Malware Analysis Report

2024-11-15 07:41

Sample ID 240802-vraycsxdme
Target source_prepared.exe
SHA256 69a2ffd3f56dffa4727108bdcb807d883a996a95c4c41de2f5b9fa497c382691
Tags
pyinstaller pysilon discovery evasion execution persistence upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69a2ffd3f56dffa4727108bdcb807d883a996a95c4c41de2f5b9fa497c382691

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon discovery evasion execution persistence upx

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Sets file to hidden

Command and Scripting Interpreter: PowerShell

UPX packed file

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Detects Pyinstaller

Browser Information Discovery

Modifies Internet Explorer settings

Modifies registry class

Enumerates system info in registry

Kills process with taskkill

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Views/modifies file attributes

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-02 17:13

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-02 17:12

Reported

2024-08-02 17:16

Platform

win11-20240802-en

Max time kernel

138s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Microsoft\nothing.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Microsoft\nothing.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft = "C:\\Users\\Admin\\Microsoft\\nothing.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14169" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "15290" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "19083" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1075" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "10664" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9085" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14203" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14203" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1075" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "16826" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "16826" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "9085" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "16129" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "16826" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1042" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1075" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "9085" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "15290" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14169" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "16129" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "19083" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1042" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14169" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "15290" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "19083" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14203" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1042" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "10664" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "10664" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "16129" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Microsoft\nothing.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Microsoft\nothing.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3988 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 3988 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4708 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4708 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4708 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4708 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4708 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4708 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 1500 wrote to memory of 688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 1500 wrote to memory of 688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 1500 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Microsoft\nothing.exe
PID 1500 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Microsoft\nothing.exe
PID 1500 wrote to memory of 4272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1500 wrote to memory of 4272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2608 wrote to memory of 4800 N/A C:\Users\Admin\Microsoft\nothing.exe C:\Users\Admin\Microsoft\nothing.exe
PID 2608 wrote to memory of 4800 N/A C:\Users\Admin\Microsoft\nothing.exe C:\Users\Admin\Microsoft\nothing.exe
PID 4800 wrote to memory of 4880 N/A C:\Users\Admin\Microsoft\nothing.exe C:\Windows\system32\cmd.exe
PID 4800 wrote to memory of 4880 N/A C:\Users\Admin\Microsoft\nothing.exe C:\Windows\system32\cmd.exe
PID 4800 wrote to memory of 4780 N/A C:\Users\Admin\Microsoft\nothing.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4800 wrote to memory of 4780 N/A C:\Users\Admin\Microsoft\nothing.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3332 wrote to memory of 1860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 1860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3332 wrote to memory of 5440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C4

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Microsoft\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Microsoft\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\Microsoft\nothing.exe

"nothing.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\Microsoft\nothing.exe

"nothing.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Microsoft\""

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0753cb8,0x7ff9d0753cc8,0x7ff9d0753cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff9cb9dcc40,0x7ff9cb9dcc4c,0x7ff9cb9dcc58

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2332,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2316 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1672,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2456 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1944,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2584 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,14282083117520129297,11050415472225180508,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1916 -parentBuildID 20240401114208 -prefsHandle 1648 -prefMapHandle 1656 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc25911c-265c-463e-be1f-83b4f16f8fc1} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {792628bf-8b35-4c75-bd19-9cacf2f89d71} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2832 -childID 1 -isForBrowser -prefsHandle 2216 -prefMapHandle 2868 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e140a21-9577-4e77-98c0-3221cc2c1c65} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1452 -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3208 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b87b950-9429-4ab5-be14-672039dc3c68} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3660 -prefMapHandle 2536 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11b7c910-bccb-4160-8f2a-0de4217a8920} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 3676 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d8efb1-005b-4aea-81e1-61302f0c6429} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1788 -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e74743c8-98f0-414e-8eb1-3b2cbdd7d8a1} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5340 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bf76082-4f5f-4d51-b979-59619e37b3e4} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5876 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a91378cb-27e6-482e-b34e-fb58b503d128} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 7 -isForBrowser -prefsHandle 5520 -prefMapHandle 920 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a4d5d1-6c1c-4962-9b4c-76222dc7063f} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1776 -parentBuildID 20240401114208 -prefsHandle 6116 -prefMapHandle 6120 -prefsLen 30400 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fc258c6-d6e7-4e37-8580-6cf2785c1eae} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 1440 -prefMapHandle 5308 -prefsLen 30400 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1adc2c9c-c805-4c13-a67b-a0ae090b3fbc} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 8 -isForBrowser -prefsHandle 6156 -prefMapHandle 4680 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01288160-9688-4e72-acc0-109e8e7b0553} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 9 -isForBrowser -prefsHandle 4332 -prefMapHandle 6480 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33928db3-d56f-49a8-853e-d03e4bb53224} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2771333712885717962,17949376006952859587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6676 -childID 10 -isForBrowser -prefsHandle 6744 -prefMapHandle 6748 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {699bfdfc-5f0e-4d3c-ac5c-2e976144d912} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6788 -childID 11 -isForBrowser -prefsHandle 6796 -prefMapHandle 6800 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71ca3a29-9ece-4b6b-9c26-6a274e5ed44f} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6980 -childID 12 -isForBrowser -prefsHandle 6988 -prefMapHandle 6992 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7505fd7-6752-40e4-a0fe-12dc163aa03e} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7284 -childID 13 -isForBrowser -prefsHandle 6840 -prefMapHandle 6460 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5127b080-c465-4088-bca9-f90bb3298ea2} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8056 -childID 14 -isForBrowser -prefsHandle 8016 -prefMapHandle 7976 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b904cb-1a34-4a7b-8ec1-8a40d3083b56} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8188 -childID 15 -isForBrowser -prefsHandle 8200 -prefMapHandle 8204 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30010d4f-4a5d-4539-9122-6b9218ae6d2a} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8508 -childID 16 -isForBrowser -prefsHandle 8528 -prefMapHandle 7972 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7b0420d-b20f-42f1-b7c2-65119fceb7e2} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8772 -childID 17 -isForBrowser -prefsHandle 8764 -prefMapHandle 8760 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49d641d-4728-43fb-8dff-8952f90e46a3} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8708 -childID 18 -isForBrowser -prefsHandle 9256 -prefMapHandle 9260 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {587d098f-89d4-479b-bc1f-a4f8e9965e1b} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9360 -childID 19 -isForBrowser -prefsHandle 9436 -prefMapHandle 9432 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59ae682e-5c02-4ca0-80d3-04a2918234df} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9392 -childID 20 -isForBrowser -prefsHandle 9260 -prefMapHandle 9232 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74a8e157-86eb-4a69-a122-68ddd1a2f726} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9760 -childID 21 -isForBrowser -prefsHandle 9780 -prefMapHandle 9668 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e5549f3-c9b9-4493-9ab6-8693f8606bb6} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9708 -childID 22 -isForBrowser -prefsHandle 9916 -prefMapHandle 9920 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c36db90-be74-453d-966b-5821c3070b54} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10116 -childID 23 -isForBrowser -prefsHandle 10128 -prefMapHandle 10072 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {657680d6-c97f-476a-a378-cefa451c1ca6} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10320 -childID 24 -isForBrowser -prefsHandle 6780 -prefMapHandle 10284 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47babb01-36ab-437b-8b06-6f7f053be2e8} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10396 -childID 25 -isForBrowser -prefsHandle 10404 -prefMapHandle 10408 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74942d95-1b62-45b3-bdba-963b3d56642b} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10588 -childID 26 -isForBrowser -prefsHandle 7008 -prefMapHandle 7192 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a4edf7-1a6c-4620-af89-4e3980771f09} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9664 -childID 27 -isForBrowser -prefsHandle 10432 -prefMapHandle 10436 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3347f861-b662-48dc-be22-e38102f95dcf} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10564 -childID 28 -isForBrowser -prefsHandle 10996 -prefMapHandle 10992 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71c2fd4-d386-4813-b8ce-eca3ea365546} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11176 -childID 29 -isForBrowser -prefsHandle 11260 -prefMapHandle 11180 -prefsLen 27868 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee1ae88-7fca-4d88-8084-6db752b31a03} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
N/A 127.0.0.1:53690 tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
GB 2.18.66.75:443 tcp
US 20.189.173.23:443 browser.pipe.aria.microsoft.com tcp
GB 2.16.167.58:443 www.bing.com tcp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
FR 152.199.21.118:443 static-ecst.licdn.com tcp
NL 142.250.27.104:443 www.google.com tcp
NL 142.250.27.104:443 www.google.com tcp
NL 142.250.27.104:443 www.google.com tcp
NL 142.250.27.104:443 www.google.com udp
US 150.171.73.254:443 bx-ring.msedge.net tcp
GB 51.105.71.136:443 browser.pipe.aria.microsoft.com tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
N/A 224.0.0.251:5353 udp
US 104.22.19.113:80 rule34.xxx tcp
US 104.22.19.113:443 rule34.xxx tcp
N/A 127.0.0.1:54259 tcp
N/A 127.0.0.1:54273 tcp
US 104.22.19.113:443 rule34.xxx udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
NL 142.250.27.147:443 www.google.com tcp
NL 142.250.27.147:443 www.google.com tcp
NL 142.250.27.147:443 www.google.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
NL 142.250.27.101:443 redirector.gvt1.com tcp
NL 142.250.27.101:443 redirector.gvt1.com udp
NL 172.217.132.38:443 r1.sn-5hne6nsk.gvt1.com tcp
NL 172.217.132.38:443 r1.sn-5hne6nsk.gvt1.com udp
NL 142.250.102.141:443 csp.withgoogle.com tcp
NL 142.250.102.141:443 csp.withgoogle.com udp
NL 142.250.102.113:443 play.google.com tcp
NL 142.250.102.113:443 play.google.com udp
NL 142.250.102.101:443 play.google.com tcp
NL 142.250.102.101:443 play.google.com udp
US 66.135.26.78:443 playclassic.games tcp
US 66.135.26.78:443 playclassic.games tcp
NL 142.250.27.147:443 www.google.com tcp
GB 18.245.187.4:443 live.primis.tech tcp
US 104.22.14.202:443 storage.ko-fi.com tcp
NL 142.250.27.147:443 www.google.com udp
GB 18.245.187.4:443 live.primis.tech udp
US 104.22.15.202:443 storage.ko-fi.com tcp
RU 87.240.132.72:443 vk.com tcp
FR 157.240.196.17:443 graph.facebook.com tcp
GB 54.192.139.162:443 d1ykf07e75w7ss.cloudfront.net tcp
NL 142.250.102.154:443 pubads.g.doubleclick.net tcp
NL 142.250.102.154:443 pubads.g.doubleclick.net tcp
FR 157.240.196.17:443 graph.facebook.com udp
NL 142.250.102.154:443 pubads.g.doubleclick.net udp
GB 18.154.84.43:443 cdn.intergient.com tcp
GB 18.154.84.43:443 cdn.intergient.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 18.165.201.42:443 video.primis.tech tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 54.192.139.162:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 42.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 138.27.250.142.in-addr.arpa udp
GB 18.165.201.42:443 video.primis.tech udp
GB 18.244.179.14:443 d11iqv7gybc2be.cloudfront.net tcp
NL 142.250.27.156:443 securepubads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
DE 18.195.11.216:443 btlr.sharethrough.com tcp
GB 99.84.9.107:443 rtb.primis.tech tcp
NL 142.250.27.156:443 securepubads.g.doubleclick.net udp
GB 99.84.9.107:443 rtb.primis.tech udp
FR 157.240.196.17:443 graph.facebook.com udp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
NL 142.250.102.132:443 tpc.googlesyndication.com udp
GB 2.18.109.123:443 e13136.g.akamaiedge.net tcp
GB 18.244.140.100:443 impression-inferences-edge-prod.playwire.com tcp
US 104.22.74.216:443 btloader.com tcp
GB 2.18.109.123:443 e13136.g.akamaiedge.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
GB 141.147.81.223:443 mb.moatads.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
IE 34.254.23.94:443 id.crwdcntrl.net tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 34.120.133.55:443 api.rlcdn.com udp
US 130.211.23.194:443 api.btloader.com udp
NL 142.250.102.156:443 googleads.g.doubleclick.net tcp
NL 142.250.102.156:443 googleads.g.doubleclick.net tcp
NL 142.250.102.156:443 googleads.g.doubleclick.net tcp
NL 142.250.102.156:443 googleads.g.doubleclick.net tcp
NL 142.250.102.156:443 googleads.g.doubleclick.net tcp
NL 142.250.102.156:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 149.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 223.81.147.141.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 94.23.254.34.in-addr.arpa udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
NL 142.250.102.156:443 googleads.g.doubleclick.net udp
US 151.101.129.229:443 jsdelivr.map.fastly.net tcp
DE 3.73.242.72:443 cd836371f1d.cdn.intergient.com tcp
US 151.101.129.229:443 jsdelivr.map.fastly.net udp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
GB 18.245.255.11:443 cdn.prod.uidapi.com tcp
GB 52.84.90.40:443 config.aps.amazon-adsystem.com tcp
US 34.102.146.192:443 oa.openxcdn.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com udp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
IE 54.73.93.8:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
FR 185.235.86.226:443 ag.gbc.criteo.com tcp
FR 185.235.86.137:443 gbc4.fr3.eu.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 34.160.46.1:443 fid.agkn.com tcp
FR 185.235.86.226:443 ag.gbc.criteo.com tcp
FR 185.235.86.137:443 gbc4.fr3.eu.criteo.com tcp
US 34.160.46.1:443 fid.agkn.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 2.18.108.192:443 e6603.g.akamaiedge.net tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 match.sharethrough.com udp
NL 35.214.149.91:443 user-data-eu.bidswitch.net tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 35.214.184.152:443 envoy-hl.envoy-csync1.core-b8mf.ov1o.com tcp
DE 52.59.176.203:443 btlr.sharethrough.com tcp
US 44.209.52.207:443 cs-server-s2s.yellowblue.io tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 34.95.69.49:443 i.clean.gg tcp
US 34.95.69.49:443 i.clean.gg tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 76.223.111.18:443 eu-eb2.3lift.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 54.174.84.253:443 partners-alb-1113315349.us-east-1.elb.amazonaws.com tcp
GB 23.46.72.29:443 cs.media.net tcp
IE 54.194.165.87:443 ap.lijit.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 81.17.55.108:443 ssbsync-global.smartadserver.com tcp
DK 37.157.2.229:443 cm.adform.net tcp
DE 3.70.167.193:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 34.95.69.49:443 i.clean.gg udp
US 143.198.162.84:443 hj5ozcalb.puzztake.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 29.72.46.23.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 108.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 87.165.194.54.in-addr.arpa udp
US 8.8.8.8:53 229.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 193.167.70.3.in-addr.arpa udp
US 8.8.8.8:53 253.84.174.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 84.162.198.143.in-addr.arpa udp
NL 142.250.27.156:443 securepubads.g.doubleclick.net udp
NL 142.250.27.156:443 securepubads.g.doubleclick.net tcp
GB 18.154.84.43:443 cdn.intergient.com tcp
GB 18.245.187.4:443 live.primis.tech tcp
GB 18.165.201.42:443 video.primis.tech udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 172.67.71.222:443 api.adinplay.com tcp
US 151.101.129.229:443 jsdelivr.map.fastly.net udp
NL 93.119.15.97:443 stats.adinplay.com tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 130.211.23.194:443 api.btloader.com udp
NL 142.250.27.132:443 00c73f808cbff2bed2e4566a5cc8aa1b.safeframe.googlesyndication.com tcp
NL 142.250.27.132:443 00c73f808cbff2bed2e4566a5cc8aa1b.safeframe.googlesyndication.com udp
NL 142.250.102.156:443 googleads.g.doubleclick.net udp
US 198.24.167.212:443 server.cpmstar.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
FR 178.250.7.10:443 grid.bidswitch.net tcp
NL 46.228.174.115:443 tag.1rx.io tcp
NL 46.228.174.115:443 tag.1rx.io tcp
NL 185.89.210.82:443 ib.anycast.adnxs.com tcp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 104.26.8.169:443 script.4dex.io tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 142.250.102.149:443 s0.2mdn.net tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
GB 216.137.44.70:443 d20skogma9ce2j.cloudfront.net tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
NL 142.250.102.149:443 s0.2mdn.net tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
NL 142.250.102.149:443 s0.2mdn.net udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 70.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 149.102.250.142.in-addr.arpa udp
NL 142.250.102.154:443 googleads.g.doubleclick.net udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
GB 54.192.137.115:443 detrlmfafe7oz.cloudfront.net tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 209.85.145.120:443 csi.gstatic.com tcp
US 209.85.145.120:443 csi.gstatic.com tcp
US 209.85.145.120:443 csi.gstatic.com tcp
NL 142.250.102.132:443 yt3.ggpht.com tcp
US 209.85.145.120:443 csi.gstatic.com tcp
NL 172.217.132.201:443 rr4.sn-5hnednss.googlevideo.com tcp
NL 142.250.27.154:443 www.googletagservices.com tcp
NL 142.250.102.132:443 yt3.ggpht.com udp
NL 142.250.27.154:443 www.googletagservices.com udp
NL 172.217.132.201:443 rr4.sn-5hnednss.googlevideo.com udp
US 209.85.145.120:443 csi.gstatic.com udp
NL 142.250.102.156:443 ade.googlesyndication.com udp
NL 142.250.102.154:443 ade.googlesyndication.com udp
NL 142.250.102.154:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 154.27.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39882\ucrtbase.dll

MD5 1268674e0227fba666728f77e9ba01bd
SHA1 bfb0c3b94319d2e524a0b9246b45edbd3f90c3da
SHA256 6dada6c2ae69c792cfb3e90aac122810052d845ce875364bde885eef4f8fe9c4
SHA512 82a7956ebbd491294728ffb07f7d7effac44578bf4fb579449e129fca007271d5c211fe17e195c419c813280f2abe229fdfe805221e0325305e71ea04a361b50

C:\Users\Admin\AppData\Local\Temp\_MEI39882\python311.dll

MD5 548809b87186356c7ac6421562015915
SHA1 8fa683eed7f916302c2eb1a548c12118bea414fa
SHA256 6c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1
SHA512 c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc

C:\Users\Admin\AppData\Local\Temp\_MEI39882\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/4708-1299-0x00007FF9E8610000-0x00007FF9E8C02000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39882\base_library.zip

MD5 bec1bfd6f5c778536e45ff0208baeeb8
SHA1 c6d20582764553621880c695406e8028bab8d49e
SHA256 a9d7fa44e1cc77e53f453bf1ca8aba2a9582a842606a4e182c65b88b616b1a17
SHA512 1a684f5542693755e8ca1b7b175a11d8a75f6c79e02a20e2d6433b8803884f6910341555170441d2660364596491e5b54469cfd16cb04a3790128450cd2d48fe

C:\Users\Admin\AppData\Local\Temp\_MEI39882\_ctypes.pyd

MD5 2ba320791c95526c2fdb2adf011764bf
SHA1 f80c591acaab83e041d0756e5e7b2f4cb231fc41
SHA256 73a7c35c3146990295758152992efb2f012c2066a01878fabdfda7acd42b6565
SHA512 25ac02e5177ffd885799262c5dbaa319fe5ba6167b9134377fd321bc3dd37ba487c3167279e0365039f81a6f498d23ebb44f473304a1fc63be36304a6468ce3d

C:\Users\Admin\AppData\Local\Temp\_MEI39882\python3.DLL

MD5 7e07c63636a01df77cd31cfca9a5c745
SHA1 593765bc1729fdca66dd45bbb6ea9fcd882f42a6
SHA256 db84bc052cfb121fe4db36242ba5f1d2c031b600ef5d8d752cf25b7c02b6bac6
SHA512 8c538625be972481c495c7271398993cfe188e2f0a71d38fb51eb18b62467205fe3944def156d0ff09a145670af375d2fc974c6b18313fa275ce6b420decc729

memory/4708-1307-0x00007FF9EB980000-0x00007FF9EB9A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39882\libffi-8.dll

MD5 013a0b2653aa0eb6075419217a1ed6bd
SHA1 1b58ff8e160b29a43397499801cf8ab0344371e7
SHA256 e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523
SHA512 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

memory/4708-1310-0x00007FF9F1FF0000-0x00007FF9F1FFF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39882\_bz2.pyd

MD5 4e37a3e1e62485fbbfb22250b1ec78fa
SHA1 c9c7adf208a2444531fd7508eb306d6f6f9181b2
SHA256 393249c5cb97e58251bc11e8aaae88294b6d5e9c94ed28ca0002b1958cb46570
SHA512 4b02bde981c77422d5c1230adefe46f70b67a20fbd2da7cc18e8a5dfaa028e110141caf164423b0c60057e6ede32144d000a2d8dd6af6f3f399597555640091b

C:\Users\Admin\AppData\Local\Temp\_MEI39882\_lzma.pyd

MD5 d1347e8f92d3add8eaf2b53294be9438
SHA1 3920bb7a621c13be46f53d1d86b3a06d56b4bd27
SHA256 f88748a9a677df9616ec492a02bae860ce5c5365c0e743d9e5a9fbf9198fc962
SHA512 b80542f8e61d6ac98efa244144e03c402a0aadfaa898b30a1b3964a0c800f384d7c1a174029c0b46bc697d0d724937c4a2e8e77b88aaf770fafe40b3017c57a3

memory/4708-1315-0x00007FF9E9010000-0x00007FF9E903D000-memory.dmp

memory/4708-1314-0x00007FF9EDCC0000-0x00007FF9EDCD9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-console-l1-1-0.dll

MD5 dac566c1f660c7f5aaffcdc88eafb95e
SHA1 6dbd44ab2bf6b32f4ae9391d14bfaefd316bc600
SHA256 5f9d789e5231847a10431a29b89ebb2fe18ebe2f2a77c103211fc14c55657b25
SHA512 e6b73f0041bb016d72282849b25d09b5b9ed5017756759be77ad0bbbf17bce53d7a84f6c6025c0d4b467852b251913987392a2b336269b3182bd4954bbdb766d

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-datetime-l1-1-0.dll

MD5 22ecf4b0f69958775ea932cc500e947d
SHA1 ef9646a777f43210f89e5fcc351a89dd4def7c0d
SHA256 c6064975ed1d3ff436e6b3cc4779ba9c1a61c5f670b24fcc5264371c73b97bce
SHA512 a516a8b1f35e2b3adb9486f4079ff5cb078f6b7d6cf027122d984b79337aa3d5bc97ea30c6c7ecbbf7898f4a7761e17f214453a32b8da56ac47d72e0ed007fe3

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-debug-l1-1-0.dll

MD5 ec59aac4b726124e93cb05fa8bd60e8f
SHA1 f581c104cb14b678ebd4939b567ebdaa3568995a
SHA256 18d756a725b6d4ad34f6b2886b727a5895d7c65900a6c74b485331e8931fd9ff
SHA512 5bcb9292e1c4b2e81e11178b813ce5f6bb888f0b69dfdd25c35bca15c60405080bebb5151fad02d62c14bb8e5b5f396ae5b1faefcb83f52fecb59fc546dc23b9

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 e6776d7372de02cddad35b49c15e8f2f
SHA1 cb4da00768a881b6d8353403b22b30a77d14649a
SHA256 1f1e0577ac1e1c757be525d8e36057a22388519964b1e2d79ffbd3e8fc0d00cf
SHA512 f65fb51639df0804a7b4bfbc70063c5408ab512252f7ef42a5a2646dcda7d63b7f774f6255b961e32d22e91c1ca5ce4a5863db43907d1ccfc2b8a9364adac169

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-utility-l1-1-0.dll

MD5 759f1a8735f56c795c603578e2ee5b71
SHA1 3fd9804e8442622b2c1940753ec082f834d3ca01
SHA256 bf9770586528c2dededb462cbe627bbfc11e33e87bf9cf8ccf0dcd8ab0eab22c
SHA512 2904afb9b9ab0d308e15b426b6da5f7d9ae2331f5e05fc9a63b7d124e0a89e493868ac88e338cbf3fbc6883c4147cc00f46a9db0f3f615b3699158db1216026e

C:\Users\Admin\AppData\Local\Temp\_MEI39882\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-conio-l1-1-0.dll

MD5 0d3e5fd53351d4c4d717014f596b4e52
SHA1 56f4ad1f107cffe564b03e7131ca7702ddbfd71e
SHA256 6984e9aab9c4f6f4d1f1c9daef72d1e636a4505b39384c3a0c6401a3d0a3cebb
SHA512 96426d99bb385514d7943be35d9938dd6b4ac459d8dcbcb0566d1f2e3ad4ee28690f33c9dc24c8530aafea336c4b83d7dff70a17f419d7db5f67eeec2fe0800b

C:\Users\Admin\AppData\Local\Temp\_MEI39882\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI39882\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI39882\libcrypto-3.dll

MD5 8fed6a2bbb718bb44240a84662c79b53
SHA1 2cd169a573922b3a0e35d0f9f252b55638a16bca
SHA256 f8de79a5dd7eeb4b2a053315ab4c719cd48fe90b0533949f94b6a291e6bc70fd
SHA512 87787593e6a7d0556a4d05f07a276ffdbef551802eb2e4b07104362cb5af0b32bffd911fd9237799e10e0c8685e9e7a7345c3bce2ad966843c269b4c9bd83e03

C:\Users\Admin\AppData\Local\Temp\_MEI39882\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI39882\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-time-l1-1-0.dll

MD5 f6fb8348e655afb8faec69b9bf941543
SHA1 79cfd09bf000e1d113b4654091490001a9e299a5
SHA256 e16dbb880a89be46e71a7b498ff3758b188d46851db15709a7898f60449d2c21
SHA512 858d89d57558366ea1ebd2d353f3bf02ed4e917f873c69ff6ebc7d373acbd1e8b3022dc80a5ed97ab31a90699d102a59cc25f3a720561b1dd43f263a0c9cd432

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-string-l1-1-0.dll

MD5 062be32496661a3e652b4411840c43c8
SHA1 e0793d0cb5c5d9d00dbba1bd17e3545399d13be0
SHA256 1c0af055267a9b7492038f7936277e707c04d49570e7d2e54fa2d3787ece664f
SHA512 ebe027ec4bdfcde4d561c70cd08e6017c84cc85edd6755159fc86905b70fa6275ceaeff641d8404bf810bc1384ab1aab8824c0844907fdcb9f531e374a30fef8

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f2a35575d7fde96c8bb33f9eebe1e5d2
SHA1 189b37079444d10084a14467c9838e5e6aacaef8
SHA256 44baab81179483a4fbc5371725c3c6d49dc38c5a5853fccd2090efc17178a887
SHA512 78465980d9a8ce0022d6b52a6f8b25df4a4e7fcdab7c3bef4d2a0c8d17edb250ede806822442e7c0add07bcc4caae89e2b1cd76119a7ed4e1ad5ba2d45e9d507

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-runtime-l1-1-0.dll

MD5 a409966b786a430fd966642acccca577
SHA1 0ae71b5a6eb1b6e2e8a138cd6eae5bcfe4f4debc
SHA256 dd2658bcddb580c7913489a12d2e626061a92a948163bc6a9fdbea6966c5c8f0
SHA512 8607487c3ac03b2787cc41fd7f19ccb73aafc1a92eca165df337ad9000a18b95ec6b52d1c0676bfd872290ee15f44db52809180314566762ce8472613b971712

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-process-l1-1-0.dll

MD5 ad18909e012a7c4c00b03112a38210f3
SHA1 ae73109e65eda5e570fdc46fa1823574d3df2aff
SHA256 29b4b2feb379aa97fa713667b1c2ef1f60342eb29907777f0ddf3508be62b49e
SHA512 bf7a9f7e88e4a0f7eefbb5675880d65a79b35b8769204fd1c66da1a653a16ebcff4d2b4ee951844c5296d2f4cd433ea3c2cfeb2aa4f8ea289ea9c701ed163181

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-private-l1-1-0.dll

MD5 43382da342b96fd298f5579f59e19ee1
SHA1 9c2e94d38e38b802a032e63ee3de057d0ec5ce99
SHA256 a8f20d2842b3ac0ef87085e043bbc8fa55c6524825f9b39f7960515630f0f9e5
SHA512 3ff1d95e4656bfa0ef4a101a6c0bb5b4dce417f2795966f28db87d6097ec6edc5c2e26af362d886905166abc8b378974d848fe5452cb8440271ba594fa7097d5

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 229559316733b290f8794bf3a6b5cc39
SHA1 9a51ac3d4e01af3e6e444f7df54e85b89d6ae896
SHA256 2d70ab53298a902d7cd62f3eba9298567b7765db02b587cca97a760513803a21
SHA512 25e3eec02bb665f786608f90eae69c6d4b54dd332c54210077d722c4f5fe7dc94f6bf9e15a569c7bb11501fb68315d591c6fe250bc92949c2765263973d597ac

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-math-l1-1-0.dll

MD5 08bfd1b200bdb9c85572c8bfceb0c499
SHA1 8b42a9fb1e90417df70a25b794cf427e323ee42a
SHA256 1114ad9f3a0a34b2c215814483ea0d1b70dab9e486b8fc75cf560ac4175d5a72
SHA512 6eec64da5b2a82f02edccc1bd7d70c546c9ab772c82946ea1803d41e43809481ed56c581f168b2fb762e22a826173b52f1401a279f82b32fe201bde9e72a02d0

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-locale-l1-1-0.dll

MD5 5dd41de64aae686e7e766f2078d287a4
SHA1 0583385934fc182d42d8e5ebb07e2ec6b4ba21b7
SHA256 e4b625697aabfc995a2085a7393963d9547f5492c6603f29383cb39b0d6e6a16
SHA512 69806fbaa9f6c28ae1fdd520e92edaf6bb921c1b22111e49a1794fc1c1c9ee9bc64b99f12e8868570b5c4d52c07aface8b4c0d0541d2c6e6b8612c2cac04069c

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-heap-l1-1-0.dll

MD5 c12491ec89b39f6878179e499e14b428
SHA1 fba174a1bf48e4853b2748a36b7bb80740dfc685
SHA256 15ce011ea8f0eaf4ec7dd67306f14b3d1ce4b2942674108e9880cb7f306eff60
SHA512 23145eea6ee96d7534a4be979774366f2ef8b35a52d0afb0f0481b2d95a0e979180771f3bd66e972aea671bcd226e5848a04d9f2a8d419f6c38eba0aed4ce14d

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 bc7de1c7b07e9157b4717c2ec89c99e5
SHA1 fd9bc3eb1f3432c3084053b411858fc8d0685216
SHA256 b529d797f5c55158bdd80b1eff6024bcf80ced29f3a27272d1dcca1f998e0af6
SHA512 588ddffca22f800f9503a5f133d9ab384dc9893ed50da931317d1ea1ca81e71efa897037aa7e74bddecdede7d1f2481102549d841a50a3dda7f96fd3f9430759

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-environment-l1-1-0.dll

MD5 310eff908b91acc5f35acaa310c1ac75
SHA1 137a7b8bc2aefb3fd64e3bfac13c79255ba3989a
SHA256 c7295e2521a696e4dc47ce9f00b6bf380bf9b85726ebe3475419e80cb94571ec
SHA512 39f281189c547648e4029749fc75bf1c8013f57a7a8c3115196b6abd5cfbdad4d2b6f2efea3fa1bd20150f72d75bf236d052df2d526dc27b2b1ebf850b3de565

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-crt-convert-l1-1-0.dll

MD5 1927eb5e2276e6c9c3a738ee8b6cedd3
SHA1 7b2ca15ecadf34ac6e439c873cf8d6853f34b408
SHA256 672bea99f951983cabb697a3086705a121f668de5b98b3982c9bf25963bb5a41
SHA512 005728c4de3d2971478325388d87f1ea2aa79d29a6c30263aebe287e1bc9807c8b5504d10c8522bc3115cde0645331e338e51d19e06d9917cb4294aba930e596

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-util-l1-1-0.dll

MD5 0b032312ed46688ac723fb71c5bc9da5
SHA1 57d6a9d6b012a8fb9686a4187d2e6422c7df5a76
SHA256 3ea53b2236eb6a920c473121980e071640d04a34af902525f64461e5003bc9ee
SHA512 fc3b5b46c6d1039fecd83f0cb529fbd7041cc923d3ea33978354c32a0c257cccbff5a68530612b70fff01d5bb3719133574b286982cf562f5a79b243fbc9e614

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-timezone-l1-1-0.dll

MD5 8e0be9b6baceb5babc308039618870e5
SHA1 515d98afb7d0c17861bc87b83d553d4e80ecf8fb
SHA256 83ea1b0e636eac733c221a4fff4ab19371d8dacb8e80fa8295d86fe72bd2942c
SHA512 b14755c0192560f3c535895d7013eb39e62f2d17a26747518828bed5a17668932e6ea60d00d9a798298cf3a391c0c48b3de23207a2b64e1e79b6f93fb5a1a249

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 5629243e6a15f7ba4c36c9944bc66210
SHA1 b9401bc0e393cea75445b6c89be5f19f1fba0899
SHA256 b38c9e1608ae64b51a774e93752d549f72daa868f88e3f78631f5600543cb825
SHA512 659d1a219769e2010b04533a76e60129cffd06cca8e550163b0ab6b9cf76a40478a286325e78856e56ae0025e7d1da971929ae0beed27490ff2ac3b37c8e1a7e

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-synch-l1-2-0.dll

MD5 0c687747ea311eb5f7ed146b83310410
SHA1 ed735cc089fc901a7bc45878a35da89d27761f11
SHA256 a333e073bcf199b7872decd9ea911cbcf4f1b426a400c2ce5e07f0462fddd70a
SHA512 344028a8656796f8b9e72ebc8b62d7e2fc90c5c791ebe1bf16b94b891dcfe22389e28e40a94d06e173a8a572340d641e2b758280b107429fe9e7895448c9a12f

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-synch-l1-1-0.dll

MD5 5d71ceae6ada819d4b93687fc2365136
SHA1 3ce280308d024ff6cda585b972770e8964cf8d76
SHA256 fcc4728a8f0c8ec7d36aad45f24b5036a444afd75072137694ab87c76b8347cd
SHA512 d01a03cf82d2b103b656c33ea9821d2997ddc010d756690b6aeb6e122cc4a18cf73dcff63af459ace5b4d04edc42a6a4a9193e1f30cb34dc527faa1027458be1

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-string-l1-1-0.dll

MD5 c5ee363f9ad28b1ac097294483443fcd
SHA1 0eb056c55dae609a5d96d8825c2cbc62402bc409
SHA256 23b8515d4d94bbabb77059a2536c2c1241ac261a58ad6192c79cceb1dca38f14
SHA512 50112fd26a0760b53790cd5a97c20629cd8c728f45de3742cece07b7efb98973eef79520824c41f99a959610879607c7f9c6993817d3dc28d44c2bf75e8dd362

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 8a5b4ed32eea9ad27bbb7d71424a38e3
SHA1 a525cf3cb8a7fb6bb9267cc089d0c0b4fee83401
SHA256 fcede796e1271f2564f4a0ffdf13dc79ba5f5d2fc2093146dae334fd707fa146
SHA512 b4b8c83ff7b293124f52c351d970d38a59f9209f779cf39935ed191aabbb222c8787c45ae35b0040c81f6475157c9575150a0ea5a91994bff3bbf3f025835178

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-profile-l1-1-0.dll

MD5 b33555a6c26229a52068683af95b8763
SHA1 fdf3a773227f7f966756cd95a5167d883ba5f2be
SHA256 b0d8f37eac0997bb41952bd8dc12d25a3db6013c2146dbcab9ed84b6697eedbc
SHA512 1bcbb5684815882300c17509853638a69b6f338b46ead3fbde46fea3a04c5ff5caf4bb58f8484478ba76f018c3e386e03e93d1caf4da1204832bd13e27019c50

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-processthreads-l1-1-1.dll

MD5 7922c25a9a206110d298eb1adb747dd7
SHA1 c4431817fbc6d39b6504c121a8775f174f6cb9d3
SHA256 0528474ae1b64b2ef0089b87d53d84a36b5792c381ea9459ceda87a29c5abb2a
SHA512 f90f86d6ccd18ddf292115a8a45a22248683460a8b90d371d42d5274f596bd91c4ef4b62531e00ea304cb99b239c6b7bd50d0a39db45e539649ff6622cfaa48c

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-processthreads-l1-1-0.dll

MD5 6c68c4fe70361213fe891e1ab01c1272
SHA1 8aa952184d263257ca6119c64882c77124425547
SHA256 d80ecc44b211c19c6021b033085229c6f592c0c091c41eb9c177df833dc0a70f
SHA512 689dbe9f45bc290081380daccabb3e57e912bc7b750fea272c7cd7ed6e0f0358f89c8e543286e3d55da6501b161df224ee977632944e14abc8827fccdb5f8812

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 a7665679024a45c11cd0e8cb1f8e43fd
SHA1 a161df5ab2c0ec429f715cb319812911a5885518
SHA256 17577789eab28202cd1bf06178b9911083849ab0351fe06b46a8c0f58d93c83a
SHA512 e3f5e6ebd0e9f388734b020c3ec25cf167ef626e8c2160d46e65e641c8e82f99117ca738e9b926a0a4feec3f1bbaf8688e89ae788dcdd9aff26ef9bc315205ca

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-memory-l1-1-0.dll

MD5 73f8a915dde46ee5d0d3f4de394a2182
SHA1 fecf150be80cdb980949b991314a83d27853a760
SHA256 14d30d55506e8a44326d03abc46294abc1511409213196e0dd4ddefccf60bdee
SHA512 b8596eba4e7b8b72a007d7ba55c947538dd4ce0ad1857005ddd9095839ff99a0fa892121f7fad5ed5d33380802038560f8e3b729430a3100901682de2309767c

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-localization-l1-2-0.dll

MD5 3991a12b40096a59d48a95b54ad1c812
SHA1 464da16182fd1053f4633b29e83d9afdfc39f1e1
SHA256 2ee4d131e5492a9980efa47ae5a9e1aad3d5bccb062c26d28cb0c9559e973481
SHA512 5bfd17e39c4ff999db7f36fe2dd044df346f1ea352098b4e3033c7ff8c382d7f2897c46ad543266d72a29561b984667c8d0dc1d2a163e3fab67bbaf10ae17085

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 b663a5ee87030b06525b95c0ce8efa4a
SHA1 44dd3d69d6fa37712fdbb04175bbc17c382cac54
SHA256 2eebdb5eae5cb88c329b8dacb80e782ba7c789038e8ba8123a47c3a571677776
SHA512 1fffabeb721ddcf70978c9628eb559f7d2d581d367fef8bfb225fa51441ab7916b0962805eb4efbf11f503720dbe5759200d1edaa16824afef5b2897a3ffb934

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-interlocked-l1-1-0.dll

MD5 7f35b7bde9a9f810ff8a3fe63f86b86f
SHA1 277fca2f7b45d978891b5612d0d86e2981f78595
SHA256 fb0600267c2ea0e6436ebf2dc46edb3aee2696e5d2164500fac60d394e21d8fd
SHA512 e53b020f1bc8f3aa825a8980f7c1e9b07bf4a5f7b3fbf9784ede4369b6540af24e0b75550e2742f782684afdb024e2bf4082e730d4f05f2c8bdcb91eedbf6374

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-heap-l1-1-0.dll

MD5 3ecc10f8bafc46f55d1b61d3fdd6d88e
SHA1 c17b33dabe18459715ccd5dea5fc1c5b47417f25
SHA256 65e090598b9c3993ae6b13fc4c44946fa5a19dfb85bc66401a5dabfb5647ca9e
SHA512 bc383a677d72ea408da796399da1be5e8ec2dcbf8d80488ae5852a68ca69923092d0850a9ef389374518c365fde267ffc0647ecc8d493587af698ee3c320ed4c

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-handle-l1-1-0.dll

MD5 681ed6ef86b6504618ac1cbdc072a16f
SHA1 5b82157b61bbdbad2eb744c57d4263ac327e7ae0
SHA256 ca1b62f01363fbe818996592d8564a510f4bbd8e62694c24811633491ea20b3d
SHA512 b31dc6f10e3cca61880559fcb4033ca5311fa7c22157a3e02242dd38ef77592510c3a9c35ba30902bf99122ce3373b212bf56c8a0f8acff420c8acb2ae29129f

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-file-l2-1-0.dll

MD5 17468cdcf52d507d7d1a740323bad663
SHA1 c647494e52d5dde86bde8d850b1a49cd17024ade
SHA256 ae7f15d92e43bfb351363d149c89a0fad8453e2b2d08fdcb4d224c535a648fa1
SHA512 fef4616c4fd1521ca500fda0fac947e96a4b89b48c98847b23f42c6e8a34073076a39bcece01f19c546d0a734a9b688948fc34d425fd1ef36dffc378335881ae

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-file-l1-2-0.dll

MD5 5e2a9b9d83d943c4af82b6dc829bfe97
SHA1 22654769e7c79f1aa0e96a4c16dcb9ef865737aa
SHA256 902ffc6e350772803ac35568364005c09be5c5e5d3f18038e46e9316aed217ef
SHA512 d4a018aed49c84706038e118058832fe26d2727445bd6f4798ba9548f8afc5e746bde7a7329b0be5ddd106707983783932e7351b101cb729070b68c91c660ac0

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-file-l1-1-0.dll

MD5 7c2172d7a4a5373f848d37b0b3892594
SHA1 fad88dc4d478eaf5088693ba602bcb2bbdf63f58
SHA256 a332bba4c788c15461c7d702a308546d8eed41a1f997e0bb784719a935be3997
SHA512 8aec4073068cc4debf801497999b4cccf2f540885c10ce15468c379206380fe34a5fd5be9b556ad9c118ce9762d9a61651bb05d3c4820fa209f75b5bb5b4124b

C:\Users\Admin\AppData\Local\Temp\_MEI39882\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 6dda0dadb8ab57e1dcfff4f91dcc629e
SHA1 71603109a25e46dbc02180878a8d9ecc187dfadd
SHA256 0e3f2cc438cfe4e8a7ccacb2ff2e2b8f4a8db4f2ef4633bb70fec72bb122d90a
SHA512 21a8bc4b95e1a425d911f78ab49deafcc48a8c6a5a08a38f42431d1291aba6b55f81d7cc0160f2603b8b3ff38b3f24103c11064c786fdaede6556f5ea6476ef0

memory/4708-1363-0x00007FF9E80E0000-0x00007FF9E8609000-memory.dmp

memory/4708-1362-0x00007FF9EB960000-0x00007FF9EB974000-memory.dmp

memory/4708-1365-0x00007FF9E8F80000-0x00007FF9E8F8D000-memory.dmp

memory/4708-1364-0x00007FF9E8E90000-0x00007FF9E8EA9000-memory.dmp

memory/4708-1366-0x00007FF9E8E50000-0x00007FF9E8E83000-memory.dmp

memory/4708-1367-0x00007FF9E7DE0000-0x00007FF9E7EAD000-memory.dmp

memory/4708-1368-0x00007FF9E8E40000-0x00007FF9E8E4D000-memory.dmp

memory/4708-1372-0x00007FF9E5220000-0x00007FF9E533C000-memory.dmp

memory/4708-1371-0x00007FF9E8D60000-0x00007FF9E8D86000-memory.dmp

memory/4708-1370-0x00007FF9E8D90000-0x00007FF9E8D9B000-memory.dmp

memory/4708-1369-0x00007FF9E8610000-0x00007FF9E8C02000-memory.dmp

memory/4708-1373-0x00007FF9E8D20000-0x00007FF9E8D58000-memory.dmp

memory/4708-1378-0x00007FF9E80C0000-0x00007FF9E80CB000-memory.dmp

memory/4708-1377-0x00007FF9E80D0000-0x00007FF9E80DC000-memory.dmp

memory/4708-1376-0x00007FF9E8D00000-0x00007FF9E8D0B000-memory.dmp

memory/4708-1375-0x00007FF9E8D10000-0x00007FF9E8D1B000-memory.dmp

memory/4708-1374-0x00007FF9EB980000-0x00007FF9EB9A4000-memory.dmp

memory/4708-1379-0x00007FF9E80B0000-0x00007FF9E80BC000-memory.dmp

memory/4708-1383-0x00007FF9EB960000-0x00007FF9EB974000-memory.dmp

memory/4708-1394-0x00007FF9E5200000-0x00007FF9E5212000-memory.dmp

memory/4708-1393-0x00007FF9E8E90000-0x00007FF9E8EA9000-memory.dmp

memory/4708-1392-0x00007FF9E7DC0000-0x00007FF9E7DCE000-memory.dmp

memory/4708-1391-0x00007FF9E70A0000-0x00007FF9E70AD000-memory.dmp

memory/4708-1390-0x00007FF9E7D70000-0x00007FF9E7D7C000-memory.dmp

memory/4708-1389-0x00007FF9E7D80000-0x00007FF9E7D8C000-memory.dmp

memory/4708-1388-0x00007FF9E7D90000-0x00007FF9E7D9B000-memory.dmp

memory/4708-1387-0x00007FF9E7DA0000-0x00007FF9E7DAB000-memory.dmp

memory/4708-1386-0x00007FF9E7DB0000-0x00007FF9E7DBC000-memory.dmp

memory/4708-1385-0x00007FF9E7DD0000-0x00007FF9E7DDC000-memory.dmp

memory/4708-1384-0x00007FF9E80E0000-0x00007FF9E8609000-memory.dmp

memory/4708-1382-0x00007FF9E7F30000-0x00007FF9E7F3C000-memory.dmp

memory/4708-1381-0x00007FF9E80A0000-0x00007FF9E80AB000-memory.dmp

memory/4708-1380-0x00007FF9E9010000-0x00007FF9E903D000-memory.dmp

memory/4708-1396-0x00007FF9E7090000-0x00007FF9E709C000-memory.dmp

memory/4708-1395-0x00007FF9E7DE0000-0x00007FF9E7EAD000-memory.dmp

memory/4708-1398-0x00007FF9E51C0000-0x00007FF9E51D2000-memory.dmp

memory/4708-1397-0x00007FF9E51E0000-0x00007FF9E51F5000-memory.dmp

memory/4708-1400-0x00007FF9E51A0000-0x00007FF9E51B4000-memory.dmp

memory/4708-1399-0x00007FF9E8D20000-0x00007FF9E8D58000-memory.dmp

memory/4708-1401-0x00007FF9E5170000-0x00007FF9E5192000-memory.dmp

memory/4708-1405-0x00007FF9E50E0000-0x00007FF9E512D000-memory.dmp

memory/4708-1404-0x00007FF9E5130000-0x00007FF9E5149000-memory.dmp

memory/4708-1403-0x00007FF9E5150000-0x00007FF9E5167000-memory.dmp

memory/4708-1402-0x00007FF9E80B0000-0x00007FF9E80BC000-memory.dmp

memory/4708-1406-0x00007FF9E50C0000-0x00007FF9E50D1000-memory.dmp

memory/4708-1407-0x00007FF9E5090000-0x00007FF9E50AE000-memory.dmp

memory/4708-1408-0x00007FF9E5030000-0x00007FF9E508D000-memory.dmp

memory/4708-1413-0x00007FF9E4E10000-0x00007FF9E4F8E000-memory.dmp

memory/4708-1412-0x00007FF9E4F90000-0x00007FF9E4FB3000-memory.dmp

memory/4708-1411-0x00007FF9E4FD0000-0x00007FF9E4FFE000-memory.dmp

memory/4708-1410-0x00007FF9E5000000-0x00007FF9E5029000-memory.dmp

memory/4708-1409-0x00007FF9E5200000-0x00007FF9E5212000-memory.dmp

memory/4708-1414-0x00007FF9E51E0000-0x00007FF9E51F5000-memory.dmp

memory/4708-1415-0x00007FF9E4DF0000-0x00007FF9E4E08000-memory.dmp

memory/4708-1419-0x00007FF9E4D70000-0x00007FF9E4D7C000-memory.dmp

memory/4708-1418-0x00007FF9E51C0000-0x00007FF9E51D2000-memory.dmp

memory/4708-1417-0x00007FF9E4D80000-0x00007FF9E4D8B000-memory.dmp

memory/4708-1416-0x00007FF9E4D90000-0x00007FF9E4D9B000-memory.dmp

memory/4708-1425-0x00007FF9E4D20000-0x00007FF9E4D2C000-memory.dmp

memory/4708-1424-0x00007FF9E5170000-0x00007FF9E5192000-memory.dmp

memory/4708-1423-0x00007FF9E4D30000-0x00007FF9E4D3C000-memory.dmp

memory/4708-1422-0x00007FF9E4D40000-0x00007FF9E4D4B000-memory.dmp

memory/4708-1421-0x00007FF9E4D50000-0x00007FF9E4D5C000-memory.dmp

memory/4708-1420-0x00007FF9E4D60000-0x00007FF9E4D6B000-memory.dmp

memory/4708-1434-0x00007FF9E15B0000-0x00007FF9E15BD000-memory.dmp

memory/4708-1433-0x00007FF9E39C0000-0x00007FF9E39CC000-memory.dmp

memory/4708-1432-0x00007FF9E39D0000-0x00007FF9E39DC000-memory.dmp

memory/4708-1431-0x00007FF9E39E0000-0x00007FF9E39EB000-memory.dmp

memory/4708-1430-0x00007FF9E39F0000-0x00007FF9E39FB000-memory.dmp

memory/4708-1429-0x00007FF9E4D00000-0x00007FF9E4D0C000-memory.dmp

memory/4708-1428-0x00007FF9E4D10000-0x00007FF9E4D1E000-memory.dmp

memory/4708-1427-0x00007FF9E50E0000-0x00007FF9E512D000-memory.dmp

memory/4708-1426-0x00007FF9E5150000-0x00007FF9E5167000-memory.dmp

memory/4708-1436-0x00007FF9E5030000-0x00007FF9E508D000-memory.dmp

memory/4708-1438-0x00007FF9E4E10000-0x00007FF9E4F8E000-memory.dmp

memory/4708-1437-0x00007FF9E1580000-0x00007FF9E158C000-memory.dmp

memory/4708-1435-0x00007FF9E1590000-0x00007FF9E15A2000-memory.dmp

memory/4708-1441-0x00007FF9E1540000-0x00007FF9E1576000-memory.dmp

memory/4708-1440-0x00007FF9E4DF0000-0x00007FF9E4E08000-memory.dmp

memory/4708-1439-0x00007FF9E4F90000-0x00007FF9E4FB3000-memory.dmp

memory/4708-1442-0x00007FF9E1480000-0x00007FF9E153C000-memory.dmp

memory/4708-1443-0x00007FF9E1450000-0x00007FF9E147B000-memory.dmp

memory/4708-1444-0x00007FF9D6FE0000-0x00007FF9D72BF000-memory.dmp

memory/4708-1445-0x00007FF9D4EE0000-0x00007FF9D6FD3000-memory.dmp

memory/4708-1447-0x00007FF9E1400000-0x00007FF9E1421000-memory.dmp

memory/4708-1446-0x00007FF9E1430000-0x00007FF9E1447000-memory.dmp

memory/4708-1448-0x00007FF9E13D0000-0x00007FF9E13F2000-memory.dmp

memory/4708-1449-0x00007FF9DCE80000-0x00007FF9DCF1C000-memory.dmp

memory/4708-1450-0x00007FF9DE190000-0x00007FF9DE1C0000-memory.dmp

memory/4708-1451-0x00007FF9DCFC0000-0x00007FF9DCFD9000-memory.dmp

memory/4708-1452-0x00007FF9DCFA0000-0x00007FF9DCFBD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_peo5e54b.qed.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4708-1508-0x00007FF9E50E0000-0x00007FF9E512D000-memory.dmp

memory/4708-1509-0x00007FF9E50C0000-0x00007FF9E50D1000-memory.dmp

memory/4708-1507-0x00007FF9E5130000-0x00007FF9E5149000-memory.dmp

memory/4708-1506-0x00007FF9E5150000-0x00007FF9E5167000-memory.dmp

memory/4708-1505-0x00007FF9E5170000-0x00007FF9E5192000-memory.dmp

memory/4708-1504-0x00007FF9E51A0000-0x00007FF9E51B4000-memory.dmp

memory/4708-1503-0x00007FF9E51C0000-0x00007FF9E51D2000-memory.dmp

memory/4708-1502-0x00007FF9E51E0000-0x00007FF9E51F5000-memory.dmp

memory/4708-1501-0x00007FF9E8D20000-0x00007FF9E8D58000-memory.dmp

memory/4708-1500-0x00007FF9E5220000-0x00007FF9E533C000-memory.dmp

memory/4708-1499-0x00007FF9E8D60000-0x00007FF9E8D86000-memory.dmp

memory/4708-1498-0x00007FF9E8D90000-0x00007FF9E8D9B000-memory.dmp

memory/4708-1497-0x00007FF9E8E40000-0x00007FF9E8E4D000-memory.dmp

memory/4708-1492-0x00007FF9E80E0000-0x00007FF9E8609000-memory.dmp

memory/4708-1496-0x00007FF9E7DE0000-0x00007FF9E7EAD000-memory.dmp

memory/4708-1486-0x00007FF9E8610000-0x00007FF9E8C02000-memory.dmp

memory/4800-3933-0x00007FF9E8A40000-0x00007FF9E8B0D000-memory.dmp

memory/4800-3962-0x00007FF9E7DD0000-0x00007FF9E7E1D000-memory.dmp

memory/4800-3961-0x00007FF9E7E20000-0x00007FF9E7E39000-memory.dmp

memory/4800-3960-0x00007FF9E7E40000-0x00007FF9E7E57000-memory.dmp

memory/4800-3959-0x00007FF9E7E60000-0x00007FF9E7E82000-memory.dmp

memory/4800-3958-0x00007FF9E7E90000-0x00007FF9E7EA4000-memory.dmp

memory/4800-3957-0x00007FF9E80B0000-0x00007FF9E80C2000-memory.dmp

memory/4800-3956-0x00007FF9E80D0000-0x00007FF9E80E5000-memory.dmp

memory/4800-3955-0x00007FF9E89F0000-0x00007FF9E89FC000-memory.dmp

memory/4800-3954-0x00007FF9E8A00000-0x00007FF9E8A12000-memory.dmp

memory/4800-3953-0x00007FF9E8A20000-0x00007FF9E8A2D000-memory.dmp

memory/4800-3952-0x00007FF9E8A30000-0x00007FF9E8A3C000-memory.dmp

memory/4800-3951-0x00007FF9E8D00000-0x00007FF9E8D0C000-memory.dmp

memory/4800-3950-0x00007FF9E8D10000-0x00007FF9E8D1B000-memory.dmp

memory/4800-3949-0x00007FF9E8D20000-0x00007FF9E8D2B000-memory.dmp

memory/4800-3948-0x00007FF9E8D30000-0x00007FF9E8D3C000-memory.dmp

memory/4800-3947-0x00007FF9E8D40000-0x00007FF9E8D4E000-memory.dmp

memory/4800-3946-0x00007FF9E8D50000-0x00007FF9E8D5C000-memory.dmp

memory/4800-3945-0x00007FF9E8D60000-0x00007FF9E8D6C000-memory.dmp

memory/4800-3944-0x00007FF9E8D70000-0x00007FF9E8D7B000-memory.dmp

memory/4800-3943-0x00007FF9E8D80000-0x00007FF9E8D8C000-memory.dmp

memory/4800-3942-0x00007FF9E8D90000-0x00007FF9E8D9B000-memory.dmp

memory/4800-3941-0x00007FF9E8F80000-0x00007FF9E8F8C000-memory.dmp

memory/4800-3940-0x00007FF9E9010000-0x00007FF9E901B000-memory.dmp

memory/4800-3939-0x00007FF9E9020000-0x00007FF9E902B000-memory.dmp

memory/4800-3938-0x00007FF9E8E40000-0x00007FF9E8E78000-memory.dmp

memory/4800-3937-0x00007FF9E80F0000-0x00007FF9E820C000-memory.dmp

memory/4800-3936-0x00007FF9E8E80000-0x00007FF9E8EA6000-memory.dmp

memory/4800-3935-0x00007FF9E9030000-0x00007FF9E903B000-memory.dmp

memory/4800-3934-0x00007FF9EB960000-0x00007FF9EB96D000-memory.dmp

memory/4800-3929-0x00007FF9E4E10000-0x00007FF9E5339000-memory.dmp

memory/4800-3923-0x00007FF9E8210000-0x00007FF9E8802000-memory.dmp

memory/4800-3932-0x00007FF9EB970000-0x00007FF9EB9A3000-memory.dmp

memory/4800-3931-0x00007FF9EBA40000-0x00007FF9EBA4D000-memory.dmp

memory/4800-3930-0x00007FF9EBA50000-0x00007FF9EBA69000-memory.dmp

memory/4800-3928-0x00007FF9EBA70000-0x00007FF9EBA84000-memory.dmp

memory/4800-3927-0x00007FF9EBA90000-0x00007FF9EBABD000-memory.dmp

memory/4800-3926-0x00007FF9EDCC0000-0x00007FF9EDCD9000-memory.dmp

memory/4800-3925-0x00007FF9F1FF0000-0x00007FF9F1FFF000-memory.dmp

memory/4800-3924-0x00007FF9EBAC0000-0x00007FF9EBAE4000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P3RJMKM0\www.bing[1].xml

MD5 d7ef3f76748febb1518010074ffc62b7
SHA1 4372ac3e182a97b69b214e22665de390cf01c811
SHA256 b30dbe25dcf98777e2470cf8ab6afb6dcc3851742b26e9d9d98a9d25905fa917
SHA512 7d60f680ea27b9b16805f627a584fcfaa8989227787a069870fef1d1c00d03d6cce0a35ba12e03b30a3f4be49b5c7b61c8d660daf495e8a8ca352b16a16a75fd

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P3RJMKM0\www.bing[1].xml

MD5 19f515e4b519e41a37524f9221272884
SHA1 6c775969aa91860b07d0a7b37b40d99fc7b01aa2
SHA256 59653bf58370d4935d8a21b2a9a8003ad3dd1dcd12fbf298687df39f8320db81
SHA512 81a61dac36bc47b65a0b93fd0c33232b40e4224101fc9e827b838a53a077bad5d3e61b63f49662cc68a299ca1b7308de553912694ab053335f5e5d3bcdc1f9a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9efc5ba989271670c86d3d3dd581b39
SHA1 3ad714bcf6bac85e368b8ba379540698d038084f
SHA256 c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3
SHA512 c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 302c3de891ef3a75b81a269db4e1cf22
SHA1 5401eb5166da78256771e8e0281ca2d1f471c76f
SHA256 1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58
SHA512 da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4b441ed279ec2993c7f6b8234c7a431a
SHA1 6a40a86b33f242a0d8ce2ddabeb549de5d296ceb
SHA256 e8af9dcfc79ef3fc36c60bdec1ff409d0ca07774e0e6749e2ce134fa38c96612
SHA512 96baa79a9167b95e10271d9ffa3ca510f87964424d603fc0b1aec7f02c1191cb825c301975c6a2fdee904ef8a5af84fbeb71de4eb3df892b8f2445c85e74f659

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\Q5FG062S\trans[2].gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\activity-stream.discovery_stream.json.tmp

MD5 0849557bc9126ef2a3f1103f2774f8f7
SHA1 c4a2e7768e2e78b19df74fb9a2f4f83444afe67c
SHA256 04195963c8dfb2b18ac8115f872a5a771f127a2a083e2cfd08fa5fac3d14d216
SHA512 9e61a6934983443e09959e3e11bacd999b66daf922d857fd7db63ac9d345596a9379012752409714df2ee6f291a99a046a47461c55ac9ee6f41bbf9ecd49500d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\1c007f16-b1eb-41bc-922a-72d8e7343077

MD5 4998558eeb78fd97dd9d868738d70ff3
SHA1 a78264dedb61a734aa360ca56f237999ebe87519
SHA256 60768dd198578a9857263c0cff01ce2eb3084dcc69b10f62e6945ccfed518a4c
SHA512 825148c33c69b2d233a93a0930c7231e300e778bbcf159d645d2499b43d4b9d69dd26101b64ffef51af745e7856f42a13f6ce0233cf169f8bbb03a0ca5ff27ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\14300f16-e3fb-4745-a406-1746ec3447f8

MD5 782634bd7aa4d335b5b725d22872bf04
SHA1 10b242ac105aef94131eb1343c77f28d323d4a51
SHA256 991ea6a19652aa49957338a2ff25dff80dea410ee13f22449a3969216f38c3f0
SHA512 6e53fca627b5e9683fdba2346148a328ef0ae4cec2bd39318e607deeb9c37e74e3e66db2e65b6679a676bc2bb0065a749fc74f4bd34e3b7f121c4464bcc87e2e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

MD5 83417064b4a80aa68914fefa3a55dc7e
SHA1 b52fbefb0d9af92489ef12352c852dfc74e2aed4
SHA256 2477ef4727ece23194f60724a6339ccbaf48274a3ccf299f325c570e0d6ebca3
SHA512 1f4b77b82bc9e3d573d177ec1f1c8f87c6c915468ff8960682cc9d95081c164a9aca00a650154e5db255f0e1386466af06d32e0a4748b3c37cfc7bfddac2bfab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

MD5 41a2b4ab925686af5aa42c43b704a7f2
SHA1 354c955633b26cb8e96c0103587dbf018ddd0526
SHA256 5dca873c466c5440298c358dd4b8265711a532974b91c0048b49a60e97cee6c8
SHA512 a9e8c4da7279465f9d488db274ca67eafb6c9437c6bc78bb287557c485aa79e5652fce9630fe3ecd25261c288d7ba22103385f77ecbc6c8d090c33b3ab952502

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P3RJMKM0\www.bing[1].xml

MD5 37ccafed49012b6139ceff9c72d185e8
SHA1 26fa9cf01364f062c1c06194df6ba662bb87dbeb
SHA256 33674f9ddd8b86fe13a5a6a11b4d11dc5e3a82230c7e82af0c65f5bb74c07b12
SHA512 76e0a52ca97ecb1f6cd936f531e0b023dc6f64c782b06f168df18d1134a13e3fc2cee56c13ee44e44a1e243f48b1df151c6cc5552f9311a35dc79d2883ae5d36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js

MD5 7fada09335cfed9af4d0da61f48f8736
SHA1 58b8910ef85825a77c5cbc298958dbdc04de01d3
SHA256 857876d92ec3f01cc87ef95b5309f7cce28c9896679e9c74ef63f2eaf19ef306
SHA512 a69e11978dd09b3e23c28d70c77674aafbf3121991fc0877425ff81f268c0af1acb44ce1d5d81e376e5825b9a31a488fc0b5053c2964eab7c4c2086cbbb9e63d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js

MD5 4e38c59ae4e3e093fc1fa35130800078
SHA1 7551205ca3a0ea0689fbb579f2b896f5d798d0e6
SHA256 a88ef379fac146e3d1d18865da58cb146474f3ad3d582a60a3d0ede70fc9d2f3
SHA512 608c62de3b777768f480f5874edc9d0c2993bf27db349ece994f58b2bdf68a85abca5997caa33c4f4e5ccf17228cada10e6b8da0e46dceb76eac332972460d46

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

MD5 d15f007ac40dc54125d63bdbfddce728
SHA1 6708238673eda15f61acd091a5cbd3a2eeec7763
SHA256 4f38d6498b8178fba98e9a5de798563f7a139641ab0e367907bbfb5db7cd157b
SHA512 02d28573c362d1f4a059366290353265f7382b452b7fd74742c8572233c20fe6bd7dd59a80b6ea5b347b8cca2a9b7061556a3722f61abef6434280f0963abf14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8bd98abc9ea1431866f6356d77302b3b
SHA1 bcd3113246c80184f33fe60e3d34e69d7124e9c6
SHA256 9fd8f2f195a4b8953c42dbb35b48e0fd81c002d7df10b263abccf02fb36f3284
SHA512 3a63697a8c4e22edb6253031da54eb468289740b1dfa6ba8f9f21c668678a45cecd16f54bc745cc115f8397eb5c6c03d6e05cfc301d9e851ac6aec31345a5d61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45e16dee550295242dff7fab9d96d6e6
SHA1 21bcc61d4ebc22c8f4bc47057ae9a34eb2f2d03a
SHA256 ee82bd23795e786f3443e284cd9d6ada0ed2f093776de15ef63608e28b61c2b4
SHA512 87e80676cd6416513074496a9d95ab5182033bc560a5365863f3335ab9f08a791110f0c45a00d134dbda7ab6b1d7b6827663e345b767d8e7fbde4e8bea1ac67b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a3483a5b2b28f820ac8a407a7d85f12d
SHA1 32f5063bb75ce0adbb21710d50f4ee5c5bafcc81
SHA256 b5af1af959b0e853af52fe89a87f0484ec6f8a517f369758c907282c40ab4f16
SHA512 66230b675869278445f42278a84e4c39db356541d58f307ad7504493174a82edbd148a15660b1ad22e458ceef6eab48339ad151f48e97e0b41101e23aea528c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc0e67e89441d1d643e7bfc8c4dd7a51
SHA1 c6fa0d30ab77e245ed7b426fc16557a4093c42fc
SHA256 5bb71bf75290222bb6b5db5222ca2c01961a990d186ddce3b4f9f440b4d3aba1
SHA512 95aa5ef74604907c059fac5e6f999b0bba8e905bb013e0bee81f20307ddab3799dff34af17a22fd7ae124d5aa9fd61e742aeeb2c620b4c34ce4beab87cdd3be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bc0478d3f4160bc996942e64936ef89
SHA1 39814c321f7d0b9b1787efb5edf880eb63a90b6d
SHA256 51bd9f5b684e4d1a5d0e1b80f161b833d45f76f451087e862361738ad3d518f4
SHA512 e986dd95184d29aaac71da53fc7636c92d02e7035a592588a290c80ac3b6a52df4ec4a7318eb9f6a0bfb3079ff853d65ed4462fa651e5d34ddd486fde58d9397

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

MD5 7d3a74ccb1710aa1314c1fd4c3e87f21
SHA1 ad0d82a513a2a1c174fa9d6220790158c8109d60
SHA256 e7a47d0d4523d4d75d2c762b9f2bc4248e2c5da0360b092c64c055c3625c005d
SHA512 3edec055c9a4189208831d4f16fe03b5061ac82c74b98c8efa5bdf1ba19ca5815d83e21f546a33b3a1bf185491e3b774421fd7ad4d0654138023cdd8a3036a2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f25e1ee9552690393ac76c748ad7a12d
SHA1 68143535bd7e9dc761ade7b7c204b71afc15739c
SHA256 b96f0ced2ab61602a640f168f4b9e8682fbbe5e3fbec1cb3e67955da85aa63a2
SHA512 e8b7dcb75d8ac2460a41b5725996303ad826e7e6847e921fc378c4627a5bdbb8cb2d8da054fd3c57d8566da71bbb3271c71cb16eb55662c175f29742304f6543

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

MD5 167b612497d605027da5a1ef827019f3
SHA1 30ff7ceeab9e1bbdc885026842c8d9853183a505
SHA256 3cd26f782f251d118fa4e86516ffdffe60a9e68df07233af31e2d27cbdc24a54
SHA512 e93544246df2e3475a37b4e4c7af3b889015e594ee0940a6d439ce9a60a216d1d07bc784ad6b45f85b467cd0884f68beb0e1ccbdeb20711a5f7f66e158f1b262

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

MD5 eac96ff465631c98a3454fa4e35be89b
SHA1 eed2a43a9458e794e37bb013430637ea96efbadb
SHA256 7031aa2a88b5034eba0fc43f9014ed0f8772944bf564fbffae80283440303ffd
SHA512 ed55db48c6154bd4867912e23f59190b2149b75882d5ce54778244b5acc30db903725ad1414cae5d1e855d9236171f554e5b8288344c762dd9c55f3fc320526b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

MD5 5ba9c45df870b41410a4c698096cf890
SHA1 3ae537893334136c61269a89ee71d32be4174fe1
SHA256 9d1fda752548fac32c15ca8268b95fcea3355a6969a9fee07ff9e877bb14435a
SHA512 293a4e96be721b9f7551a700cbf02345f15790b7bef41e861a564455f55070004ccea1a5fb67253cc29168be150e9d768422b622d35e5658f49743a713af6ffe

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9480665c80bad074f89422b07372490
SHA1 33fe052f8da1fa3173399640d3ab3bcc4e9350ce
SHA256 ec483694bec7094ecd3d281a27560d67869796884e864ef014fadb804f106f4d
SHA512 beb722574dc81de6288f545ac61d6db5ae58a84cbf170f37dc410d7079545163b090a0ed920dc9cb85f016de7c022b2bea0e8f307b8c098fb1623217b2969b58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 223b7f4d65ac8b49a23ad4d27f73b95f
SHA1 7a334c45f57fbabab9d6b3955a6eef66f15f8948
SHA256 cf89df377765f0e9c4cfa3ea129410a718a51ee41a4dd1016bff06b9c6a2be60
SHA512 7770a672fbe26b1a82834e3d5ad36e41ffe6744a54125746c522ae6dbb75c4af5f1486e205515a57ccf914a9d1524a352fd257b1544d71004c99363630e179da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

MD5 1a9f2b7c3b5f2c5a140f11a4d2017740
SHA1 acb6ed92e0e687442fb6d55e98f6d3da4c16050b
SHA256 5934cf91fa168d19365c55f1a50aa5b1611f76a87b96cd3b59d5c28d8387b082
SHA512 77ec0005d46b3a9f30c4a76dcac362e3459a7b667eace609e631b84e269e9b31055104c6382170f4a4cde48b6cbb7ea1ebb30785b586cb138bfe5e8a74c920fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a150137aae9522967d2f62c794ab5d4f
SHA1 4c2a1dba22a569dc7804bdb886e031e70960e08a
SHA256 8839c7379755c0859121d8df28c97c336eb01edeaf23b3fa20839144af6a4d9f
SHA512 1dc2dd68bcc63e5aec8cc6573de1c95bd1e7814c995c49305e9a6ec1a585a2b64ce132592bfadcb8adbacc8b6daa87bf30fdef58a12024f3f94b70770b9bcdc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f3b45c43b844adf48cb398819aa29c8
SHA1 8bdaada4f81f360bab3ab65349655193be79129e
SHA256 2ffe0e468b1ab3c2e912aeb18db3a833b0ac1efd3a7cafed48727dbc8b16bf70
SHA512 59f5b0a4422d72be85f8d2e52bdc3048d6113856cfc2e512b721d20fb5c55d0f3e04141126225b75a2e7bfbf2498857fb9a039e843f73877ca1fb5db460db5e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 db39e42349bb1eef473d8e846808a616
SHA1 bc82a937545938d32b36c2e1a7ca03666707bccf
SHA256 088d283b591836f8b591708bb15a8994f595343734354e833160c950b8b7a935
SHA512 e6fde009fcdeb4a08514cde31796dbaa188a94fb408861889cd9faf0ae42f45d390a536faa45e7caa22b0763561868147f9308bfa224399d9c7994a8c71333e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

MD5 5af3380cadcf610f7cb6c0450a4bb12b
SHA1 d0b730b63fe0557d34f8f10b49923cf42b24be50
SHA256 b93902c17af8f3c09c70f1e367247290fc43c4986165f3e404d8b79a69d0649c
SHA512 4b88ab0dc6184f158dfc808a7a337c989955a97628e2fce476c4b549c4ba0ee59dc20e3e77bbba0845b75cc5b742e0134b8005ff73822786227ac180f265d33d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\AF01FDA5AD9AF7E2CA8284AFE502D6D83BBD4423

MD5 e07330a7dd557d9f115a822087e05de1
SHA1 1773668604675a1ccac3957b4f84bd69283ee0df
SHA256 de306a7461de8774b2e215e1204993a4e6cdd72d232eec5b26e919489120d676
SHA512 83f5ccbe8184bc7cea8514c8996b66aeaeae97beb4a61f8997c465b5f730a457c3a67a912d955ef30ee00a5edbd89a40c1461dc4942505578db65681ab6de544

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\43993BC30981A64A702FA26B68ACF037309F2A6A

MD5 42d41bb2f5f9daabf72c4ac159750440
SHA1 c0a9c255f7ddf6ea66327b196b33ad1425bc6a4e
SHA256 763e5113e5d38a62b0f6afe5a775e8a9fb2dce9bb5ce1f86e19a164489f6d4b3
SHA512 48160726bdc93d819bc0e974a1280e25ce78439d85033a48ad1d24afc0f4b03f4a3aa25611be92990512636391f8a7808089e9ba0143f39abe57840a9275315c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\6A4C1BCC50629D17B7823B73CD8B2F23B86F00B4

MD5 67d29b3ca5b0970b76a3e8797a5e9824
SHA1 8cfaf27bf3808b9d158b2e9881277e23c07c7ddb
SHA256 390e6b25a4d68bf8472288915ae0e64d3e5edd8b11eab8e9865756c30f41bb87
SHA512 9c13813487a5e92b28b6815145c76198972ab18e16f84432bf0563b10493d1c23e4c4ffce2e1e317f166d4b20537b237d2da24b5d855c6ad2226ec2d1498e435

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\581B18B4C79478759A7832C2496673BAF0EF315D

MD5 153ba5b1e5b6ccae734715fd3a1b309a
SHA1 33fbf22682eaf94b08351614dbb6bad3dc9d81e3
SHA256 a5423f8c42bb7e0ae212029b7befe44bbcbe5084f51c9dd01e624248e9e51bde
SHA512 1f0c6cdad01b8eb9d94bb0092a0771e3b37ef2b36b2db2837904fce0003f0837b5cbd0b2a1d9c010146cc7b9663d7737079f6acdc3d3aa6738e7be1e8d5e9601

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\41197BDCD07FADDFAFB2BE060D7323B81DC8A99C

MD5 a988f8ec8c4d1d4adb4979ea02a6aef7
SHA1 835ef9d5fd82afc354f26dbe4448fa9177e4906f
SHA256 7c9fea556a2405dfb8ace0eeb464416a65e81fbd0df131a13c65d6655ce037b7
SHA512 f085a205fbb037f5ed2548e2486ad47cee34092f9a65ec771f73479fba33f516aad21e14dac8fab4e4c638210bcce2c2e5ce467acf5faad965e638617acb7a7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32f14882921d1310b579db6199508439
SHA1 67520681382c3decc50eec8f932a69c4a3a04d2c
SHA256 78cc11d91a28fb48dd6e19330c67ce1be989643dd0b20c0e2969d0845f530fa7
SHA512 98d3e20e3864afaecec5f5ed1a04e5ff19a7404fe6b2b2046d8c73880e356bed66c3deea751ab7f8ebf31273c3d67f9ff67a3d9c233e00346089d34b9e1ec46d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\17B45B9C15B7E3BBEEA873127FD3DB8A0AF06F2F

MD5 7cf4fb3ee1fd5b24c8d08a66631b4b4c
SHA1 c56b23e974df6fe01083b82b35abfca3a5cd4b9a
SHA256 9b0b9c1a7b16f2176748d23c5de35848902fd33af27947bc4bd01ee6d4ece102
SHA512 259c233bbc5aa6f0a4fe41aa5ba05522c5eefcf23cc4b90ac04c0cce2026ebd4c5a8f0a4872d89f8ffe220b31c0f783798cac7cda85806535cae9ab85dd8fc36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\doomed\17658

MD5 f5d8857655d77c5ef296b3b3c5519c08
SHA1 7f0aa6dc35d8be903c6cd3017011c994e3f8fba3
SHA256 cd6bd3e36b1d2338006009458149f8764d30bcc434a171a126f726b5359ade83
SHA512 99256bbe88cbe0504f3dbb86105e7bca338a550fe9d3c4151dacde05b1e3d8cccecdf1b585361afe5647837d818a3c226c30d3cbb01419350dfadcca7aa1fc9d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\E92AD7F089BE454A630F4BEC36513575295D1312

MD5 fcdf48d5c9ff5e1375d28c620cacf8d8
SHA1 338700d6923887d0749709d92dc549337e1f8c2b
SHA256 3f060129b7ad00a9ef915cecdbb0b0beb9dbb2b971876235c3ead121a92c94a2
SHA512 e5fe34c6ed41558068d9f94795663f60062a6cd28b0030dadc74ff19622894fa2db15da71317500aa6d316006f546d9ab36ac5ebee8d4577892abc74ec321f31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

MD5 e54c1410efa39042960f248cc4e8863c
SHA1 23b6fbc6e30f943cc15b5e41278b1b968d08ffc7
SHA256 b23ce2ac1b830dda843aea26fb0d941cfcbeef667fa684ba4d11058c619080b8
SHA512 3edf7f9441950632481f41020ad05993f17118cce443536bd56c2cfbb2b1b91f4f498f4b18f72b9eef4c7bfda9001d253b38c3d0a2718e0ab075df9ca1c3e1e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\5CEA099E36447F7D5F60A06021D0686224BAFF39

MD5 975a40d3230dc1ada35492ed812513f8
SHA1 957f75ab1e00553d6d54cdaf8a2fbb888658c624
SHA256 3c666ad6dc3ee4e95fda900fd333637fac0bc564f6db9518d115adc08b66c4f4
SHA512 8d16f94d670ba61951e07795d06c7cb1b84a0b982f9dd2ea098cc1fce0ce9f4bd7b3b18e6010bc17eb704ac74d266c0d8346e6aad36692a1f6b54e2b3f738a73

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\1247D9BEA0605D24E4E60936225C651B58A7CFFE

MD5 59b7e830d3ea160942dd77e97a92444b
SHA1 bd67d7ede6c5937af8f10c8ec3a4a6932a354e07
SHA256 50a0e3f91bf1f33e7f6f190255469345fa6575bec447f047743a1e8dfa169224
SHA512 d7ef889d8294ea4fcebd14e574fb5c5e8a359e81af76da3f1d8bd8af9b2e2b3bad675884a28c3b95325eb50bbcb0cda18e1590da4efcb5bdc67d84a3b6ad2ba8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\E677A2EF48A8BFD2FFFF38AE33303ADAF665A39C

MD5 1b2550a25e18b517fd7ca5bc4ef7dc02
SHA1 7e81d43c5f1be1353e2c4d2ce2c911c049950301
SHA256 3f686074f07d4399284ffe8d27483e4255eddacfec667e04598522f2c7dfbd94
SHA512 fcdbab0de3ae7105cb5f84ff4f2bd3958288d7faf5102abd4e7d3ae019761275bff3ecde88e162fe2c3bc1ff95b205c40965a5555ecc8f41f16ad35a5177a51c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\F13E79D0B5A5E4365055233CEFC8AB2D33E0375C

MD5 e619149aae34e1d56e8f828e5b4dd884
SHA1 f213913365dad6f4aa81dbd026bbb9286e09ed0f
SHA256 5de16eca15c8db8d1d47b929b7c98b22a0758a7384401007ae0f0877ede75e7e
SHA512 5afdabb8a6af7b5eb8370ae570e0aaea440a023aec9c1c110320ae2a84008bae729e371d8a9beb44eb278c88252189ec90bec459a14837a20db1e64ca0b7181b