Analysis Overview
SHA256
69a2ffd3f56dffa4727108bdcb807d883a996a95c4c41de2f5b9fa497c382691
Threat Level: Known bad
The file source_prepared.exe was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Enumerates VirtualBox DLL files
Sets file to hidden
Command and Scripting Interpreter: PowerShell
UPX packed file
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Detects Pyinstaller
Browser Information Discovery
Modifies Internet Explorer settings
Modifies registry class
Enumerates system info in registry
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Views/modifies file attributes
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-02 17:13
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-02 17:12
Reported
2024-08-02 17:16
Platform
win11-20240802-en
Max time kernel
138s
Max time network
153s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Microsoft\nothing.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Microsoft\nothing.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Microsoft\nothing.exe | N/A |
| N/A | N/A | C:\Users\Admin\Microsoft\nothing.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft = "C:\\Users\\Admin\\Microsoft\\nothing.exe" | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14169" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "15290" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "19083" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1075" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "10664" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9085" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14203" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14203" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1075" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "16826" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "16826" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "9085" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "16129" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "16826" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1042" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1075" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "9085" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "15290" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14169" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "16129" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "19083" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1042" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14169" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "15290" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "19083" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14203" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1042" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "10664" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "10664" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "16129" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Microsoft\nothing.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Microsoft\nothing.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C4
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Microsoft\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Microsoft\activate.bat
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Users\Admin\Microsoft\nothing.exe
"nothing.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "source_prepared.exe"
C:\Users\Admin\Microsoft\nothing.exe
"nothing.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Microsoft\""
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0753cb8,0x7ff9d0753cc8,0x7ff9d0753cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff9cb9dcc40,0x7ff9cb9dcc4c,0x7ff9cb9dcc58
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2332,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2316 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1672,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2456 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1944,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2584 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1916 -parentBuildID 20240401114208 -prefsHandle 1648 -prefMapHandle 1656 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc25911c-265c-463e-be1f-83b4f16f8fc1} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {792628bf-8b35-4c75-bd19-9cacf2f89d71} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2832 -childID 1 -isForBrowser -prefsHandle 2216 -prefMapHandle 2868 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e140a21-9577-4e77-98c0-3221cc2c1c65} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1452 -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3208 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b87b950-9429-4ab5-be14-672039dc3c68} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3660 -prefMapHandle 2536 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11b7c910-bccb-4160-8f2a-0de4217a8920} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 3676 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d8efb1-005b-4aea-81e1-61302f0c6429} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1788 -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e74743c8-98f0-414e-8eb1-3b2cbdd7d8a1} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5340 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bf76082-4f5f-4d51-b979-59619e37b3e4} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5876 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a91378cb-27e6-482e-b34e-fb58b503d128} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 7 -isForBrowser -prefsHandle 5520 -prefMapHandle 920 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a4d5d1-6c1c-4962-9b4c-76222dc7063f} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1776 -parentBuildID 20240401114208 -prefsHandle 6116 -prefMapHandle 6120 -prefsLen 30400 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fc258c6-d6e7-4e37-8580-6cf2785c1eae} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 1440 -prefMapHandle 5308 -prefsLen 30400 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1adc2c9c-c805-4c13-a67b-a0ae090b3fbc} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 8 -isForBrowser -prefsHandle 6156 -prefMapHandle 4680 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01288160-9688-4e72-acc0-109e8e7b0553} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 9 -isForBrowser -prefsHandle 4332 -prefMapHandle 6480 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33928db3-d56f-49a8-853e-d03e4bb53224} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6676 -childID 10 -isForBrowser -prefsHandle 6744 -prefMapHandle 6748 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {699bfdfc-5f0e-4d3c-ac5c-2e976144d912} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6788 -childID 11 -isForBrowser -prefsHandle 6796 -prefMapHandle 6800 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71ca3a29-9ece-4b6b-9c26-6a274e5ed44f} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6980 -childID 12 -isForBrowser -prefsHandle 6988 -prefMapHandle 6992 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7505fd7-6752-40e4-a0fe-12dc163aa03e} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7284 -childID 13 -isForBrowser -prefsHandle 6840 -prefMapHandle 6460 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5127b080-c465-4088-bca9-f90bb3298ea2} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8056 -childID 14 -isForBrowser -prefsHandle 8016 -prefMapHandle 7976 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b904cb-1a34-4a7b-8ec1-8a40d3083b56} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8188 -childID 15 -isForBrowser -prefsHandle 8200 -prefMapHandle 8204 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30010d4f-4a5d-4539-9122-6b9218ae6d2a} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8508 -childID 16 -isForBrowser -prefsHandle 8528 -prefMapHandle 7972 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7b0420d-b20f-42f1-b7c2-65119fceb7e2} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8772 -childID 17 -isForBrowser -prefsHandle 8764 -prefMapHandle 8760 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49d641d-4728-43fb-8dff-8952f90e46a3} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8708 -childID 18 -isForBrowser -prefsHandle 9256 -prefMapHandle 9260 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {587d098f-89d4-479b-bc1f-a4f8e9965e1b} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9360 -childID 19 -isForBrowser -prefsHandle 9436 -prefMapHandle 9432 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59ae682e-5c02-4ca0-80d3-04a2918234df} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9392 -childID 20 -isForBrowser -prefsHandle 9260 -prefMapHandle 9232 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74a8e157-86eb-4a69-a122-68ddd1a2f726} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9760 -childID 21 -isForBrowser -prefsHandle 9780 -prefMapHandle 9668 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e5549f3-c9b9-4493-9ab6-8693f8606bb6} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9708 -childID 22 -isForBrowser -prefsHandle 9916 -prefMapHandle 9920 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c36db90-be74-453d-966b-5821c3070b54} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10116 -childID 23 -isForBrowser -prefsHandle 10128 -prefMapHandle 10072 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {657680d6-c97f-476a-a378-cefa451c1ca6} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10320 -childID 24 -isForBrowser -prefsHandle 6780 -prefMapHandle 10284 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47babb01-36ab-437b-8b06-6f7f053be2e8} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10396 -childID 25 -isForBrowser -prefsHandle 10404 -prefMapHandle 10408 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74942d95-1b62-45b3-bdba-963b3d56642b} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10588 -childID 26 -isForBrowser -prefsHandle 7008 -prefMapHandle 7192 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a4edf7-1a6c-4620-af89-4e3980771f09} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9664 -childID 27 -isForBrowser -prefsHandle 10432 -prefMapHandle 10436 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3347f861-b662-48dc-be22-e38102f95dcf} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10564 -childID 28 -isForBrowser -prefsHandle 10996 -prefMapHandle 10992 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71c2fd4-d386-4813-b8ce-eca3ea365546} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11176 -childID 29 -isForBrowser -prefsHandle 11260 -prefMapHandle 11180 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee1ae88-7fca-4d88-8084-6db752b31a03} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:53690 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| GB | 2.18.66.75:443 | tcp | |
| US | 20.189.173.23:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 2.16.167.58:443 | www.bing.com | tcp |
| US | 13.107.253.254:443 | t-ring-fallback.msedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs-nocache.azureedge.net | tcp |
| FR | 152.199.21.118:443 | static-ecst.licdn.com | tcp |
| NL | 142.250.27.104:443 | www.google.com | tcp |
| NL | 142.250.27.104:443 | www.google.com | tcp |
| NL | 142.250.27.104:443 | www.google.com | tcp |
| NL | 142.250.27.104:443 | www.google.com | udp |
| US | 150.171.73.254:443 | bx-ring.msedge.net | tcp |
| GB | 51.105.71.136:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.22.19.113:80 | rule34.xxx | tcp |
| US | 104.22.19.113:443 | rule34.xxx | tcp |
| N/A | 127.0.0.1:54259 | tcp | |
| N/A | 127.0.0.1:54273 | tcp | |
| US | 104.22.19.113:443 | rule34.xxx | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| NL | 142.250.27.147:443 | www.google.com | tcp |
| NL | 142.250.27.147:443 | www.google.com | tcp |
| NL | 142.250.27.147:443 | www.google.com | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| NL | 142.250.27.101:443 | redirector.gvt1.com | tcp |
| NL | 142.250.27.101:443 | redirector.gvt1.com | udp |
| NL | 172.217.132.38:443 | r1.sn-5hne6nsk.gvt1.com | tcp |
| NL | 172.217.132.38:443 | r1.sn-5hne6nsk.gvt1.com | udp |
| NL | 142.250.102.141:443 | csp.withgoogle.com | tcp |
| NL | 142.250.102.141:443 | csp.withgoogle.com | udp |
| NL | 142.250.102.113:443 | play.google.com | tcp |
| NL | 142.250.102.113:443 | play.google.com | udp |
| NL | 142.250.102.101:443 | play.google.com | tcp |
| NL | 142.250.102.101:443 | play.google.com | udp |
| US | 66.135.26.78:443 | playclassic.games | tcp |
| US | 66.135.26.78:443 | playclassic.games | tcp |
| NL | 142.250.27.147:443 | www.google.com | tcp |
| GB | 18.245.187.4:443 | live.primis.tech | tcp |
| US | 104.22.14.202:443 | storage.ko-fi.com | tcp |
| NL | 142.250.27.147:443 | www.google.com | udp |
| GB | 18.245.187.4:443 | live.primis.tech | udp |
| US | 104.22.15.202:443 | storage.ko-fi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| FR | 157.240.196.17:443 | graph.facebook.com | tcp |
| GB | 54.192.139.162:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| NL | 142.250.102.154:443 | pubads.g.doubleclick.net | tcp |
| NL | 142.250.102.154:443 | pubads.g.doubleclick.net | tcp |
| FR | 157.240.196.17:443 | graph.facebook.com | udp |
| NL | 142.250.102.154:443 | pubads.g.doubleclick.net | udp |
| GB | 18.154.84.43:443 | cdn.intergient.com | tcp |
| GB | 18.154.84.43:443 | cdn.intergient.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 18.165.201.42:443 | video.primis.tech | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 54.192.139.162:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.27.250.142.in-addr.arpa | udp |
| GB | 18.165.201.42:443 | video.primis.tech | udp |
| GB | 18.244.179.14:443 | d11iqv7gybc2be.cloudfront.net | tcp |
| NL | 142.250.27.156:443 | securepubads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| DE | 18.195.11.216:443 | btlr.sharethrough.com | tcp |
| GB | 99.84.9.107:443 | rtb.primis.tech | tcp |
| NL | 142.250.27.156:443 | securepubads.g.doubleclick.net | udp |
| GB | 99.84.9.107:443 | rtb.primis.tech | udp |
| FR | 157.240.196.17:443 | graph.facebook.com | udp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | udp |
| GB | 2.18.109.123:443 | e13136.g.akamaiedge.net | tcp |
| GB | 18.244.140.100:443 | impression-inferences-edge-prod.playwire.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 2.18.109.123:443 | e13136.g.akamaiedge.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| IE | 34.254.23.94:443 | id.crwdcntrl.net | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.81.147.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.23.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | udp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | tcp |
| DE | 3.73.242.72:443 | cd836371f1d.cdn.intergient.com | tcp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| GB | 52.84.90.40:443 | config.aps.amazon-adsystem.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | udp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| IE | 54.73.93.8:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| FR | 185.235.86.226:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.137:443 | gbc4.fr3.eu.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 34.160.46.1:443 | fid.agkn.com | tcp |
| FR | 185.235.86.226:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.137:443 | gbc4.fr3.eu.criteo.com | tcp |
| US | 34.160.46.1:443 | fid.agkn.com | udp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 2.18.108.192:443 | e6603.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 35.214.149.91:443 | user-data-eu.bidswitch.net | tcp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 35.214.184.152:443 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | tcp |
| DE | 52.59.176.203:443 | btlr.sharethrough.com | tcp |
| US | 44.209.52.207:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 76.223.111.18:443 | eu-eb2.3lift.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 54.174.84.253:443 | partners-alb-1113315349.us-east-1.elb.amazonaws.com | tcp |
| GB | 23.46.72.29:443 | cs.media.net | tcp |
| IE | 54.194.165.87:443 | ap.lijit.com | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| NL | 81.17.55.108:443 | ssbsync-global.smartadserver.com | tcp |
| DK | 37.157.2.229:443 | cm.adform.net | tcp |
| DE | 3.70.167.193:443 | match.sharethrough.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 143.198.162.84:443 | hj5ozcalb.puzztake.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.72.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.165.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.167.70.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.84.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.162.198.143.in-addr.arpa | udp |
| NL | 142.250.27.156:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.27.156:443 | securepubads.g.doubleclick.net | tcp |
| GB | 18.154.84.43:443 | cdn.intergient.com | tcp |
| GB | 18.245.187.4:443 | live.primis.tech | tcp |
| GB | 18.165.201.42:443 | video.primis.tech | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 142.250.27.132:443 | 00c73f808cbff2bed2e4566a5cc8aa1b.safeframe.googlesyndication.com | tcp |
| NL | 142.250.27.132:443 | 00c73f808cbff2bed2e4566a5cc8aa1b.safeframe.googlesyndication.com | udp |
| NL | 142.250.102.156:443 | googleads.g.doubleclick.net | udp |
| US | 198.24.167.212:443 | server.cpmstar.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| FR | 178.250.7.10:443 | grid.bidswitch.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 185.89.210.82:443 | ib.anycast.adnxs.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| NL | 142.250.102.149:443 | s0.2mdn.net | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| GB | 216.137.44.70:443 | d20skogma9ce2j.cloudfront.net | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| NL | 142.250.102.149:443 | s0.2mdn.net | tcp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| NL | 142.250.102.149:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.102.250.142.in-addr.arpa | udp |
| NL | 142.250.102.154:443 | googleads.g.doubleclick.net | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| GB | 54.192.137.115:443 | detrlmfafe7oz.cloudfront.net | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 209.85.145.120:443 | csi.gstatic.com | tcp |
| US | 209.85.145.120:443 | csi.gstatic.com | tcp |
| US | 209.85.145.120:443 | csi.gstatic.com | tcp |
| NL | 142.250.102.132:443 | yt3.ggpht.com | tcp |
| US | 209.85.145.120:443 | csi.gstatic.com | tcp |
| NL | 172.217.132.201:443 | rr4.sn-5hnednss.googlevideo.com | tcp |
| NL | 142.250.27.154:443 | www.googletagservices.com | tcp |
| NL | 142.250.102.132:443 | yt3.ggpht.com | udp |
| NL | 142.250.27.154:443 | www.googletagservices.com | udp |
| NL | 172.217.132.201:443 | rr4.sn-5hnednss.googlevideo.com | udp |
| US | 209.85.145.120:443 | csi.gstatic.com | udp |
| NL | 142.250.102.156:443 | ade.googlesyndication.com | udp |
| NL | 142.250.102.154:443 | ade.googlesyndication.com | udp |
| NL | 142.250.102.154:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 154.27.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI39882\ucrtbase.dll
| MD5 | 1268674e0227fba666728f77e9ba01bd |
| SHA1 | bfb0c3b94319d2e524a0b9246b45edbd3f90c3da |
| SHA256 | 6dada6c2ae69c792cfb3e90aac122810052d845ce875364bde885eef4f8fe9c4 |
| SHA512 | 82a7956ebbd491294728ffb07f7d7effac44578bf4fb579449e129fca007271d5c211fe17e195c419c813280f2abe229fdfe805221e0325305e71ea04a361b50 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\python311.dll
| MD5 | 548809b87186356c7ac6421562015915 |
| SHA1 | 8fa683eed7f916302c2eb1a548c12118bea414fa |
| SHA256 | 6c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1 |
| SHA512 | c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
memory/4708-1299-0x00007FF9E8610000-0x00007FF9E8C02000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI39882\base_library.zip
| MD5 | bec1bfd6f5c778536e45ff0208baeeb8 |
| SHA1 | c6d20582764553621880c695406e8028bab8d49e |
| SHA256 | a9d7fa44e1cc77e53f453bf1ca8aba2a9582a842606a4e182c65b88b616b1a17 |
| SHA512 | 1a684f5542693755e8ca1b7b175a11d8a75f6c79e02a20e2d6433b8803884f6910341555170441d2660364596491e5b54469cfd16cb04a3790128450cd2d48fe |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_ctypes.pyd
| MD5 | 2ba320791c95526c2fdb2adf011764bf |
| SHA1 | f80c591acaab83e041d0756e5e7b2f4cb231fc41 |
| SHA256 | 73a7c35c3146990295758152992efb2f012c2066a01878fabdfda7acd42b6565 |
| SHA512 | 25ac02e5177ffd885799262c5dbaa319fe5ba6167b9134377fd321bc3dd37ba487c3167279e0365039f81a6f498d23ebb44f473304a1fc63be36304a6468ce3d |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\python3.DLL
| MD5 | 7e07c63636a01df77cd31cfca9a5c745 |
| SHA1 | 593765bc1729fdca66dd45bbb6ea9fcd882f42a6 |
| SHA256 | db84bc052cfb121fe4db36242ba5f1d2c031b600ef5d8d752cf25b7c02b6bac6 |
| SHA512 | 8c538625be972481c495c7271398993cfe188e2f0a71d38fb51eb18b62467205fe3944def156d0ff09a145670af375d2fc974c6b18313fa275ce6b420decc729 |
memory/4708-1307-0x00007FF9EB980000-0x00007FF9EB9A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libffi-8.dll
| MD5 | 013a0b2653aa0eb6075419217a1ed6bd |
| SHA1 | 1b58ff8e160b29a43397499801cf8ab0344371e7 |
| SHA256 | e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523 |
| SHA512 | 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099 |
memory/4708-1310-0x00007FF9F1FF0000-0x00007FF9F1FFF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_bz2.pyd
| MD5 | 4e37a3e1e62485fbbfb22250b1ec78fa |
| SHA1 | c9c7adf208a2444531fd7508eb306d6f6f9181b2 |
| SHA256 | 393249c5cb97e58251bc11e8aaae88294b6d5e9c94ed28ca0002b1958cb46570 |
| SHA512 | 4b02bde981c77422d5c1230adefe46f70b67a20fbd2da7cc18e8a5dfaa028e110141caf164423b0c60057e6ede32144d000a2d8dd6af6f3f399597555640091b |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\_lzma.pyd
| MD5 | d1347e8f92d3add8eaf2b53294be9438 |
| SHA1 | 3920bb7a621c13be46f53d1d86b3a06d56b4bd27 |
| SHA256 | f88748a9a677df9616ec492a02bae860ce5c5365c0e743d9e5a9fbf9198fc962 |
| SHA512 | b80542f8e61d6ac98efa244144e03c402a0aadfaa898b30a1b3964a0c800f384d7c1a174029c0b46bc697d0d724937c4a2e8e77b88aaf770fafe40b3017c57a3 |
memory/4708-1315-0x00007FF9E9010000-0x00007FF9E903D000-memory.dmp
memory/4708-1314-0x00007FF9EDCC0000-0x00007FF9EDCD9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-console-l1-1-0.dll
| MD5 | dac566c1f660c7f5aaffcdc88eafb95e |
| SHA1 | 6dbd44ab2bf6b32f4ae9391d14bfaefd316bc600 |
| SHA256 | 5f9d789e5231847a10431a29b89ebb2fe18ebe2f2a77c103211fc14c55657b25 |
| SHA512 | e6b73f0041bb016d72282849b25d09b5b9ed5017756759be77ad0bbbf17bce53d7a84f6c6025c0d4b467852b251913987392a2b336269b3182bd4954bbdb766d |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | 22ecf4b0f69958775ea932cc500e947d |
| SHA1 | ef9646a777f43210f89e5fcc351a89dd4def7c0d |
| SHA256 | c6064975ed1d3ff436e6b3cc4779ba9c1a61c5f670b24fcc5264371c73b97bce |
| SHA512 | a516a8b1f35e2b3adb9486f4079ff5cb078f6b7d6cf027122d984b79337aa3d5bc97ea30c6c7ecbbf7898f4a7761e17f214453a32b8da56ac47d72e0ed007fe3 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-debug-l1-1-0.dll
| MD5 | ec59aac4b726124e93cb05fa8bd60e8f |
| SHA1 | f581c104cb14b678ebd4939b567ebdaa3568995a |
| SHA256 | 18d756a725b6d4ad34f6b2886b727a5895d7c65900a6c74b485331e8931fd9ff |
| SHA512 | 5bcb9292e1c4b2e81e11178b813ce5f6bb888f0b69dfdd25c35bca15c60405080bebb5151fad02d62c14bb8e5b5f396ae5b1faefcb83f52fecb59fc546dc23b9 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | e6776d7372de02cddad35b49c15e8f2f |
| SHA1 | cb4da00768a881b6d8353403b22b30a77d14649a |
| SHA256 | 1f1e0577ac1e1c757be525d8e36057a22388519964b1e2d79ffbd3e8fc0d00cf |
| SHA512 | f65fb51639df0804a7b4bfbc70063c5408ab512252f7ef42a5a2646dcda7d63b7f774f6255b961e32d22e91c1ca5ce4a5863db43907d1ccfc2b8a9364adac169 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 759f1a8735f56c795c603578e2ee5b71 |
| SHA1 | 3fd9804e8442622b2c1940753ec082f834d3ca01 |
| SHA256 | bf9770586528c2dededb462cbe627bbfc11e33e87bf9cf8ccf0dcd8ab0eab22c |
| SHA512 | 2904afb9b9ab0d308e15b426b6da5f7d9ae2331f5e05fc9a63b7d124e0a89e493868ac88e338cbf3fbc6883c4147cc00f46a9db0f3f615b3699158db1216026e |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libogg-0.dll
| MD5 | 0d65168162287df89af79bb9be79f65b |
| SHA1 | 3e5af700b8c3e1a558105284ecd21b73b765a6dc |
| SHA256 | 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24 |
| SHA512 | 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 0d3e5fd53351d4c4d717014f596b4e52 |
| SHA1 | 56f4ad1f107cffe564b03e7131ca7702ddbfd71e |
| SHA256 | 6984e9aab9c4f6f4d1f1c9daef72d1e636a4505b39384c3a0c6401a3d0a3cebb |
| SHA512 | 96426d99bb385514d7943be35d9938dd6b4ac459d8dcbcb0566d1f2e3ad4ee28690f33c9dc24c8530aafea336c4b83d7dff70a17f419d7db5f67eeec2fe0800b |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libmodplug-1.dll
| MD5 | 2bb2e7fa60884113f23dcb4fd266c4a6 |
| SHA1 | 36bbd1e8f7ee1747c7007a3c297d429500183d73 |
| SHA256 | 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b |
| SHA512 | 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libjpeg-9.dll
| MD5 | c22b781bb21bffbea478b76ad6ed1a28 |
| SHA1 | 66cc6495ba5e531b0fe22731875250c720262db1 |
| SHA256 | 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd |
| SHA512 | 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\libcrypto-3.dll
| MD5 | 8fed6a2bbb718bb44240a84662c79b53 |
| SHA1 | 2cd169a573922b3a0e35d0f9f252b55638a16bca |
| SHA256 | f8de79a5dd7eeb4b2a053315ab4c719cd48fe90b0533949f94b6a291e6bc70fd |
| SHA512 | 87787593e6a7d0556a4d05f07a276ffdbef551802eb2e4b07104362cb5af0b32bffd911fd9237799e10e0c8685e9e7a7345c3bce2ad966843c269b4c9bd83e03 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\freetype.dll
| MD5 | 04a9825dc286549ee3fa29e2b06ca944 |
| SHA1 | 5bed779bf591752bb7aa9428189ec7f3c1137461 |
| SHA256 | 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde |
| SHA512 | 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\crypto_clipper.json
| MD5 | 8bff94a9573315a9d1820d9bb710d97f |
| SHA1 | e69a43d343794524b771d0a07fd4cb263e5464d5 |
| SHA256 | 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7 |
| SHA512 | d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-time-l1-1-0.dll
| MD5 | f6fb8348e655afb8faec69b9bf941543 |
| SHA1 | 79cfd09bf000e1d113b4654091490001a9e299a5 |
| SHA256 | e16dbb880a89be46e71a7b498ff3758b188d46851db15709a7898f60449d2c21 |
| SHA512 | 858d89d57558366ea1ebd2d353f3bf02ed4e917f873c69ff6ebc7d373acbd1e8b3022dc80a5ed97ab31a90699d102a59cc25f3a720561b1dd43f263a0c9cd432 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 062be32496661a3e652b4411840c43c8 |
| SHA1 | e0793d0cb5c5d9d00dbba1bd17e3545399d13be0 |
| SHA256 | 1c0af055267a9b7492038f7936277e707c04d49570e7d2e54fa2d3787ece664f |
| SHA512 | ebe027ec4bdfcde4d561c70cd08e6017c84cc85edd6755159fc86905b70fa6275ceaeff641d8404bf810bc1384ab1aab8824c0844907fdcb9f531e374a30fef8 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | f2a35575d7fde96c8bb33f9eebe1e5d2 |
| SHA1 | 189b37079444d10084a14467c9838e5e6aacaef8 |
| SHA256 | 44baab81179483a4fbc5371725c3c6d49dc38c5a5853fccd2090efc17178a887 |
| SHA512 | 78465980d9a8ce0022d6b52a6f8b25df4a4e7fcdab7c3bef4d2a0c8d17edb250ede806822442e7c0add07bcc4caae89e2b1cd76119a7ed4e1ad5ba2d45e9d507 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | a409966b786a430fd966642acccca577 |
| SHA1 | 0ae71b5a6eb1b6e2e8a138cd6eae5bcfe4f4debc |
| SHA256 | dd2658bcddb580c7913489a12d2e626061a92a948163bc6a9fdbea6966c5c8f0 |
| SHA512 | 8607487c3ac03b2787cc41fd7f19ccb73aafc1a92eca165df337ad9000a18b95ec6b52d1c0676bfd872290ee15f44db52809180314566762ce8472613b971712 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-process-l1-1-0.dll
| MD5 | ad18909e012a7c4c00b03112a38210f3 |
| SHA1 | ae73109e65eda5e570fdc46fa1823574d3df2aff |
| SHA256 | 29b4b2feb379aa97fa713667b1c2ef1f60342eb29907777f0ddf3508be62b49e |
| SHA512 | bf7a9f7e88e4a0f7eefbb5675880d65a79b35b8769204fd1c66da1a653a16ebcff4d2b4ee951844c5296d2f4cd433ea3c2cfeb2aa4f8ea289ea9c701ed163181 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 43382da342b96fd298f5579f59e19ee1 |
| SHA1 | 9c2e94d38e38b802a032e63ee3de057d0ec5ce99 |
| SHA256 | a8f20d2842b3ac0ef87085e043bbc8fa55c6524825f9b39f7960515630f0f9e5 |
| SHA512 | 3ff1d95e4656bfa0ef4a101a6c0bb5b4dce417f2795966f28db87d6097ec6edc5c2e26af362d886905166abc8b378974d848fe5452cb8440271ba594fa7097d5 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 229559316733b290f8794bf3a6b5cc39 |
| SHA1 | 9a51ac3d4e01af3e6e444f7df54e85b89d6ae896 |
| SHA256 | 2d70ab53298a902d7cd62f3eba9298567b7765db02b587cca97a760513803a21 |
| SHA512 | 25e3eec02bb665f786608f90eae69c6d4b54dd332c54210077d722c4f5fe7dc94f6bf9e15a569c7bb11501fb68315d591c6fe250bc92949c2765263973d597ac |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 08bfd1b200bdb9c85572c8bfceb0c499 |
| SHA1 | 8b42a9fb1e90417df70a25b794cf427e323ee42a |
| SHA256 | 1114ad9f3a0a34b2c215814483ea0d1b70dab9e486b8fc75cf560ac4175d5a72 |
| SHA512 | 6eec64da5b2a82f02edccc1bd7d70c546c9ab772c82946ea1803d41e43809481ed56c581f168b2fb762e22a826173b52f1401a279f82b32fe201bde9e72a02d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 5dd41de64aae686e7e766f2078d287a4 |
| SHA1 | 0583385934fc182d42d8e5ebb07e2ec6b4ba21b7 |
| SHA256 | e4b625697aabfc995a2085a7393963d9547f5492c6603f29383cb39b0d6e6a16 |
| SHA512 | 69806fbaa9f6c28ae1fdd520e92edaf6bb921c1b22111e49a1794fc1c1c9ee9bc64b99f12e8868570b5c4d52c07aface8b4c0d0541d2c6e6b8612c2cac04069c |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | c12491ec89b39f6878179e499e14b428 |
| SHA1 | fba174a1bf48e4853b2748a36b7bb80740dfc685 |
| SHA256 | 15ce011ea8f0eaf4ec7dd67306f14b3d1ce4b2942674108e9880cb7f306eff60 |
| SHA512 | 23145eea6ee96d7534a4be979774366f2ef8b35a52d0afb0f0481b2d95a0e979180771f3bd66e972aea671bcd226e5848a04d9f2a8d419f6c38eba0aed4ce14d |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | bc7de1c7b07e9157b4717c2ec89c99e5 |
| SHA1 | fd9bc3eb1f3432c3084053b411858fc8d0685216 |
| SHA256 | b529d797f5c55158bdd80b1eff6024bcf80ced29f3a27272d1dcca1f998e0af6 |
| SHA512 | 588ddffca22f800f9503a5f133d9ab384dc9893ed50da931317d1ea1ca81e71efa897037aa7e74bddecdede7d1f2481102549d841a50a3dda7f96fd3f9430759 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 310eff908b91acc5f35acaa310c1ac75 |
| SHA1 | 137a7b8bc2aefb3fd64e3bfac13c79255ba3989a |
| SHA256 | c7295e2521a696e4dc47ce9f00b6bf380bf9b85726ebe3475419e80cb94571ec |
| SHA512 | 39f281189c547648e4029749fc75bf1c8013f57a7a8c3115196b6abd5cfbdad4d2b6f2efea3fa1bd20150f72d75bf236d052df2d526dc27b2b1ebf850b3de565 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 1927eb5e2276e6c9c3a738ee8b6cedd3 |
| SHA1 | 7b2ca15ecadf34ac6e439c873cf8d6853f34b408 |
| SHA256 | 672bea99f951983cabb697a3086705a121f668de5b98b3982c9bf25963bb5a41 |
| SHA512 | 005728c4de3d2971478325388d87f1ea2aa79d29a6c30263aebe287e1bc9807c8b5504d10c8522bc3115cde0645331e338e51d19e06d9917cb4294aba930e596 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-util-l1-1-0.dll
| MD5 | 0b032312ed46688ac723fb71c5bc9da5 |
| SHA1 | 57d6a9d6b012a8fb9686a4187d2e6422c7df5a76 |
| SHA256 | 3ea53b2236eb6a920c473121980e071640d04a34af902525f64461e5003bc9ee |
| SHA512 | fc3b5b46c6d1039fecd83f0cb529fbd7041cc923d3ea33978354c32a0c257cccbff5a68530612b70fff01d5bb3719133574b286982cf562f5a79b243fbc9e614 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 8e0be9b6baceb5babc308039618870e5 |
| SHA1 | 515d98afb7d0c17861bc87b83d553d4e80ecf8fb |
| SHA256 | 83ea1b0e636eac733c221a4fff4ab19371d8dacb8e80fa8295d86fe72bd2942c |
| SHA512 | b14755c0192560f3c535895d7013eb39e62f2d17a26747518828bed5a17668932e6ea60d00d9a798298cf3a391c0c48b3de23207a2b64e1e79b6f93fb5a1a249 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 5629243e6a15f7ba4c36c9944bc66210 |
| SHA1 | b9401bc0e393cea75445b6c89be5f19f1fba0899 |
| SHA256 | b38c9e1608ae64b51a774e93752d549f72daa868f88e3f78631f5600543cb825 |
| SHA512 | 659d1a219769e2010b04533a76e60129cffd06cca8e550163b0ab6b9cf76a40478a286325e78856e56ae0025e7d1da971929ae0beed27490ff2ac3b37c8e1a7e |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 0c687747ea311eb5f7ed146b83310410 |
| SHA1 | ed735cc089fc901a7bc45878a35da89d27761f11 |
| SHA256 | a333e073bcf199b7872decd9ea911cbcf4f1b426a400c2ce5e07f0462fddd70a |
| SHA512 | 344028a8656796f8b9e72ebc8b62d7e2fc90c5c791ebe1bf16b94b891dcfe22389e28e40a94d06e173a8a572340d641e2b758280b107429fe9e7895448c9a12f |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 5d71ceae6ada819d4b93687fc2365136 |
| SHA1 | 3ce280308d024ff6cda585b972770e8964cf8d76 |
| SHA256 | fcc4728a8f0c8ec7d36aad45f24b5036a444afd75072137694ab87c76b8347cd |
| SHA512 | d01a03cf82d2b103b656c33ea9821d2997ddc010d756690b6aeb6e122cc4a18cf73dcff63af459ace5b4d04edc42a6a4a9193e1f30cb34dc527faa1027458be1 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-string-l1-1-0.dll
| MD5 | c5ee363f9ad28b1ac097294483443fcd |
| SHA1 | 0eb056c55dae609a5d96d8825c2cbc62402bc409 |
| SHA256 | 23b8515d4d94bbabb77059a2536c2c1241ac261a58ad6192c79cceb1dca38f14 |
| SHA512 | 50112fd26a0760b53790cd5a97c20629cd8c728f45de3742cece07b7efb98973eef79520824c41f99a959610879607c7f9c6993817d3dc28d44c2bf75e8dd362 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 8a5b4ed32eea9ad27bbb7d71424a38e3 |
| SHA1 | a525cf3cb8a7fb6bb9267cc089d0c0b4fee83401 |
| SHA256 | fcede796e1271f2564f4a0ffdf13dc79ba5f5d2fc2093146dae334fd707fa146 |
| SHA512 | b4b8c83ff7b293124f52c351d970d38a59f9209f779cf39935ed191aabbb222c8787c45ae35b0040c81f6475157c9575150a0ea5a91994bff3bbf3f025835178 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-profile-l1-1-0.dll
| MD5 | b33555a6c26229a52068683af95b8763 |
| SHA1 | fdf3a773227f7f966756cd95a5167d883ba5f2be |
| SHA256 | b0d8f37eac0997bb41952bd8dc12d25a3db6013c2146dbcab9ed84b6697eedbc |
| SHA512 | 1bcbb5684815882300c17509853638a69b6f338b46ead3fbde46fea3a04c5ff5caf4bb58f8484478ba76f018c3e386e03e93d1caf4da1204832bd13e27019c50 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 7922c25a9a206110d298eb1adb747dd7 |
| SHA1 | c4431817fbc6d39b6504c121a8775f174f6cb9d3 |
| SHA256 | 0528474ae1b64b2ef0089b87d53d84a36b5792c381ea9459ceda87a29c5abb2a |
| SHA512 | f90f86d6ccd18ddf292115a8a45a22248683460a8b90d371d42d5274f596bd91c4ef4b62531e00ea304cb99b239c6b7bd50d0a39db45e539649ff6622cfaa48c |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 6c68c4fe70361213fe891e1ab01c1272 |
| SHA1 | 8aa952184d263257ca6119c64882c77124425547 |
| SHA256 | d80ecc44b211c19c6021b033085229c6f592c0c091c41eb9c177df833dc0a70f |
| SHA512 | 689dbe9f45bc290081380daccabb3e57e912bc7b750fea272c7cd7ed6e0f0358f89c8e543286e3d55da6501b161df224ee977632944e14abc8827fccdb5f8812 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | a7665679024a45c11cd0e8cb1f8e43fd |
| SHA1 | a161df5ab2c0ec429f715cb319812911a5885518 |
| SHA256 | 17577789eab28202cd1bf06178b9911083849ab0351fe06b46a8c0f58d93c83a |
| SHA512 | e3f5e6ebd0e9f388734b020c3ec25cf167ef626e8c2160d46e65e641c8e82f99117ca738e9b926a0a4feec3f1bbaf8688e89ae788dcdd9aff26ef9bc315205ca |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 73f8a915dde46ee5d0d3f4de394a2182 |
| SHA1 | fecf150be80cdb980949b991314a83d27853a760 |
| SHA256 | 14d30d55506e8a44326d03abc46294abc1511409213196e0dd4ddefccf60bdee |
| SHA512 | b8596eba4e7b8b72a007d7ba55c947538dd4ce0ad1857005ddd9095839ff99a0fa892121f7fad5ed5d33380802038560f8e3b729430a3100901682de2309767c |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 3991a12b40096a59d48a95b54ad1c812 |
| SHA1 | 464da16182fd1053f4633b29e83d9afdfc39f1e1 |
| SHA256 | 2ee4d131e5492a9980efa47ae5a9e1aad3d5bccb062c26d28cb0c9559e973481 |
| SHA512 | 5bfd17e39c4ff999db7f36fe2dd044df346f1ea352098b4e3033c7ff8c382d7f2897c46ad543266d72a29561b984667c8d0dc1d2a163e3fab67bbaf10ae17085 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | b663a5ee87030b06525b95c0ce8efa4a |
| SHA1 | 44dd3d69d6fa37712fdbb04175bbc17c382cac54 |
| SHA256 | 2eebdb5eae5cb88c329b8dacb80e782ba7c789038e8ba8123a47c3a571677776 |
| SHA512 | 1fffabeb721ddcf70978c9628eb559f7d2d581d367fef8bfb225fa51441ab7916b0962805eb4efbf11f503720dbe5759200d1edaa16824afef5b2897a3ffb934 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 7f35b7bde9a9f810ff8a3fe63f86b86f |
| SHA1 | 277fca2f7b45d978891b5612d0d86e2981f78595 |
| SHA256 | fb0600267c2ea0e6436ebf2dc46edb3aee2696e5d2164500fac60d394e21d8fd |
| SHA512 | e53b020f1bc8f3aa825a8980f7c1e9b07bf4a5f7b3fbf9784ede4369b6540af24e0b75550e2742f782684afdb024e2bf4082e730d4f05f2c8bdcb91eedbf6374 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 3ecc10f8bafc46f55d1b61d3fdd6d88e |
| SHA1 | c17b33dabe18459715ccd5dea5fc1c5b47417f25 |
| SHA256 | 65e090598b9c3993ae6b13fc4c44946fa5a19dfb85bc66401a5dabfb5647ca9e |
| SHA512 | bc383a677d72ea408da796399da1be5e8ec2dcbf8d80488ae5852a68ca69923092d0850a9ef389374518c365fde267ffc0647ecc8d493587af698ee3c320ed4c |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 681ed6ef86b6504618ac1cbdc072a16f |
| SHA1 | 5b82157b61bbdbad2eb744c57d4263ac327e7ae0 |
| SHA256 | ca1b62f01363fbe818996592d8564a510f4bbd8e62694c24811633491ea20b3d |
| SHA512 | b31dc6f10e3cca61880559fcb4033ca5311fa7c22157a3e02242dd38ef77592510c3a9c35ba30902bf99122ce3373b212bf56c8a0f8acff420c8acb2ae29129f |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-file-l2-1-0.dll
| MD5 | 17468cdcf52d507d7d1a740323bad663 |
| SHA1 | c647494e52d5dde86bde8d850b1a49cd17024ade |
| SHA256 | ae7f15d92e43bfb351363d149c89a0fad8453e2b2d08fdcb4d224c535a648fa1 |
| SHA512 | fef4616c4fd1521ca500fda0fac947e96a4b89b48c98847b23f42c6e8a34073076a39bcece01f19c546d0a734a9b688948fc34d425fd1ef36dffc378335881ae |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-file-l1-2-0.dll
| MD5 | 5e2a9b9d83d943c4af82b6dc829bfe97 |
| SHA1 | 22654769e7c79f1aa0e96a4c16dcb9ef865737aa |
| SHA256 | 902ffc6e350772803ac35568364005c09be5c5e5d3f18038e46e9316aed217ef |
| SHA512 | d4a018aed49c84706038e118058832fe26d2727445bd6f4798ba9548f8afc5e746bde7a7329b0be5ddd106707983783932e7351b101cb729070b68c91c660ac0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-file-l1-1-0.dll
| MD5 | 7c2172d7a4a5373f848d37b0b3892594 |
| SHA1 | fad88dc4d478eaf5088693ba602bcb2bbdf63f58 |
| SHA256 | a332bba4c788c15461c7d702a308546d8eed41a1f997e0bb784719a935be3997 |
| SHA512 | 8aec4073068cc4debf801497999b4cccf2f540885c10ce15468c379206380fe34a5fd5be9b556ad9c118ce9762d9a61651bb05d3c4820fa209f75b5bb5b4124b |
C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 6dda0dadb8ab57e1dcfff4f91dcc629e |
| SHA1 | 71603109a25e46dbc02180878a8d9ecc187dfadd |
| SHA256 | 0e3f2cc438cfe4e8a7ccacb2ff2e2b8f4a8db4f2ef4633bb70fec72bb122d90a |
| SHA512 | 21a8bc4b95e1a425d911f78ab49deafcc48a8c6a5a08a38f42431d1291aba6b55f81d7cc0160f2603b8b3ff38b3f24103c11064c786fdaede6556f5ea6476ef0 |
memory/4708-1363-0x00007FF9E80E0000-0x00007FF9E8609000-memory.dmp
memory/4708-1362-0x00007FF9EB960000-0x00007FF9EB974000-memory.dmp
memory/4708-1365-0x00007FF9E8F80000-0x00007FF9E8F8D000-memory.dmp
memory/4708-1364-0x00007FF9E8E90000-0x00007FF9E8EA9000-memory.dmp
memory/4708-1366-0x00007FF9E8E50000-0x00007FF9E8E83000-memory.dmp
memory/4708-1367-0x00007FF9E7DE0000-0x00007FF9E7EAD000-memory.dmp
memory/4708-1368-0x00007FF9E8E40000-0x00007FF9E8E4D000-memory.dmp
memory/4708-1372-0x00007FF9E5220000-0x00007FF9E533C000-memory.dmp
memory/4708-1371-0x00007FF9E8D60000-0x00007FF9E8D86000-memory.dmp
memory/4708-1370-0x00007FF9E8D90000-0x00007FF9E8D9B000-memory.dmp
memory/4708-1369-0x00007FF9E8610000-0x00007FF9E8C02000-memory.dmp
memory/4708-1373-0x00007FF9E8D20000-0x00007FF9E8D58000-memory.dmp
memory/4708-1378-0x00007FF9E80C0000-0x00007FF9E80CB000-memory.dmp
memory/4708-1377-0x00007FF9E80D0000-0x00007FF9E80DC000-memory.dmp
memory/4708-1376-0x00007FF9E8D00000-0x00007FF9E8D0B000-memory.dmp
memory/4708-1375-0x00007FF9E8D10000-0x00007FF9E8D1B000-memory.dmp
memory/4708-1374-0x00007FF9EB980000-0x00007FF9EB9A4000-memory.dmp
memory/4708-1379-0x00007FF9E80B0000-0x00007FF9E80BC000-memory.dmp
memory/4708-1383-0x00007FF9EB960000-0x00007FF9EB974000-memory.dmp
memory/4708-1394-0x00007FF9E5200000-0x00007FF9E5212000-memory.dmp
memory/4708-1393-0x00007FF9E8E90000-0x00007FF9E8EA9000-memory.dmp
memory/4708-1392-0x00007FF9E7DC0000-0x00007FF9E7DCE000-memory.dmp
memory/4708-1391-0x00007FF9E70A0000-0x00007FF9E70AD000-memory.dmp
memory/4708-1390-0x00007FF9E7D70000-0x00007FF9E7D7C000-memory.dmp
memory/4708-1389-0x00007FF9E7D80000-0x00007FF9E7D8C000-memory.dmp
memory/4708-1388-0x00007FF9E7D90000-0x00007FF9E7D9B000-memory.dmp
memory/4708-1387-0x00007FF9E7DA0000-0x00007FF9E7DAB000-memory.dmp
memory/4708-1386-0x00007FF9E7DB0000-0x00007FF9E7DBC000-memory.dmp
memory/4708-1385-0x00007FF9E7DD0000-0x00007FF9E7DDC000-memory.dmp
memory/4708-1384-0x00007FF9E80E0000-0x00007FF9E8609000-memory.dmp
memory/4708-1382-0x00007FF9E7F30000-0x00007FF9E7F3C000-memory.dmp
memory/4708-1381-0x00007FF9E80A0000-0x00007FF9E80AB000-memory.dmp
memory/4708-1380-0x00007FF9E9010000-0x00007FF9E903D000-memory.dmp
memory/4708-1396-0x00007FF9E7090000-0x00007FF9E709C000-memory.dmp
memory/4708-1395-0x00007FF9E7DE0000-0x00007FF9E7EAD000-memory.dmp
memory/4708-1398-0x00007FF9E51C0000-0x00007FF9E51D2000-memory.dmp
memory/4708-1397-0x00007FF9E51E0000-0x00007FF9E51F5000-memory.dmp
memory/4708-1400-0x00007FF9E51A0000-0x00007FF9E51B4000-memory.dmp
memory/4708-1399-0x00007FF9E8D20000-0x00007FF9E8D58000-memory.dmp
memory/4708-1401-0x00007FF9E5170000-0x00007FF9E5192000-memory.dmp
memory/4708-1405-0x00007FF9E50E0000-0x00007FF9E512D000-memory.dmp
memory/4708-1404-0x00007FF9E5130000-0x00007FF9E5149000-memory.dmp
memory/4708-1403-0x00007FF9E5150000-0x00007FF9E5167000-memory.dmp
memory/4708-1402-0x00007FF9E80B0000-0x00007FF9E80BC000-memory.dmp
memory/4708-1406-0x00007FF9E50C0000-0x00007FF9E50D1000-memory.dmp
memory/4708-1407-0x00007FF9E5090000-0x00007FF9E50AE000-memory.dmp
memory/4708-1408-0x00007FF9E5030000-0x00007FF9E508D000-memory.dmp
memory/4708-1413-0x00007FF9E4E10000-0x00007FF9E4F8E000-memory.dmp
memory/4708-1412-0x00007FF9E4F90000-0x00007FF9E4FB3000-memory.dmp
memory/4708-1411-0x00007FF9E4FD0000-0x00007FF9E4FFE000-memory.dmp
memory/4708-1410-0x00007FF9E5000000-0x00007FF9E5029000-memory.dmp
memory/4708-1409-0x00007FF9E5200000-0x00007FF9E5212000-memory.dmp
memory/4708-1414-0x00007FF9E51E0000-0x00007FF9E51F5000-memory.dmp
memory/4708-1415-0x00007FF9E4DF0000-0x00007FF9E4E08000-memory.dmp
memory/4708-1419-0x00007FF9E4D70000-0x00007FF9E4D7C000-memory.dmp
memory/4708-1418-0x00007FF9E51C0000-0x00007FF9E51D2000-memory.dmp
memory/4708-1417-0x00007FF9E4D80000-0x00007FF9E4D8B000-memory.dmp
memory/4708-1416-0x00007FF9E4D90000-0x00007FF9E4D9B000-memory.dmp
memory/4708-1425-0x00007FF9E4D20000-0x00007FF9E4D2C000-memory.dmp
memory/4708-1424-0x00007FF9E5170000-0x00007FF9E5192000-memory.dmp
memory/4708-1423-0x00007FF9E4D30000-0x00007FF9E4D3C000-memory.dmp
memory/4708-1422-0x00007FF9E4D40000-0x00007FF9E4D4B000-memory.dmp
memory/4708-1421-0x00007FF9E4D50000-0x00007FF9E4D5C000-memory.dmp
memory/4708-1420-0x00007FF9E4D60000-0x00007FF9E4D6B000-memory.dmp
memory/4708-1434-0x00007FF9E15B0000-0x00007FF9E15BD000-memory.dmp
memory/4708-1433-0x00007FF9E39C0000-0x00007FF9E39CC000-memory.dmp
memory/4708-1432-0x00007FF9E39D0000-0x00007FF9E39DC000-memory.dmp
memory/4708-1431-0x00007FF9E39E0000-0x00007FF9E39EB000-memory.dmp
memory/4708-1430-0x00007FF9E39F0000-0x00007FF9E39FB000-memory.dmp
memory/4708-1429-0x00007FF9E4D00000-0x00007FF9E4D0C000-memory.dmp
memory/4708-1428-0x00007FF9E4D10000-0x00007FF9E4D1E000-memory.dmp
memory/4708-1427-0x00007FF9E50E0000-0x00007FF9E512D000-memory.dmp
memory/4708-1426-0x00007FF9E5150000-0x00007FF9E5167000-memory.dmp
memory/4708-1436-0x00007FF9E5030000-0x00007FF9E508D000-memory.dmp
memory/4708-1438-0x00007FF9E4E10000-0x00007FF9E4F8E000-memory.dmp
memory/4708-1437-0x00007FF9E1580000-0x00007FF9E158C000-memory.dmp
memory/4708-1435-0x00007FF9E1590000-0x00007FF9E15A2000-memory.dmp
memory/4708-1441-0x00007FF9E1540000-0x00007FF9E1576000-memory.dmp
memory/4708-1440-0x00007FF9E4DF0000-0x00007FF9E4E08000-memory.dmp
memory/4708-1439-0x00007FF9E4F90000-0x00007FF9E4FB3000-memory.dmp
memory/4708-1442-0x00007FF9E1480000-0x00007FF9E153C000-memory.dmp
memory/4708-1443-0x00007FF9E1450000-0x00007FF9E147B000-memory.dmp
memory/4708-1444-0x00007FF9D6FE0000-0x00007FF9D72BF000-memory.dmp
memory/4708-1445-0x00007FF9D4EE0000-0x00007FF9D6FD3000-memory.dmp
memory/4708-1447-0x00007FF9E1400000-0x00007FF9E1421000-memory.dmp
memory/4708-1446-0x00007FF9E1430000-0x00007FF9E1447000-memory.dmp
memory/4708-1448-0x00007FF9E13D0000-0x00007FF9E13F2000-memory.dmp
memory/4708-1449-0x00007FF9DCE80000-0x00007FF9DCF1C000-memory.dmp
memory/4708-1450-0x00007FF9DE190000-0x00007FF9DE1C0000-memory.dmp
memory/4708-1451-0x00007FF9DCFC0000-0x00007FF9DCFD9000-memory.dmp
memory/4708-1452-0x00007FF9DCFA0000-0x00007FF9DCFBD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_peo5e54b.qed.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4708-1508-0x00007FF9E50E0000-0x00007FF9E512D000-memory.dmp
memory/4708-1509-0x00007FF9E50C0000-0x00007FF9E50D1000-memory.dmp
memory/4708-1507-0x00007FF9E5130000-0x00007FF9E5149000-memory.dmp
memory/4708-1506-0x00007FF9E5150000-0x00007FF9E5167000-memory.dmp
memory/4708-1505-0x00007FF9E5170000-0x00007FF9E5192000-memory.dmp
memory/4708-1504-0x00007FF9E51A0000-0x00007FF9E51B4000-memory.dmp
memory/4708-1503-0x00007FF9E51C0000-0x00007FF9E51D2000-memory.dmp
memory/4708-1502-0x00007FF9E51E0000-0x00007FF9E51F5000-memory.dmp
memory/4708-1501-0x00007FF9E8D20000-0x00007FF9E8D58000-memory.dmp
memory/4708-1500-0x00007FF9E5220000-0x00007FF9E533C000-memory.dmp
memory/4708-1499-0x00007FF9E8D60000-0x00007FF9E8D86000-memory.dmp
memory/4708-1498-0x00007FF9E8D90000-0x00007FF9E8D9B000-memory.dmp
memory/4708-1497-0x00007FF9E8E40000-0x00007FF9E8E4D000-memory.dmp
memory/4708-1492-0x00007FF9E80E0000-0x00007FF9E8609000-memory.dmp
memory/4708-1496-0x00007FF9E7DE0000-0x00007FF9E7EAD000-memory.dmp
memory/4708-1486-0x00007FF9E8610000-0x00007FF9E8C02000-memory.dmp
memory/4800-3933-0x00007FF9E8A40000-0x00007FF9E8B0D000-memory.dmp
memory/4800-3962-0x00007FF9E7DD0000-0x00007FF9E7E1D000-memory.dmp
memory/4800-3961-0x00007FF9E7E20000-0x00007FF9E7E39000-memory.dmp
memory/4800-3960-0x00007FF9E7E40000-0x00007FF9E7E57000-memory.dmp
memory/4800-3959-0x00007FF9E7E60000-0x00007FF9E7E82000-memory.dmp
memory/4800-3958-0x00007FF9E7E90000-0x00007FF9E7EA4000-memory.dmp
memory/4800-3957-0x00007FF9E80B0000-0x00007FF9E80C2000-memory.dmp
memory/4800-3956-0x00007FF9E80D0000-0x00007FF9E80E5000-memory.dmp
memory/4800-3955-0x00007FF9E89F0000-0x00007FF9E89FC000-memory.dmp
memory/4800-3954-0x00007FF9E8A00000-0x00007FF9E8A12000-memory.dmp
memory/4800-3953-0x00007FF9E8A20000-0x00007FF9E8A2D000-memory.dmp
memory/4800-3952-0x00007FF9E8A30000-0x00007FF9E8A3C000-memory.dmp
memory/4800-3951-0x00007FF9E8D00000-0x00007FF9E8D0C000-memory.dmp
memory/4800-3950-0x00007FF9E8D10000-0x00007FF9E8D1B000-memory.dmp
memory/4800-3949-0x00007FF9E8D20000-0x00007FF9E8D2B000-memory.dmp
memory/4800-3948-0x00007FF9E8D30000-0x00007FF9E8D3C000-memory.dmp
memory/4800-3947-0x00007FF9E8D40000-0x00007FF9E8D4E000-memory.dmp
memory/4800-3946-0x00007FF9E8D50000-0x00007FF9E8D5C000-memory.dmp
memory/4800-3945-0x00007FF9E8D60000-0x00007FF9E8D6C000-memory.dmp
memory/4800-3944-0x00007FF9E8D70000-0x00007FF9E8D7B000-memory.dmp
memory/4800-3943-0x00007FF9E8D80000-0x00007FF9E8D8C000-memory.dmp
memory/4800-3942-0x00007FF9E8D90000-0x00007FF9E8D9B000-memory.dmp
memory/4800-3941-0x00007FF9E8F80000-0x00007FF9E8F8C000-memory.dmp
memory/4800-3940-0x00007FF9E9010000-0x00007FF9E901B000-memory.dmp
memory/4800-3939-0x00007FF9E9020000-0x00007FF9E902B000-memory.dmp
memory/4800-3938-0x00007FF9E8E40000-0x00007FF9E8E78000-memory.dmp
memory/4800-3937-0x00007FF9E80F0000-0x00007FF9E820C000-memory.dmp
memory/4800-3936-0x00007FF9E8E80000-0x00007FF9E8EA6000-memory.dmp
memory/4800-3935-0x00007FF9E9030000-0x00007FF9E903B000-memory.dmp
memory/4800-3934-0x00007FF9EB960000-0x00007FF9EB96D000-memory.dmp
memory/4800-3929-0x00007FF9E4E10000-0x00007FF9E5339000-memory.dmp
memory/4800-3923-0x00007FF9E8210000-0x00007FF9E8802000-memory.dmp
memory/4800-3932-0x00007FF9EB970000-0x00007FF9EB9A3000-memory.dmp
memory/4800-3931-0x00007FF9EBA40000-0x00007FF9EBA4D000-memory.dmp
memory/4800-3930-0x00007FF9EBA50000-0x00007FF9EBA69000-memory.dmp
memory/4800-3928-0x00007FF9EBA70000-0x00007FF9EBA84000-memory.dmp
memory/4800-3927-0x00007FF9EBA90000-0x00007FF9EBABD000-memory.dmp
memory/4800-3926-0x00007FF9EDCC0000-0x00007FF9EDCD9000-memory.dmp
memory/4800-3925-0x00007FF9F1FF0000-0x00007FF9F1FFF000-memory.dmp
memory/4800-3924-0x00007FF9EBAC0000-0x00007FF9EBAE4000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P3RJMKM0\www.bing[1].xml
| MD5 | d7ef3f76748febb1518010074ffc62b7 |
| SHA1 | 4372ac3e182a97b69b214e22665de390cf01c811 |
| SHA256 | b30dbe25dcf98777e2470cf8ab6afb6dcc3851742b26e9d9d98a9d25905fa917 |
| SHA512 | 7d60f680ea27b9b16805f627a584fcfaa8989227787a069870fef1d1c00d03d6cce0a35ba12e03b30a3f4be49b5c7b61c8d660daf495e8a8ca352b16a16a75fd |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P3RJMKM0\www.bing[1].xml
| MD5 | 19f515e4b519e41a37524f9221272884 |
| SHA1 | 6c775969aa91860b07d0a7b37b40d99fc7b01aa2 |
| SHA256 | 59653bf58370d4935d8a21b2a9a8003ad3dd1dcd12fbf298687df39f8320db81 |
| SHA512 | 81a61dac36bc47b65a0b93fd0c33232b40e4224101fc9e827b838a53a077bad5d3e61b63f49662cc68a299ca1b7308de553912694ab053335f5e5d3bcdc1f9a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9efc5ba989271670c86d3d3dd581b39 |
| SHA1 | 3ad714bcf6bac85e368b8ba379540698d038084f |
| SHA256 | c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3 |
| SHA512 | c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 302c3de891ef3a75b81a269db4e1cf22 |
| SHA1 | 5401eb5166da78256771e8e0281ca2d1f471c76f |
| SHA256 | 1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58 |
| SHA512 | da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b441ed279ec2993c7f6b8234c7a431a |
| SHA1 | 6a40a86b33f242a0d8ce2ddabeb549de5d296ceb |
| SHA256 | e8af9dcfc79ef3fc36c60bdec1ff409d0ca07774e0e6749e2ce134fa38c96612 |
| SHA512 | 96baa79a9167b95e10271d9ffa3ca510f87964424d603fc0b1aec7f02c1191cb825c301975c6a2fdee904ef8a5af84fbeb71de4eb3df892b8f2445c85e74f659 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\Q5FG062S\trans[2].gif
| MD5 | 325472601571f31e1bf00674c368d335 |
| SHA1 | 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a |
| SHA256 | b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b |
| SHA512 | 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0849557bc9126ef2a3f1103f2774f8f7 |
| SHA1 | c4a2e7768e2e78b19df74fb9a2f4f83444afe67c |
| SHA256 | 04195963c8dfb2b18ac8115f872a5a771f127a2a083e2cfd08fa5fac3d14d216 |
| SHA512 | 9e61a6934983443e09959e3e11bacd999b66daf922d857fd7db63ac9d345596a9379012752409714df2ee6f291a99a046a47461c55ac9ee6f41bbf9ecd49500d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\1c007f16-b1eb-41bc-922a-72d8e7343077
| MD5 | 4998558eeb78fd97dd9d868738d70ff3 |
| SHA1 | a78264dedb61a734aa360ca56f237999ebe87519 |
| SHA256 | 60768dd198578a9857263c0cff01ce2eb3084dcc69b10f62e6945ccfed518a4c |
| SHA512 | 825148c33c69b2d233a93a0930c7231e300e778bbcf159d645d2499b43d4b9d69dd26101b64ffef51af745e7856f42a13f6ce0233cf169f8bbb03a0ca5ff27ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\14300f16-e3fb-4745-a406-1746ec3447f8
| MD5 | 782634bd7aa4d335b5b725d22872bf04 |
| SHA1 | 10b242ac105aef94131eb1343c77f28d323d4a51 |
| SHA256 | 991ea6a19652aa49957338a2ff25dff80dea410ee13f22449a3969216f38c3f0 |
| SHA512 | 6e53fca627b5e9683fdba2346148a328ef0ae4cec2bd39318e607deeb9c37e74e3e66db2e65b6679a676bc2bb0065a749fc74f4bd34e3b7f121c4464bcc87e2e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 83417064b4a80aa68914fefa3a55dc7e |
| SHA1 | b52fbefb0d9af92489ef12352c852dfc74e2aed4 |
| SHA256 | 2477ef4727ece23194f60724a6339ccbaf48274a3ccf299f325c570e0d6ebca3 |
| SHA512 | 1f4b77b82bc9e3d573d177ec1f1c8f87c6c915468ff8960682cc9d95081c164a9aca00a650154e5db255f0e1386466af06d32e0a4748b3c37cfc7bfddac2bfab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 41a2b4ab925686af5aa42c43b704a7f2 |
| SHA1 | 354c955633b26cb8e96c0103587dbf018ddd0526 |
| SHA256 | 5dca873c466c5440298c358dd4b8265711a532974b91c0048b49a60e97cee6c8 |
| SHA512 | a9e8c4da7279465f9d488db274ca67eafb6c9437c6bc78bb287557c485aa79e5652fce9630fe3ecd25261c288d7ba22103385f77ecbc6c8d090c33b3ab952502 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P3RJMKM0\www.bing[1].xml
| MD5 | 37ccafed49012b6139ceff9c72d185e8 |
| SHA1 | 26fa9cf01364f062c1c06194df6ba662bb87dbeb |
| SHA256 | 33674f9ddd8b86fe13a5a6a11b4d11dc5e3a82230c7e82af0c65f5bb74c07b12 |
| SHA512 | 76e0a52ca97ecb1f6cd936f531e0b023dc6f64c782b06f168df18d1134a13e3fc2cee56c13ee44e44a1e243f48b1df151c6cc5552f9311a35dc79d2883ae5d36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js
| MD5 | 7fada09335cfed9af4d0da61f48f8736 |
| SHA1 | 58b8910ef85825a77c5cbc298958dbdc04de01d3 |
| SHA256 | 857876d92ec3f01cc87ef95b5309f7cce28c9896679e9c74ef63f2eaf19ef306 |
| SHA512 | a69e11978dd09b3e23c28d70c77674aafbf3121991fc0877425ff81f268c0af1acb44ce1d5d81e376e5825b9a31a488fc0b5053c2964eab7c4c2086cbbb9e63d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js
| MD5 | 4e38c59ae4e3e093fc1fa35130800078 |
| SHA1 | 7551205ca3a0ea0689fbb579f2b896f5d798d0e6 |
| SHA256 | a88ef379fac146e3d1d18865da58cb146474f3ad3d582a60a3d0ede70fc9d2f3 |
| SHA512 | 608c62de3b777768f480f5874edc9d0c2993bf27db349ece994f58b2bdf68a85abca5997caa33c4f4e5ccf17228cada10e6b8da0e46dceb76eac332972460d46 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js
| MD5 | d15f007ac40dc54125d63bdbfddce728 |
| SHA1 | 6708238673eda15f61acd091a5cbd3a2eeec7763 |
| SHA256 | 4f38d6498b8178fba98e9a5de798563f7a139641ab0e367907bbfb5db7cd157b |
| SHA512 | 02d28573c362d1f4a059366290353265f7382b452b7fd74742c8572233c20fe6bd7dd59a80b6ea5b347b8cca2a9b7061556a3722f61abef6434280f0963abf14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8bd98abc9ea1431866f6356d77302b3b |
| SHA1 | bcd3113246c80184f33fe60e3d34e69d7124e9c6 |
| SHA256 | 9fd8f2f195a4b8953c42dbb35b48e0fd81c002d7df10b263abccf02fb36f3284 |
| SHA512 | 3a63697a8c4e22edb6253031da54eb468289740b1dfa6ba8f9f21c668678a45cecd16f54bc745cc115f8397eb5c6c03d6e05cfc301d9e851ac6aec31345a5d61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45e16dee550295242dff7fab9d96d6e6 |
| SHA1 | 21bcc61d4ebc22c8f4bc47057ae9a34eb2f2d03a |
| SHA256 | ee82bd23795e786f3443e284cd9d6ada0ed2f093776de15ef63608e28b61c2b4 |
| SHA512 | 87e80676cd6416513074496a9d95ab5182033bc560a5365863f3335ab9f08a791110f0c45a00d134dbda7ab6b1d7b6827663e345b767d8e7fbde4e8bea1ac67b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a3483a5b2b28f820ac8a407a7d85f12d |
| SHA1 | 32f5063bb75ce0adbb21710d50f4ee5c5bafcc81 |
| SHA256 | b5af1af959b0e853af52fe89a87f0484ec6f8a517f369758c907282c40ab4f16 |
| SHA512 | 66230b675869278445f42278a84e4c39db356541d58f307ad7504493174a82edbd148a15660b1ad22e458ceef6eab48339ad151f48e97e0b41101e23aea528c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc0e67e89441d1d643e7bfc8c4dd7a51 |
| SHA1 | c6fa0d30ab77e245ed7b426fc16557a4093c42fc |
| SHA256 | 5bb71bf75290222bb6b5db5222ca2c01961a990d186ddce3b4f9f440b4d3aba1 |
| SHA512 | 95aa5ef74604907c059fac5e6f999b0bba8e905bb013e0bee81f20307ddab3799dff34af17a22fd7ae124d5aa9fd61e742aeeb2c620b4c34ce4beab87cdd3be6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bc0478d3f4160bc996942e64936ef89 |
| SHA1 | 39814c321f7d0b9b1787efb5edf880eb63a90b6d |
| SHA256 | 51bd9f5b684e4d1a5d0e1b80f161b833d45f76f451087e862361738ad3d518f4 |
| SHA512 | e986dd95184d29aaac71da53fc7636c92d02e7035a592588a290c80ac3b6a52df4ec4a7318eb9f6a0bfb3079ff853d65ed4462fa651e5d34ddd486fde58d9397 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin
| MD5 | 7d3a74ccb1710aa1314c1fd4c3e87f21 |
| SHA1 | ad0d82a513a2a1c174fa9d6220790158c8109d60 |
| SHA256 | e7a47d0d4523d4d75d2c762b9f2bc4248e2c5da0360b092c64c055c3625c005d |
| SHA512 | 3edec055c9a4189208831d4f16fe03b5061ac82c74b98c8efa5bdf1ba19ca5815d83e21f546a33b3a1bf185491e3b774421fd7ad4d0654138023cdd8a3036a2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f25e1ee9552690393ac76c748ad7a12d |
| SHA1 | 68143535bd7e9dc761ade7b7c204b71afc15739c |
| SHA256 | b96f0ced2ab61602a640f168f4b9e8682fbbe5e3fbec1cb3e67955da85aa63a2 |
| SHA512 | e8b7dcb75d8ac2460a41b5725996303ad826e7e6847e921fc378c4627a5bdbb8cb2d8da054fd3c57d8566da71bbb3271c71cb16eb55662c175f29742304f6543 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 167b612497d605027da5a1ef827019f3 |
| SHA1 | 30ff7ceeab9e1bbdc885026842c8d9853183a505 |
| SHA256 | 3cd26f782f251d118fa4e86516ffdffe60a9e68df07233af31e2d27cbdc24a54 |
| SHA512 | e93544246df2e3475a37b4e4c7af3b889015e594ee0940a6d439ce9a60a216d1d07bc784ad6b45f85b467cd0884f68beb0e1ccbdeb20711a5f7f66e158f1b262 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js
| MD5 | eac96ff465631c98a3454fa4e35be89b |
| SHA1 | eed2a43a9458e794e37bb013430637ea96efbadb |
| SHA256 | 7031aa2a88b5034eba0fc43f9014ed0f8772944bf564fbffae80283440303ffd |
| SHA512 | ed55db48c6154bd4867912e23f59190b2149b75882d5ce54778244b5acc30db903725ad1414cae5d1e855d9236171f554e5b8288344c762dd9c55f3fc320526b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5ba9c45df870b41410a4c698096cf890 |
| SHA1 | 3ae537893334136c61269a89ee71d32be4174fe1 |
| SHA256 | 9d1fda752548fac32c15ca8268b95fcea3355a6969a9fee07ff9e877bb14435a |
| SHA512 | 293a4e96be721b9f7551a700cbf02345f15790b7bef41e861a564455f55070004ccea1a5fb67253cc29168be150e9d768422b622d35e5658f49743a713af6ffe |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e9480665c80bad074f89422b07372490 |
| SHA1 | 33fe052f8da1fa3173399640d3ab3bcc4e9350ce |
| SHA256 | ec483694bec7094ecd3d281a27560d67869796884e864ef014fadb804f106f4d |
| SHA512 | beb722574dc81de6288f545ac61d6db5ae58a84cbf170f37dc410d7079545163b090a0ed920dc9cb85f016de7c022b2bea0e8f307b8c098fb1623217b2969b58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 223b7f4d65ac8b49a23ad4d27f73b95f |
| SHA1 | 7a334c45f57fbabab9d6b3955a6eef66f15f8948 |
| SHA256 | cf89df377765f0e9c4cfa3ea129410a718a51ee41a4dd1016bff06b9c6a2be60 |
| SHA512 | 7770a672fbe26b1a82834e3d5ad36e41ffe6744a54125746c522ae6dbb75c4af5f1486e205515a57ccf914a9d1524a352fd257b1544d71004c99363630e179da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19
| MD5 | 1a9f2b7c3b5f2c5a140f11a4d2017740 |
| SHA1 | acb6ed92e0e687442fb6d55e98f6d3da4c16050b |
| SHA256 | 5934cf91fa168d19365c55f1a50aa5b1611f76a87b96cd3b59d5c28d8387b082 |
| SHA512 | 77ec0005d46b3a9f30c4a76dcac362e3459a7b667eace609e631b84e269e9b31055104c6382170f4a4cde48b6cbb7ea1ebb30785b586cb138bfe5e8a74c920fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a150137aae9522967d2f62c794ab5d4f |
| SHA1 | 4c2a1dba22a569dc7804bdb886e031e70960e08a |
| SHA256 | 8839c7379755c0859121d8df28c97c336eb01edeaf23b3fa20839144af6a4d9f |
| SHA512 | 1dc2dd68bcc63e5aec8cc6573de1c95bd1e7814c995c49305e9a6ec1a585a2b64ce132592bfadcb8adbacc8b6daa87bf30fdef58a12024f3f94b70770b9bcdc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f3b45c43b844adf48cb398819aa29c8 |
| SHA1 | 8bdaada4f81f360bab3ab65349655193be79129e |
| SHA256 | 2ffe0e468b1ab3c2e912aeb18db3a833b0ac1efd3a7cafed48727dbc8b16bf70 |
| SHA512 | 59f5b0a4422d72be85f8d2e52bdc3048d6113856cfc2e512b721d20fb5c55d0f3e04141126225b75a2e7bfbf2498857fb9a039e843f73877ca1fb5db460db5e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | db39e42349bb1eef473d8e846808a616 |
| SHA1 | bc82a937545938d32b36c2e1a7ca03666707bccf |
| SHA256 | 088d283b591836f8b591708bb15a8994f595343734354e833160c950b8b7a935 |
| SHA512 | e6fde009fcdeb4a08514cde31796dbaa188a94fb408861889cd9faf0ae42f45d390a536faa45e7caa22b0763561868147f9308bfa224399d9c7994a8c71333e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5af3380cadcf610f7cb6c0450a4bb12b |
| SHA1 | d0b730b63fe0557d34f8f10b49923cf42b24be50 |
| SHA256 | b93902c17af8f3c09c70f1e367247290fc43c4986165f3e404d8b79a69d0649c |
| SHA512 | 4b88ab0dc6184f158dfc808a7a337c989955a97628e2fce476c4b549c4ba0ee59dc20e3e77bbba0845b75cc5b742e0134b8005ff73822786227ac180f265d33d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\AF01FDA5AD9AF7E2CA8284AFE502D6D83BBD4423
| MD5 | e07330a7dd557d9f115a822087e05de1 |
| SHA1 | 1773668604675a1ccac3957b4f84bd69283ee0df |
| SHA256 | de306a7461de8774b2e215e1204993a4e6cdd72d232eec5b26e919489120d676 |
| SHA512 | 83f5ccbe8184bc7cea8514c8996b66aeaeae97beb4a61f8997c465b5f730a457c3a67a912d955ef30ee00a5edbd89a40c1461dc4942505578db65681ab6de544 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\43993BC30981A64A702FA26B68ACF037309F2A6A
| MD5 | 42d41bb2f5f9daabf72c4ac159750440 |
| SHA1 | c0a9c255f7ddf6ea66327b196b33ad1425bc6a4e |
| SHA256 | 763e5113e5d38a62b0f6afe5a775e8a9fb2dce9bb5ce1f86e19a164489f6d4b3 |
| SHA512 | 48160726bdc93d819bc0e974a1280e25ce78439d85033a48ad1d24afc0f4b03f4a3aa25611be92990512636391f8a7808089e9ba0143f39abe57840a9275315c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\6A4C1BCC50629D17B7823B73CD8B2F23B86F00B4
| MD5 | 67d29b3ca5b0970b76a3e8797a5e9824 |
| SHA1 | 8cfaf27bf3808b9d158b2e9881277e23c07c7ddb |
| SHA256 | 390e6b25a4d68bf8472288915ae0e64d3e5edd8b11eab8e9865756c30f41bb87 |
| SHA512 | 9c13813487a5e92b28b6815145c76198972ab18e16f84432bf0563b10493d1c23e4c4ffce2e1e317f166d4b20537b237d2da24b5d855c6ad2226ec2d1498e435 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\581B18B4C79478759A7832C2496673BAF0EF315D
| MD5 | 153ba5b1e5b6ccae734715fd3a1b309a |
| SHA1 | 33fbf22682eaf94b08351614dbb6bad3dc9d81e3 |
| SHA256 | a5423f8c42bb7e0ae212029b7befe44bbcbe5084f51c9dd01e624248e9e51bde |
| SHA512 | 1f0c6cdad01b8eb9d94bb0092a0771e3b37ef2b36b2db2837904fce0003f0837b5cbd0b2a1d9c010146cc7b9663d7737079f6acdc3d3aa6738e7be1e8d5e9601 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\41197BDCD07FADDFAFB2BE060D7323B81DC8A99C
| MD5 | a988f8ec8c4d1d4adb4979ea02a6aef7 |
| SHA1 | 835ef9d5fd82afc354f26dbe4448fa9177e4906f |
| SHA256 | 7c9fea556a2405dfb8ace0eeb464416a65e81fbd0df131a13c65d6655ce037b7 |
| SHA512 | f085a205fbb037f5ed2548e2486ad47cee34092f9a65ec771f73479fba33f516aad21e14dac8fab4e4c638210bcce2c2e5ce467acf5faad965e638617acb7a7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32f14882921d1310b579db6199508439 |
| SHA1 | 67520681382c3decc50eec8f932a69c4a3a04d2c |
| SHA256 | 78cc11d91a28fb48dd6e19330c67ce1be989643dd0b20c0e2969d0845f530fa7 |
| SHA512 | 98d3e20e3864afaecec5f5ed1a04e5ff19a7404fe6b2b2046d8c73880e356bed66c3deea751ab7f8ebf31273c3d67f9ff67a3d9c233e00346089d34b9e1ec46d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\17B45B9C15B7E3BBEEA873127FD3DB8A0AF06F2F
| MD5 | 7cf4fb3ee1fd5b24c8d08a66631b4b4c |
| SHA1 | c56b23e974df6fe01083b82b35abfca3a5cd4b9a |
| SHA256 | 9b0b9c1a7b16f2176748d23c5de35848902fd33af27947bc4bd01ee6d4ece102 |
| SHA512 | 259c233bbc5aa6f0a4fe41aa5ba05522c5eefcf23cc4b90ac04c0cce2026ebd4c5a8f0a4872d89f8ffe220b31c0f783798cac7cda85806535cae9ab85dd8fc36 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\doomed\17658
| MD5 | f5d8857655d77c5ef296b3b3c5519c08 |
| SHA1 | 7f0aa6dc35d8be903c6cd3017011c994e3f8fba3 |
| SHA256 | cd6bd3e36b1d2338006009458149f8764d30bcc434a171a126f726b5359ade83 |
| SHA512 | 99256bbe88cbe0504f3dbb86105e7bca338a550fe9d3c4151dacde05b1e3d8cccecdf1b585361afe5647837d818a3c226c30d3cbb01419350dfadcca7aa1fc9d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\E92AD7F089BE454A630F4BEC36513575295D1312
| MD5 | fcdf48d5c9ff5e1375d28c620cacf8d8 |
| SHA1 | 338700d6923887d0749709d92dc549337e1f8c2b |
| SHA256 | 3f060129b7ad00a9ef915cecdbb0b0beb9dbb2b971876235c3ead121a92c94a2 |
| SHA512 | e5fe34c6ed41558068d9f94795663f60062a6cd28b0030dadc74ff19622894fa2db15da71317500aa6d316006f546d9ab36ac5ebee8d4577892abc74ec321f31 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e54c1410efa39042960f248cc4e8863c |
| SHA1 | 23b6fbc6e30f943cc15b5e41278b1b968d08ffc7 |
| SHA256 | b23ce2ac1b830dda843aea26fb0d941cfcbeef667fa684ba4d11058c619080b8 |
| SHA512 | 3edf7f9441950632481f41020ad05993f17118cce443536bd56c2cfbb2b1b91f4f498f4b18f72b9eef4c7bfda9001d253b38c3d0a2718e0ab075df9ca1c3e1e0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\5CEA099E36447F7D5F60A06021D0686224BAFF39
| MD5 | 975a40d3230dc1ada35492ed812513f8 |
| SHA1 | 957f75ab1e00553d6d54cdaf8a2fbb888658c624 |
| SHA256 | 3c666ad6dc3ee4e95fda900fd333637fac0bc564f6db9518d115adc08b66c4f4 |
| SHA512 | 8d16f94d670ba61951e07795d06c7cb1b84a0b982f9dd2ea098cc1fce0ce9f4bd7b3b18e6010bc17eb704ac74d266c0d8346e6aad36692a1f6b54e2b3f738a73 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\1247D9BEA0605D24E4E60936225C651B58A7CFFE
| MD5 | 59b7e830d3ea160942dd77e97a92444b |
| SHA1 | bd67d7ede6c5937af8f10c8ec3a4a6932a354e07 |
| SHA256 | 50a0e3f91bf1f33e7f6f190255469345fa6575bec447f047743a1e8dfa169224 |
| SHA512 | d7ef889d8294ea4fcebd14e574fb5c5e8a359e81af76da3f1d8bd8af9b2e2b3bad675884a28c3b95325eb50bbcb0cda18e1590da4efcb5bdc67d84a3b6ad2ba8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\E677A2EF48A8BFD2FFFF38AE33303ADAF665A39C
| MD5 | 1b2550a25e18b517fd7ca5bc4ef7dc02 |
| SHA1 | 7e81d43c5f1be1353e2c4d2ce2c911c049950301 |
| SHA256 | 3f686074f07d4399284ffe8d27483e4255eddacfec667e04598522f2c7dfbd94 |
| SHA512 | fcdbab0de3ae7105cb5f84ff4f2bd3958288d7faf5102abd4e7d3ae019761275bff3ecde88e162fe2c3bc1ff95b205c40965a5555ecc8f41f16ad35a5177a51c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\F13E79D0B5A5E4365055233CEFC8AB2D33E0375C
| MD5 | e619149aae34e1d56e8f828e5b4dd884 |
| SHA1 | f213913365dad6f4aa81dbd026bbb9286e09ed0f |
| SHA256 | 5de16eca15c8db8d1d47b929b7c98b22a0758a7384401007ae0f0877ede75e7e |
| SHA512 | 5afdabb8a6af7b5eb8370ae570e0aaea440a023aec9c1c110320ae2a84008bae729e371d8a9beb44eb278c88252189ec90bec459a14837a20db1e64ca0b7181b |