmSWxZ5k.gz[1].js
| MD5 | 8c8b189422c448709ea6bd43ee898afb |
| SHA1 | a4d6a99231d951f37d951bd8356d9d17664bf447 |
| SHA256 | 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff |
| SHA512 | 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\dWoBZo5dRP3bgmUuN5Vqofu8kbo.gz[1].js
| MD5 | 7a0dd3b8ac06a6b4a01953955606ed27 |
| SHA1 | af6453882542d8bd119a768c025af1c94bf7b3ca |
| SHA256 | f1b3acd8757d2c9db87cb851eebf25909c0355483520475c2ed1f29bb36e062a |
| SHA512 | e5cc3aa206c4a62e746ea9743ae92fd5efb4d46f12c9f51ba04eefffc58e04fc8b085eb0fbeca42290a8ecd3d8c07b40ad80f80db3cf3309d098022f948865c2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\3tdN5-aUjXHlyFDCP-W57B-Gjkg.gz[1].js
| MD5 | 0c0ad3fd8c0f48386b239455d60f772e |
| SHA1 | f76ec2cf6388dd2f61adb5dab8301f20451846fa |
| SHA256 | db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7 |
| SHA512 | e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\2MNFZoUV19wQglFaxwi8z4iyQlU.gz[1].js
| MD5 | 602cb27ca7ee88bd54c98b10e44cd175 |
| SHA1 | 485e4620f433c02678be98df706b9880dd26ab74 |
| SHA256 | f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8 |
| SHA512 | b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\w1gdrM6p5Kmzh4Gi9fKcTaefJ1s.gz[1].js
| MD5 | 16050baaf39976a33ac9f854d5efdb32 |
| SHA1 | 94725020efa7d3ee8faed2b7dffc5a4106363b5e |
| SHA256 | 039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55 |
| SHA512 | cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\f5M90q9eKVXkGU-DAv9Aa4jef2k.gz[1].js
| MD5 | 8d078e26c28e9c85885f8a362cb80db9 |
| SHA1 | f486b2745e4637d881422d38c7780c041618168a |
| SHA256 | 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461 |
| SHA512 | b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\NRudXMsXYtnM1BQyD6xvAZoudZM.gz[1].js
| MD5 | 2ab12bf4a9e00a1f96849ebb31e03d48 |
| SHA1 | 7214619173c4ec069be1ff00dd61092fd2981af0 |
| SHA256 | f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac |
| SHA512 | 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js
| MD5 | fabb77c7ae3fd2271f5909155fb490e5 |
| SHA1 | cde0b1304b558b6de7503d559c92014644736f88 |
| SHA256 | e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c |
| SHA512 | cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js
| MD5 | 6c2c6db3832d53062d303cdff5e2bd30 |
| SHA1 | b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d |
| SHA256 | 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70 |
| SHA512 | bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js
| MD5 | 47442e8d5838baaa640a856f98e40dc6 |
| SHA1 | 54c60cad77926723975b92d09fe79d7beff58d99 |
| SHA256 | 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e |
| SHA512 | 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js
| MD5 | f5712e664873fde8ee9044f693cd2db7 |
| SHA1 | 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4 |
| SHA256 | 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2 |
| SHA512 | ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js
| MD5 | a5363c37b617d36dfd6d25bfb89ca56b |
| SHA1 | 31682afce628850b8cb31faa8e9c4c5ec9ebb957 |
| SHA256 | 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f |
| SHA512 | e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js
| MD5 | cb027ba6eb6dd3f033c02183b9423995 |
| SHA1 | 368e7121931587d29d988e1b8cb0fda785e5d18b |
| SHA256 | 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f |
| SHA512 | 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js
| MD5 | a969230a51dba5ab5adf5877bcc28cfa |
| SHA1 | 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265 |
| SHA256 | 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f |
| SHA512 | f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KM1KK7OJ\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js
| MD5 | 3ff8eecb7a6996c1056bbe9d4dde50b4 |
| SHA1 | fdc4d52301d187042d0a2f136ceef2c005dcbb8b |
| SHA256 | 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163 |
| SHA512 | 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\KWqNO2aZe6YJFeYtVL2of-Fv82o.gz[1].js
| MD5 | fd88c51edb7fcfe4f8d0aa2763cebe4a |
| SHA1 | 18891af14c4c483baa6cb35c985c6debab2d9c8a |
| SHA256 | 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699 |
| SHA512 | ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8POXA1O1\cTjovfJ8fuNtDtyC0VQH35vgAUI.gz[1].js
| MD5 | d807dbbb6ee3a78027dc7075e0b593ff |
| SHA1 | 27109cd41f6b1f2084c81b5d375ea811e51ac567 |
| SHA256 | 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7 |
| SHA512 | e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\W8bLYGpay8IFp3H_SrUDKaBAn30.gz[1].js
| MD5 | fb797698ef041dd693aee90fb9c13c7e |
| SHA1 | 394194f8dd058927314d41e065961b476084f724 |
| SHA256 | 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da |
| SHA512 | e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\Uwndwd-qWHEaU0qRminFp8JV8EI.gz[1].js
| MD5 | 45345f7e8380393ca0c539ae4cfe32bd |
| SHA1 | 292d5f4b184b3ff7178489c01249f37f5ca395a7 |
| SHA256 | 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9 |
| SHA512 | 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\dkZ2l5w8MStP127q9pCadKroljM.gz[1].js
| MD5 | 9eea9837e495beb2ff95f8e3e4822012 |
| SHA1 | 954b02acb8612aeef42a5f13c89d4e39d5a103aa |
| SHA256 | efb778bdbdea1982b3cbe5c1a6244c2ae69b986fbc01f3b2117f93f1347e9fdb |
| SHA512 | 5d604187a80794f0f808bb17a1c8972ed7924f0b16fbd704bc8f9c3747fef893191ad7b6f22303f2d28788f99f83c70c34951a9b7182b4637c9720560be34edb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js
| MD5 | b743465bb18a1be636f4cbbbbd2c8080 |
| SHA1 | 7327bb36105925bd51b62f0297afd0f579a0203d |
| SHA256 | fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235 |
| SHA512 | 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\2IeqNnpxuobNf8w1fP2Oy2HEFfk.gz[1].js
| MD5 | 22bbef96386de58676450eea893229ba |
| SHA1 | dd79dcd726dc1f674bfdd6cca1774b41894ee834 |
| SHA256 | a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214 |
| SHA512 | 587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\g2mFaePdYzQOubI8JEItbebrED8.gz[1].css
| MD5 | 6d94f94bfb17721a8da8b53731eb0601 |
| SHA1 | ae540db8d146e17cfc3d09d46b31bd16b3308a6d |
| SHA256 | 21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd |
| SHA512 | bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\VbSztIaSY8XAi9dm3h6m51N3zH8.gz[1].css
| MD5 | f8a63d56887d438392803b9f90b4c119 |
| SHA1 | 993bd8b5eb0db6170ea2b61b39f89fad9bfeb5b5 |
| SHA256 | ef156b16fdcf73f670e7d402d4e7980f6558609a39195729f7a144f2d7329bf3 |
| SHA512 | 26770bb2ac11b8b0aef15a4027af60a9c337fe2c69d79fddaa41acfd13cac70096509b43dc733324932246c93475a701fd76a16675c8645e0ec91bd38d81c69d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\tPLNa5UcMaQEzzg0acZfPM45N6I.gz[1].css
| MD5 | 9baa6773c6549250a3393e62c56eb395 |
| SHA1 | 5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d |
| SHA256 | dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2 |
| SHA512 | cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\_ykiGO1K5rjAQeICdJheT3jfLeY.gz[1].css
| MD5 | 7a903a859615d137e561051c006435c2 |
| SHA1 | 7c2cbeb8b0e83e80954b14360b4c6e425550bc54 |
| SHA256 | 281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666 |
| SHA512 | aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FRRST42\u2k1jj84SPAViWHBjNpkhFEunis.gz[1].js
| MD5 | be90c5657fc460ecac37e9562a61398e |
| SHA1 | 78da66ef6053a78cccab6e0d6bd7d7d18c6cc3d7 |
| SHA256 | 365cd55be8d007923569c20fffc7303d0b2b99f176ab5a99fc275ba1fcd65fc7 |
| SHA512 | 778d4fee82c12eb2816503ad826ddba720dc29944f9efeffb0a9fd2457c1fe9cc3870f6024f22044f98a50be06ac1a85ca4a8c51fb0727225ea281c2bae03a10 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 24f8cca7079ef989c6fffc82c8663161 |
| SHA1 | 8f8d45fcfdf52cf8825db40eb30666cf6a9a92ba |
| SHA256 | 2701b85916d765f0a8654597745f64ab3f9d0221d7242f0d7e5ddb1741b00ba8 |
| SHA512 | 213884e4b04cbc81c4654f235480b233bed30c2b86a56eab4b8697901f844a025ac22ee7e8be67425d5341d825d31e4ad6ccaa01e98b5431925d4f40e223d1d6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
| MD5 | 2d75f2b665b4f972dcbaf10254bc5ea9 |
| SHA1 | a87b8e123cacee14cfa8f7f641991e25d1b2d729 |
| SHA256 | df71cfdfd56d96fc17fcbab0fa2d47e720affc6295db63256f96080fc8dbf438 |
| SHA512 | ef011f648741dc5ae5014bd59a24bd1514b8654229f3e3d43fd5b0382d7554bc600abab7358c106fdd6eeade7ee0c7747ef30d0628634cfa69a24ae6a87ac2bf |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
| MD5 | 404a6678ce128cc08c7e0b5057d6eec5 |
| SHA1 | 5a556e7129b65149d9856ff485c01d1d20280825 |
| SHA256 | c578283f0379dc5e5e8e04fae4fc50cf801af5171e68e43aebae79bf6f127f0b |
| SHA512 | 51baa94ae9d7318ee9a5e0b7f4772e38eced21cc08a54dd21f824cb7bdeded7a6309a6293544e526b770598e566c5d2997c6fbeefefad63b7924f624e523daa7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
| MD5 | 7340557e926e70af8d9abbc588fbde50 |
| SHA1 | 26451e56586c6e63cd233adb9c16ddc53cc095c7 |
| SHA256 | 4fb2766516d58344c7b766f5f8007276792b56ff99a091f07de5c507180a0a47 |
| SHA512 | e819b305575d212c642cf08a617ee1eae03b8619cd738b48745b93c71b9795e43f4a6c9c572d9c825a158385228833fe3e436a1de2d2c98a057733e089c747bb |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
| MD5 | daf28fbb2a54e1bbf373478725d18851 |
| SHA1 | ac21314df3a3117fe2102a4994be1847fb9a85d3 |
| SHA256 | 78a1bac98322df1e5e9f62531eeb6deae20aedc249ec913b44d5b29dde778f0d |
| SHA512 | 2331c33d1684abc7284f72c6390e89b480ac39d1fe4261960549cfccc07ee68adbf4532204ce74fc87da6891baca9deb68f9950a186a5e275662b081f59446e8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R2LDOCJS\favicon[1].ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | ff67864dc6b74ccc0f26c0cb9dc6a7ea |
| SHA1 | 614159d21a6ffc589ec143ff2dd0ab091b35a697 |
| SHA256 | 1fc41bcc619d5eac3b14f336d4f2f38a317685d292a73d6e7ff578ab3b3fd38e |
| SHA512 | 54103c0988b3d144f3b702fbf6cebd666eccf3fd4d359b9a757ae1d9d60146b98c7ec17280e28fb58a4a76adaf2ed75dafc20d4d01af38d7c0031b5d9dc77bf1 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 157b40bc57a101a60838e98a38f41505 |
| SHA1 | d72c30ad8de1b71cd516cd614e423e114f8c390a |
| SHA256 | 3c0d366ad43d856109770504361ca3ea91821b741f660867b8d316101218d1f7 |
| SHA512 | 7a36d81b97aed395d7932131091aea27b97bd27793f33fdd8cd157b2599a606c41ea7e65a3a0fb393b74cb48cfe89155349ccaba32e8d863e7b5747e42b2c277 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\Bonzi[1].zip
| MD5 | 87f7b3fbf921de1af35dfbb91880acc6 |
| SHA1 | 8186aeb7acd34b20a0baabc2c11286a0f84ad83e |
| SHA256 | e3b603f8167cb6e805b5a42fcb2dbb6cff92cdde9a066629d30efdb675fd7f23 |
| SHA512 | 4dab15a510bd37f081f2060cb94f031dcaf37d65f0cd90f58a16617286033e7a177ab9af26b3d6a10887d20268c5c1ccdedec82c92a03a9176980bead35f0584 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\Bonzi[2].zip
| MD5 | d07f096eba56ee9602ef3e595c4ca9a5 |
| SHA1 | 06403c0dddd399af92bb3457ac1ac386809f54d3 |
| SHA256 | 8213ff9a1aaf6d3704c9a1d35f6295d654e0f8d1e30f18e37a2babd6fa7bd6d8 |
| SHA512 | 868888311406764fe3a3082f2eae7f24f1075e419354bbfd9bbdb00ab890f71f1ca941a8265b274acd0bf98e475a947c6d496aefcbfd49a923cd660f8dc569c0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB1Q0ZE0\bbsetuphom[1].exe
| MD5 | 3694c1e5ccdb67a3c83c37acff0a0ede |
| SHA1 | 07549f50e91ac77fc29053c4a91b80596700b9d7 |
| SHA256 | 015d21c92401276d4548395efa9b90aa2e540510aeb5da8ec895bff9de5b90f4 |
| SHA512 | 1a1141f5c9f3991d7969e7da219c0946488b9e8bc15ba85169d2d984426180efa7c844c42909713f65c5eda82523297b1422a8e9fda464be526458f5f8c90958 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | f20b78be2e26be90013825b43bda7c53 |
| SHA1 | a9c889f9a32fd60dc63911b2b5799f58ef0cd75c |
| SHA256 | 43c792f9e0344cf44d75f1b9adde369cf8dba4fa01ca8624ab4fbf9d4b69c9c4 |
| SHA512 | 24e8d1500e1d391518e39bdf9ad1e998efc2c71bb53996f7fbd4d754337c9cb30fcb3adbd4df422a0dbe154067694a131c441a054297e594877d106956e31808 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
| MD5 | 28007156cbf8ae9ceecfd99cd25f11d1 |
| SHA1 | 33e651cb007b6351d2ff5511b7ff687d742ac457 |
| SHA256 | ddedb322aa182a451796306e2c137c1bbf50175f3bdcc7e7228edfbf6cfdf8f7 |
| SHA512 | cab840515c8e901867d06e10f17cdaf505523c0f72ef3bd49da07562b704d354f0f3ea53a0ceea8f7e626928dfdac00e3ea2c429746d20b9c9b26c2b19a8c36d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
| MD5 | feb9b2a51ff28ac0ef4143c54e598b38 |
| SHA1 | 2a6d275100a5e816d33b0b797fcb10baecbeb150 |
| SHA256 | 94c3ba4f613e775cc4eeb434a431dc5cf8fee6f7e19c8db7d14c5f14130cecaa |
| SHA512 | d93deb3cf4bb672e66357dd7ea5ee562a8aa8889fd7ff65639e68c9f208a901e329c07d30340356af24d2e713f541812e04132ec151ea18aca1ace60b1aa74e4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri
| MD5 | b8da5aac926bbaec818b15f56bb5d7f6 |
| SHA1 | 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5 |
| SHA256 | 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086 |
| SHA512 | c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri
| MD5 | 30ec43ce86e297c1ee42df6209f5b18f |
| SHA1 | fe0a5ea6566502081cb23b2f0e91a3ab166aeed6 |
| SHA256 | 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4 |
| SHA512 | 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 737005d6d7b76c94e918ed052eca7776 |
| SHA1 | 77d9f643ad42b7177a27567c46cf42beae4e9841 |
| SHA256 | 101c29e13e03a2226280256271a76fda05a2bc0d352cc27d697d5cd734d8df3b |
| SHA512 | 3b172be6fdbfeb93ea71d56bccc1a43bece0f92e6abf5dfe2f33744dd4ca9ef4698d1091c4b4ea23537b0a24983765ca0ede862ce19ab88de2a5cecff4ed8850 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18965
| MD5 | 23b1744300fe3d026f6b96fae87e3e8a |
| SHA1 | 804b7e0571e4a30b6e29d7537ecd6a62334ee28d |
| SHA256 | 73f094df38081da7fb3eabfec8c4e16066923cbac0392526e2aada016607a7ca |
| SHA512 | bbf65e2ffe5b866dc3d3503613179426e948dc2e5f41311e63132c01a33200d064994f32d192ad9c1c3fe2d0f824425cf415098dacc63efca666f009520adf9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | bcf159387da81edbf36e58388fcb2b22 |
| SHA1 | 74a221c05eb21234712bff64d4697f5437e2665e |
| SHA256 | 6c6ca698c1c79f06d81d4437e4fd6ac2b28956d1ae48058e24f2b13b9cf75624 |
| SHA512 | fec6d5ee261fcb2e26a1d6551ac9b0c5b72fef97b3a9df9abd2ee7431d47ecd823dafb58b4ec91822c661d45472553b007ed15ce434b54c8f5b142af4e4e7b86 |
C:\Windows\INF\c_fssystem.PNF
| MD5 | 62aa13d8b35622154eda5c68242c5cea |
| SHA1 | 4abfe389a2ccfa46bca53ce6dc7151b7ba63cb3d |
| SHA256 | e7841792feccb1e8d8bcd10cab9d2da62cbd9c7c1065588f92b4a12499d86056 |
| SHA512 | 5b882b5dae37bc783f34a5efbd6e83717d99e871f5a5de46423eceab4b2fd525d4cf71ebe6b343e5b1f17d281a151bc97af7e01e73958efe208ced5fb13ef569 |
C:\Windows\INF\c_swcomponent.PNF
| MD5 | d2e123b50b01ce3ff8cd0a86831782ee |
| SHA1 | 8fdfbc45ab5a292967d4af34365c40ee2fae46c0 |
| SHA256 | e9d91ba628f46611fe2b5891128567c414d51b76ca77e95eb1d10b69361cb1bd |
| SHA512 | cdc79d83ea020a0695667df1519d0c1f1f219e902868734eb99a7e8f3830a22be3b8bc5d6116e6c951f686b934d433d3ee4ce6d7ae216a34b4948d36862d174e |
C:\Windows\INF\oposdrv.PNF
| MD5 | c26d33a25b045c835ee9595317eaf102 |
| SHA1 | 53095ef246a4f32ec632c7b8bd609635d577c46f |
| SHA256 | f2666e3b3c38d703a1fb36fcd6bcffade64d395745941ca4069ee11154be161a |
| SHA512 | 644fe10f92a41f762962660facc47ade22cd08f5387e21053802e39ac422f65464797ca52873064f4fdc4423cacdb96845bbfecd19f30c77d83438825baa8517 |
C:\Windows\INF\c_apo.PNF
| MD5 | a752b8620d4bd7826bd234c78d118cf9 |
| SHA1 | 2d9cf67f18dd3b0ea611b482c2baab4184fecf36 |
| SHA256 | 76498f215930b2f903e82c6ead3cf99ef1f99131a34f7ec1920895eb06fdce48 |
| SHA512 | 4ece5cfe4c37c5aaa178a2371bb16ba81aa043932f315e729b4bdd74412618ae8db8ffb7cd33f90ef623ebc7128bdd6ba701ae5365790a20bd8f15fa37a09d64 |
C:\Windows\INF\c_proximity.PNF
| MD5 | 09fb8e2ad904ae63c2af814974ad3f24 |
| SHA1 | 12754711551f2c582b717a5620da90dc48013b27 |
| SHA256 | eead3e4568a7269a55d00df4b871ea51fdd7ff39596d47febb05fadd935007e1 |
| SHA512 | cbcc4031316da3c943ce708a9f52224285def92dd32dbb4ad1d13f8417517b67c2c66bd099c485a67d985c7081d0a6a88c3bdba5dd127d74ed588e949db43a1b |
C:\Windows\INF\c_scmvolume.PNF
| MD5 | 87a63bf014e7691515d416f8a88e3cb6 |
| SHA1 | 3b0ce72ec4d30be6cdc6ee74d6ea81bfcf62fdbd |
| SHA256 | 71b45234b6853eb160290d80e19f81f5331633557723815b4bd8b3b83a1422fc |
| SHA512 | 39dd6cd5f1154eb9b701fc17ddf52e9af37feae4b913e6a701296c331392a8a3bea3603853f70d1e9e3a5b27da9dcdb34e5b6c0f7de50e9058fcb157308623e6 |
C:\Windows\INF\c_scmdisk.PNF
| MD5 | 2693258e0e4fb4753a2616437160e6a9 |
| SHA1 | 07ac5c652cc304b51522b83b84aa7d7a154a1719 |
| SHA256 | 65784d3ad3e7ee2dce8b8863d2e1c0b869a7c00da1f856d3bd764e7b6ccbc33b |
| SHA512 | c91a7afb295d0c21f40febe8cc885d9bcc3508b9e82b8ccf8d2fe57e79954a50fe8c208c352bc4ff0edbe2fefa97aa1302bca8d0602aae57e819489cf2e3d6ec |
C:\Windows\INF\c_processor.PNF
| MD5 | faae33656c78deb72ff9b3bdd673fa3a |
| SHA1 | 302b1f074d5a50636fafb2232e7928a05b05a30a |
| SHA256 | 9836057b14021082e33547621ebaa4c1e6ec7a314f9d6e3e683695843b2a3b12 |
| SHA512 | 5d5d17a3702255b8e0093734885d8adc44f52d5057f5566b30032551494aeb43ab149c98a686eac5f680f470f24c6bc7883343789584573add2cac01066ea7ce |
C:\Windows\INF\c_linedisplay.PNF
| MD5 | 54c30731629fce5613cefbc4182e3ec0 |
| SHA1 | 1f4b4aad14fbc75d2b45ee1a64ef4ce91d53fee8 |
| SHA256 | 08dafe01b152300cb65b794745d496f9681640b5bcfc46a294fb7de232e121d8 |
| SHA512 | bcdedb678391b44a6e3b432e64999f2f53f4eff5a9e98d9384f7e45f5545ab9f5c866dad360875898d9bf1161793bd06266fbfdc60a3deef82c957c756e02cda |
C:\Windows\INF\c_monitor.PNF
| MD5 | f5e1f09f4fe7de5824a0b319f857cca1 |
| SHA1 | 2fdcb9f7bfa12ead42d4aecde4914477a497bdad |
| SHA256 | facbf937528564de918565266bba29fb8f3e859ef167eeb0776f09f6ecfcb2c4 |
| SHA512 | f71443a01cff1fe5031973315eb9a98be30cf3bf39863e13858850e0e75472ca2c18775aac9fdb4b99c60c44a8d5b4078c621a7d0f58ebe0baed77bf95351f2a |
C:\Windows\INF\c_diskdrive.PNF
| MD5 | e1d75a297c6843068cfc24d4323e0b4a |
| SHA1 | dd661882722469c2e5047e3314b2aea61abbacc3 |
| SHA256 | 5b0c49a525c308e71296035a4b348281fa347edb853b9c8433fef33d746a7eac |
| SHA512 | 0c817081af0b53a6f08f5d0659cc6ab90c8303f84004899cfb42bad14cfb301d0099c5196fe9b757aa97bf66fab89ad20425015b04b5f8f7692928724f53266f |
C:\Windows\INF\c_fsreplication.PNF
| MD5 | 5833f4897bf09d8859d69e63c314fef3 |
| SHA1 | cfaab724568528bf8e24e693e2c356d090344c51 |
| SHA256 | 446f964e5c38e4774b44bbe46e1bf685506df31bbbb6801979c8113e017958c6 |
| SHA512 | b9858ed2db310d9d04872c4871521ecb2379d2891cea7ec12744242a0757893a37829328f038605f597f142cd6e7f3ab11accf805d66743a331ceac79057600b |
C:\Windows\INF\c_mcx.PNF
| MD5 | b92498b4cc923803b38d6ae0f9c87581 |
| SHA1 | 26f5d214d7370c72c188aa6718e153ec668b7bb0 |
| SHA256 | bf9e86e9fcc1af114df995b0892d01ec2e62a8a0193e009a94f17f9414957265 |
| SHA512 | c76e84e83bcb6948288976ce1910b28f3131d07ee7734df01d53a3af3ff977b9742b588dbd821dc9b301a4aa0bb78605ad5902988eaa85fbd297171ca9897066 |
C:\Windows\INF\c_fscontentscreener.PNF
| MD5 | 4c4016fa43ae5f2d4a5e88357416fadf |
| SHA1 | 4017a8b837736be6536f24df43ec0c25a5f0f654 |
| SHA256 | 99d62a02034aa2f4cd39a40c27f5a81ca07a13454417b48ab34ff41f52757c6d |
| SHA512 | e1696bab0858dd078ed3e386688d9995f87fd50922fddf052254298f7580a51a4029c0ec691c2f42d9accfa2af3ddc35abfeffb2d5efd393f77d01501edb23eb |
C:\Windows\INF\c_fssystemrecovery.PNF
| MD5 | 3bf43fa4942bbd93b268650fe6d62724 |
| SHA1 | 9b38d7af07092f20009fa671d1b5d1c6f322a984 |
| SHA256 | 5977eb8f7d226e6d24c2a4d3534c0525dcf3931542dfd9455b5b191450c1f580 |
| SHA512 | 9234c7f4ac5ec9f36f9c2b281ec131935e24c267c34de0ff47d8c54100e9aa7054cdb7a05980823ab769c223ed0acb10f22d5bddc19a4f19440ebcabcb9699da |
C:\Windows\INF\c_magneticstripereader.PNF
| MD5 | 21a08ffba0533138881adbc99e0176b7 |
| SHA1 | 1262421e368e7ac4764e4e71ae9a7aca1f130e1c |
| SHA256 | fee5a310ee14551bd5d876a108697ed2069d8ac6bfc70f93969cb998c4d5c77d |
| SHA512 | 6723547153550822c9e6ec200155c2bb25f1f5f17bf9e13e688addc313a2b8b089d8b7f85d4bae57935bf5aed9d616609cedcd7ffae2a812f194b0c0a3c8a82a |
C:\Windows\INF\c_sslaccel.PNF
| MD5 | 5b7d15fdb0710500928b2e38e463b10b |
| SHA1 | ff338ddcd826b90f3f175ac4e8fb7070452dd37d |
| SHA256 | e11ce784cfdc120a895c1dbec842e852759b7bff194469d4a189fa37566c5bba |
| SHA512 | 2c93dc15e59dc0cbcf3efe32d239b98eb78ae2e3d41fe548cc6f4a700c14491f1caf0f0e332f5f923533242461f94e7cb36f585480c07e438f3c40a6b6574801 |
C:\Windows\INF\digitalmediadevice.PNF
| MD5 | b6b50a844acf8ec6d551c58ba08064bf |
| SHA1 | ac2a03733d682c437612cfa7c913c62a93fea3ee |
| SHA256 | 807c0e1b043d75301d86867e4b994b81e5f62200aae77ec7db3b07534e810706 |
| SHA512 | e8fa0005b54f0be48f6bbe511757680137259bfd441dd04419fbd48b2ed1581346fd1708bb69139a0ce0547a01aea44c73965c064994eb2cd35b2613563b9923 |
C:\Windows\INF\remoteposdrv.PNF
| MD5 | e6e2316f1dadcb7399edcf6610f482be |
| SHA1 | 1dc93074b518d17b5b7076d18493af6b0c5cebeb |
| SHA256 | c6b9bfaac6250ef0d9236524557ae3874e30a54bc7b3a1ac249f6436752729fb |
| SHA512 | 654c73d398cf8ee17d41ed3aa7653246e26de827fdde6e8fe1062deeb87507d6f9a4acf0740ff3104b529713bf45dd8c20f80818b03ce748a23b6553288c6f68 |
C:\Windows\INF\dc1-controller.PNF
| MD5 | 4b67a0903b99c010a6fbc075d7320693 |
| SHA1 | 349ab69544b73514ef2533bb0ab870b18c35caee |
| SHA256 | b9759fbab3a835a5e62f964954475f651291b4e301c43445c0d86e3fe36f4afb |
| SHA512 | b919b2b9a90e67acdcb125f52aa21cf8ce09c8220b4ff1fe372440a758c0a2d077c116fcd75a5981fd41caf54c2316d945ea22538a2865b50cb307238d77caf5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 15:25
Reported
2024-06-19 15:56
Platform
win10v2004-20240508-en
Max time kernel
1796s
Max time network
1805s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4960 set thread context of 4092 | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe
"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
"C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
Files
memory/4204-0-0x0000000074942000-0x0000000074943000-memory.dmp
memory/4204-1-0x0000000074940000-0x0000000074EF1000-memory.dmp
memory/4204-2-0x0000000074940000-0x0000000074EF1000-memory.dmp
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
| MD5 | 3e308fd2c93d1a656482bfe1ac76626d |
| SHA1 | a0d84d1137134e73a6144f8f803bde799e227031 |
| SHA256 | 5bc1b730c66a19fcd049b1dc6836fff5010995b32dbd8f7a18928120b6954458 |
| SHA512 | ef7e384563b5d4d2d2d09f3d99a6b33e3c83e9b70d0cf2d35dc1c22ff6f55da241427c0d50183598f55a03784164baec497eae5ab4aef136b6563375ef1e3c3f |
memory/4960-18-0x0000000074940000-0x0000000074EF1000-memory.dmp
memory/4204-17-0x0000000074940000-0x0000000074EF1000-memory.dmp
memory/4960-19-0x0000000074940000-0x0000000074EF1000-memory.dmp
memory/4092-20-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log
| MD5 | 0a9b4592cd49c3c21f6767c2dabda92f |
| SHA1 | f534297527ae5ccc0ecb2221ddeb8e58daeb8b74 |
| SHA256 | c7effe9cb81a70d738dee863991afefab040290d4c4b78b4202383bcb9f88fcd |
| SHA512 | 6b878df474e5bbfb8e9e265f15a76560c2ef151dcebc6388c82d7f6f86ffaf83f5ade5a09f1842e493cb6c8fd63b0b88d088c728fd725f7139f965a5ee332307 |
memory/4960-24-0x0000000074940000-0x0000000074EF1000-memory.dmp
memory/4092-25-0x0000000074940000-0x0000000074EF1000-memory.dmp
memory/4092-26-0x0000000074940000-0x0000000074EF1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-19 15:25
Reported
2024-06-19 15:57
Platform
win11-20240508-en
Max time kernel
1796s
Max time network
1800s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 896 set thread context of 4032 | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe
"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
"C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
Files
memory/4656-0-0x00000000750A1000-0x00000000750A2000-memory.dmp
memory/4656-1-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/4656-2-0x00000000750A0000-0x0000000075651000-memory.dmp
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
| MD5 | 57e3af361eba4ec0d2ca783222b9fb39 |
| SHA1 | b37d0b563b9c3ec7782ff5bc729c18f73b7f72b9 |
| SHA256 | a5a5697895d60811019ad1954d3c5bbb8e5f6b36d3cb99a8af54661f95f6e5d1 |
| SHA512 | 021cd9c1a42ca2dc7dac586e7cb285d649093ff13d9a216ac40ccc29eebd2097ae15a38a027993270388bb96dd54f4639be61568653c7a736a314b9c5c9820da |
memory/896-18-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/4656-17-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/896-19-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/896-20-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/4032-21-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log
| MD5 | 120bfac9d59228edf92ec26d4bbfaf9e |
| SHA1 | bc36d828b7f358671ef0cb934c4ab2fdfb02b447 |
| SHA256 | c4c6e7ef90b460bf232e55933594a95ba4a2d156fa5accb06d1c7c2f817fcf35 |
| SHA512 | 684f086ff7d41d85782b21f5bc7e79584f5866f3c06eabbca2c5a697c1d142aa81e0dc25c78be978ba67e9e6fc014f3b62d1da114dc1bb009c7637491a619137 |
memory/4032-25-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/4032-26-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/896-27-0x00000000750A0000-0x0000000075651000-memory.dmp
memory/4032-28-0x00000000750A0000-0x0000000075651000-memory.dmp