Malware Analysis Report

2025-01-19 04:37

Sample ID 240809-p18m4avbph
Target MSEdgeRedirect.exe
SHA256 5c52dbabaa238202ddc0326d33edf8e48ae90f7f29490fde236f334769ab86d2
Tags
discovery execution microsoft defense_evasion evasion persistence phishing privilege_escalation ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5c52dbabaa238202ddc0326d33edf8e48ae90f7f29490fde236f334769ab86d2

Threat Level: Likely malicious

The file MSEdgeRedirect.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery execution microsoft defense_evasion evasion persistence phishing privilege_escalation ransomware

Modifies boot configuration data using bcdedit

Blocklisted process makes network request

Downloads MZ/PE file

Drops file in Drivers directory

Modifies file permissions

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Power Settings

Checks installed software on the system

Enumerates connected drives

Detected potential entity reuse from brand microsoft.

AutoIT Executable

Drops file in System32 directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Command and Scripting Interpreter: PowerShell

Event Triggered Execution: Netsh Helper DLL

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Modifies registry key

Uses Volume Shadow Copy WMI provider

Disables Windows logging functionality

Suspicious behavior: MapViewOfSection

System policy modification

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Runs net.exe

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Modifies registry class

Kills process with taskkill

Modifies Internet Explorer settings

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-09 12:48

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-09 12:48

Reported

2024-08-09 13:19

Platform

win7-20240705-en

Max time kernel

1558s

Max time network

1559s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 588 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 588 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe

"C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe" -NoExit -ImportSystemModules

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feef9f9758,0x7feef9f9768,0x7feef9f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3272 --field-trial-handle=1368,i,17668463849739480308,8748990071417652288,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.0.490906654\1044016543" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cdb9a15-0e4a-4fb7-836e-a5d88c849289} 952 "\\.\pipe\gecko-crash-server-pipe.952" 1284 121d7b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.1.1099981074\615677979" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0a01668-c0e9-4a27-ad92-5066a260e4a9} 952 "\\.\pipe\gecko-crash-server-pipe.952" 1476 d71658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.2.681116798\131660104" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d88fb819-f83f-48db-b367-7daadea74187} 952 "\\.\pipe\gecko-crash-server-pipe.952" 2084 1215fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.3.597078303\1572268635" -childID 2 -isForBrowser -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6071675-8aae-4c65-a392-3f19c7079793} 952 "\\.\pipe\gecko-crash-server-pipe.952" 2828 13673f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.4.1394741483\561495224" -childID 3 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d01cbf-6606-4c99-a584-54b412e601f6} 952 "\\.\pipe\gecko-crash-server-pipe.952" 2932 d62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.5.176799673\155136927" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {477bcb89-1f0f-4908-b941-bccdb8f01aaa} 952 "\\.\pipe\gecko-crash-server-pipe.952" 3816 1a8bd458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.6.1078734103\1384379874" -childID 5 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31cb8bd0-d6ad-43d1-9720-0cb6074229a2} 952 "\\.\pipe\gecko-crash-server-pipe.952" 3912 1a8bf558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.7.8784691\2095281378" -childID 6 -isForBrowser -prefsHandle 4184 -prefMapHandle 4188 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18a4c932-3ea9-4f20-bce2-3e06638ad3e9} 952 "\\.\pipe\gecko-crash-server-pipe.952" 4172 1a8bce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.8.452582364\345053984" -childID 7 -isForBrowser -prefsHandle 3568 -prefMapHandle 1072 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9490bf8-8c5f-416e-8013-a8a0ef353a8c} 952 "\\.\pipe\gecko-crash-server-pipe.952" 4172 228f4b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.9.1132428774\411747829" -childID 8 -isForBrowser -prefsHandle 3572 -prefMapHandle 3188 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6458ad9f-e2d8-4b77-abd6-72fb86371e44} 952 "\\.\pipe\gecko-crash-server-pipe.952" 3600 24f8ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.10.1545083500\546609752" -childID 9 -isForBrowser -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {596f89eb-7a90-40b4-b4d3-c40e71a2bbc2} 952 "\\.\pipe\gecko-crash-server-pipe.952" 4868 256bdb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.11.352989905\439032952" -childID 10 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {005c5ec6-8c44-4973-8dc9-4c82e9a2ce71} 952 "\\.\pipe\gecko-crash-server-pipe.952" 4968 256be758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.12.1798798599\638986506" -parentBuildID 20221007134813 -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 27070 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3c4ccb6-8e88-4888-b5bc-85afbabeff1f} 952 "\\.\pipe\gecko-crash-server-pipe.952" 4888 11816558 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.13.545533305\1005719000" -childID 11 -isForBrowser -prefsHandle 9304 -prefMapHandle 9272 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd479bac-b1e7-49bb-8eaf-121d6a4bb72b} 952 "\\.\pipe\gecko-crash-server-pipe.952" 9232 23950a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.14.245880648\1599647984" -childID 12 -isForBrowser -prefsHandle 9248 -prefMapHandle 9232 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8bcea6d-3b5d-439f-b54e-ae39cd7c70d8} 952 "\\.\pipe\gecko-crash-server-pipe.952" 9048 200a5558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="952.15.1232126023\2012635544" -childID 13 -isForBrowser -prefsHandle 8912 -prefMapHandle 8908 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c67da991-244c-4622-bb8b-e43ef421a2e0} 952 "\\.\pipe\gecko-crash-server-pipe.952" 8920 1c32d558 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.fcofix.org udp
US 172.67.202.35:443 api.fcofix.org tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 crl.microsoft.com udp
GB 173.222.211.50:80 crl.microsoft.com tcp
N/A 127.0.0.1:49433 tcp
N/A 127.0.0.1:49440 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 wiki.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 christitus.com udp
US 104.26.2.223:443 christitus.com tcp
US 8.8.8.8:53 christitus.com udp
US 8.8.8.8:53 christitus.com udp
US 104.26.2.223:443 christitus.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.179.206:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 utteranc.es udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.21.7.5:443 utteranc.es tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 utteranc.es udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
NL 142.250.179.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 utteranc.es udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 104.21.7.5:443 utteranc.es udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 172.217.168.202:443 jnn-pa.googleapis.com tcp
NL 172.217.168.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
NL 142.251.36.1:443 photos-ugc.l.googleusercontent.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.36.54:443 i.ytimg.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 tracker.metricool.com udp
NL 142.251.36.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 fonts.bunny.net udp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 104.26.7.108:443 tracker.metricool.com tcp
GB 79.127.237.132:443 fonts.bunny.net tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 tracker.metricool.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 8.8.8.8:53 tracker.metricool.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 bunnyfonts.b-cdn.net udp
US 8.8.8.8:53 api.github.com udp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 104.16.80.73:443 cloudflareinsights.com tcp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
GB 79.127.237.132:443 bunnyfonts.b-cdn.net tcp
US 104.26.7.108:443 tracker.metricool.com udp
GB 79.127.237.132:443 bunnyfonts.b-cdn.net tcp
US 8.8.8.8:53 bunnyfonts.b-cdn.net udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 cloudflareinsights.com udp
NL 142.250.179.134:443 static.doubleclick.net tcp
US 8.8.8.8:53 api.github.com udp
NL 142.250.179.134:443 static.doubleclick.net udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
NL 142.250.179.174:443 www3.l.google.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.179.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.179.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-4g5lzney.gvt1.com udp
DE 74.125.163.138:443 r5---sn-4g5lzney.gvt1.com tcp
US 8.8.8.8:53 r5.sn-4g5lzney.gvt1.com udp
US 8.8.8.8:53 r5.sn-4g5lzney.gvt1.com udp
DE 74.125.163.138:443 r5.sn-4g5lzney.gvt1.com udp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
NL 142.250.179.206:443 youtube-ui.l.google.com udp
NL 142.250.179.206:443 youtube-ui.l.google.com udp
NL 142.250.179.206:443 youtube-ui.l.google.com tcp
NL 142.250.179.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 play.google.com udp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 216.58.214.14:443 play.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabADBF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAE6D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/820-66-0x000000001B5A0000-0x000000001B882000-memory.dmp

memory/820-67-0x0000000001D90000-0x0000000001D98000-memory.dmp

memory/820-68-0x0000000002440000-0x0000000002452000-memory.dmp

memory/820-69-0x00000000023B0000-0x00000000023BA000-memory.dmp

memory/820-70-0x00000000029B0000-0x00000000029BE000-memory.dmp

memory/820-71-0x00000000029C0000-0x00000000029C8000-memory.dmp

memory/820-72-0x0000000002B40000-0x0000000002B62000-memory.dmp

memory/820-73-0x0000000001FD0000-0x0000000001FE2000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fb884a0b5bdd35b62f58a6e93875508
SHA1 452f67f42a2997bf273f377b7a97d49b84faed3c
SHA256 6bffd92224cdc147b0e7349e8afb062b04090eef5c943558a1398551ac968afb
SHA512 6c29692df62a09561176e7ed841bccec74df6e1f9fe86985937fd72339d9dc48f73dff036084e037bd9966eecb6a6b29879ead5231477ab9cb9f58eff57dfcdc

memory/820-84-0x0000000002C10000-0x0000000002C18000-memory.dmp

\??\pipe\crashpad_588_LHLLTSTPXEDEGIXN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6f43fd1b-a8b3-4cb8-a40c-c3a31f85c755.tmp

MD5 aabce19f52ba326fac4f0f920b125cea
SHA1 06753e7235f2d39e865505a5800731092d6f051d
SHA256 b16c080f98880082a2d91479e93598d2c651abec15aac11b95ca9eb21f99875c
SHA512 7790094ce2632f0bb419afc1aa83591f8b61b9da6582cbc2634d5c73d9999f9b7d374d7a92414b28b332e9130f49357b5430bda2c301b0316eaaa4e8653128f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\pending_pings\970ed52b-33a0-40a4-b4c6-64c5643e3e31

MD5 4e23d64132c059975fed46ef88d55bc9
SHA1 281137bbb6e738c44dadedc1dff83cf1326af992
SHA256 639a5bf5f1f52a5f683726b798733b5af540a3c4e75dce592a258333a0827053
SHA512 118044a6ab5170c83e208d89331159988e7504d80a31a95eaefa7ad2129588366fca46329a7865d491470b2f5578394cc10ffcf266f5385cd113b610034a4721

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\db\data.safe.bin

MD5 c6aa3557338c540a55b6ef9d64c44302
SHA1 0d5822c8ea8d23d0ebe4d2f71982a590566241d9
SHA256 078beae1d2ad8f4c8a76fdb11af811749e185a2ed1ae4502197892d261e965a2
SHA512 9e5d5010a4e3de764faeebb03249e8855811b4ae85a87cf11064052b245c1dcb202ee658102823db7f1d4c437b6aabfbc5a5d2f036f829a7a7d0cd26af8ef33a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\pending_pings\77e5b8df-1dc1-426b-996e-a01356c9c5b0

MD5 e94be90a27351acb950cf62f35cdfc43
SHA1 ebdbeef6633ed1b5a98f5746dd349c769ae8d768
SHA256 466e1ae9bb8e6f1d5df1e1d68cd9de6404eebedf5a6b4b7d1919c76b7be4ec44
SHA512 9bb1085ba6d8b1d0d64aea8f2cdb7fcf8717c267daf65c8797eb153aec2d9f6074559de5ff5850a7a062db651a88c932956e6cd6f2f7d380625c1bc30a31f450

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\activity-stream.discovery_stream.json.tmp

MD5 2a104e88aab1744848621b0d7c99c02c
SHA1 79225a70cb88c4318c90b6618b9bebf2fb8de83d
SHA256 7b12f23d4c30f054555e9c3d4b8cd6c728543bef7f6f64660b6fe88a3f849599
SHA512 6b5a0b01237323080658892925a6755c8c33291916b2fa678b420addc6d41ab6dbbfd9eaae32b8665c1639330c9ba7aa7ebe7e39b7d1793d6bcb46155ffedd98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

MD5 bbf059fdf0badfae814338d175f66d00
SHA1 9865b3207d24af75a54388159cc53bfd5abfeb58
SHA256 8c81e18de2e764c70d1e362e56cc1d94b4c9eb4e01f0b43c8897507576776e0e
SHA512 c1985daaf4afc40deb233b2b08fafebe7eee876c01abe11111c7a2324284fd7fb30a6f8a9c1e4aded047fafe2c6531cfb542ee618818d9b4385c06f18a7e8597

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 8b08d5db6115eeac9f905d9b0172511e
SHA1 ad7caa6a41b3a137ba79fe9397dbc5edf3dc6476
SHA256 68621fcf5df083821c4c1e37d648f6df5cc7ee1bec440037eb5d2e09bb6b50bf
SHA512 b20d42a7f0e0bd95b15cc1882969a8d842ce37bd322d3385f538df6e0f1a7fffcdc8b39eff96c9dd3463327bd4bd13667aea29b3cd3910d64b599eb6cc166173

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

MD5 1bb998107a84799125f0630c2eb63c14
SHA1 d7199b62f8ba28f569b6d3b0cf4b4e9f806a14ec
SHA256 d1d98620320e4cdab5560922ec91f6ebfbc4f19cd26812d97a9c0418591df6b8
SHA512 7bda66e54592c3663e4c2988e0ead816afafced655db68cfa826ace509e3d500d40deed2ade8fc2b0ef017de7ecac5bd96b159b60dd1cd63f1e1704af3b14152

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7c93c827c95d00db9122d17128631411
SHA1 43ce9776656f42cfc3df44b99c1ea222987f0501
SHA256 ac55dfaea20be4f85f5acfe2834de89e1889aa226a24b4489111043418ac8c5c
SHA512 597b8bda3cd0aba63a61185592e8c7cef7893792b99de508aee015a385329b89349ad019d1d104e40e01c3125040bff25dbc94e426aec10acaab30e26d2c3cb5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\weave\toFetch\tabs.json.tmp

MD5 f20674a0751f58bbd67ada26a34ad922
SHA1 72a8da9e69d207c3b03adcd315cab704d55d5d5f
SHA256 8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792
SHA512 2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\datareporting\glean\db\data.safe.bin

MD5 58c89a0c2449c83333d706fa438672c2
SHA1 5f4906f1bea7ba03c7fb3a43df3109676f90a9af
SHA256 c6b49a996f178026594bac4c52faf5c7760dd5bf382c10e120532995a1c340de
SHA512 f3b5323d069a2d781ce7b5de11441d1f7b41a9325fce89fd64427a4849add99dc7fba6eae22e643b08843ed21754188f93e5a31cb8246ce6b4efc04c44b1ab6c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\8999BC8CB7B8114B87D8185D8CE1BBF1E6377016

MD5 bc865c7a4a308d36940d5ec33699b80c
SHA1 e3708b5d3c816d48117e2935f993c067dab9cb8e
SHA256 50caf56070ff46d18174ebaaf71dad5eb88e654b8dc7ebbd0e099515cbc0483a
SHA512 5e4b050b01065de0f9bdeb7a70a9ca70491de02f57fea350de4e05812f1b3aece68b5e0407ebc735d4dac96548d1d1dc6ecca5baa22527e8e3a3958d90750fa1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

MD5 418943c3553aa2d4023f039bb48e5838
SHA1 3f624b751c0f15f220f7d50a32e4c6562b2bad32
SHA256 e4b5dc7cb1ab5d7326db55bdd3ef8cbf6161d3f951371d74cc1be900b149996f
SHA512 5d644af0c41d52f1e4ad5029c9c4b1a3a185027c14b8f291beef30353d9a434825401316836cbffbd911be660685985300438fbd57e0bdd33538b3bcbe532278

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

MD5 fa90ee8e8ed86929c66941c344147e68
SHA1 f4a48cde389f134f1a65cc6efd943205ab952f5a
SHA256 3e333390daea90575e90aea75a1bf1f5306b067d1b050a4c38e276253b13d8db
SHA512 e492cb0013b490065589f1c1e1b44743c75df1cf2e2a966d23b07415dced71116f474b8db5cdf10a13e0f1ac350d0a414ce9338f66d80eee40fc242daeee2b47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d944f1830f2a5620bccc4243b698d7b6
SHA1 c7a963a39b1b52acfebc2db6892d9feceb537457
SHA256 8c164292f64c55f3817f0c9bde253c7cb11f5d6bda53e206c2846732ee2a5dfd
SHA512 e4317ba80398b07ff7fd03d123487924b2055d0800231df06a21de4704402f533f88bd831d61b211b7ed6cbb5aa9d8654a1b889bc98e83bccdbd956d524673f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

MD5 17d434a5b68cd8dbb35af947404e5e47
SHA1 5b259b7dd6e53650d678b768cf99b0baabc9431b
SHA256 c1566e7ff9747bec07e224e63d15bf3d68f6eb683b8a364b5e79ad61d6c0925b
SHA512 200cf656758485d6d9cefa1d6fbbdc5be402befcdd24edaa5dc36e29e3944abcd0d0b39b5940d25b25c329c8aa14f78dd62eae622b613062b6a3b24f7f9f7569

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

MD5 36b508d638734345fd3c2e47ad7ad8d6
SHA1 afe64a343e0480e925f3eeb814f2040daafe364a
SHA256 7e755e2be98972fed2b266673ceab5886c2d2fba3a55a19c3fbb6d47e706593c
SHA512 eac1761b4375cc68e0152de43d9cd226bc9569f57a8f9d416cdda54e200a5e2507d0ef1c455699a8451c213c2a72ce02dde7108696a5d6c4dc2a4cb00d1f5021

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

MD5 66781265c3a276988237d2858d530d9e
SHA1 5c5b1a5266ac8cf5d41553566acc0531a6408d58
SHA256 ba6d7ad48ad62d4064c6286abbb703cdf7a12b8561b49d2b46afd316fc1a3ed2
SHA512 c8e935221106b1875c21ffbc59df4491816b42f906f07b091dfc524ace088b5fdf0dc64a658f14b288f70c4281479bc5a5caf5eab82db94860ef1cb7eb6eb024

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cchristitus.com%29\idb\2864943543LCo7g%sCD7a%t6adb9a0s.sqlite

MD5 02d38ed0171d81e190f450902f7c783a
SHA1 8df611d3bbaba20fd550e89f5ddd765ea28ecda3
SHA256 0ec9cef409e7055a30f01fdd0cbd750353fdf3f1de10c6154d75038bdb2744f4
SHA512 8692b424a06dd48b651c60add0ac7daa0ee48989b68a06c0cfc48cb607e695019875236f58fda6baadb9e11c948300d3a7d9e4401217fc24fadddd37bf362c60

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 821051b9435813491526de746b0f4c4f
SHA1 595f111d17b90ef2a566abf5ddf44e499f9520db
SHA256 58f629eb2efc804a972eb3d3d44597a58596189611d511980ec155e7799b92a5
SHA512 90536ed858b4b0853aa40f5d8d9e40525dc02d054d9b01e9a45079520c9fe34119ba55a7b57bf9dee760155fc1d03211d11ebfaf8a0fc80d8730fc0e02e4f82e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

MD5 fde58bdf7d8396c412a0476ffa4c48c7
SHA1 75c180e2b958f59c1ce0cab6118264a8c168d8b3
SHA256 9f613ca22bd3ff1e297117279462ff1da032a66eb801cb3ebd0e585a6a0ea4ff
SHA512 91dc5831ea6278af236c17b772f7f21b543f456b5ec346befb9f8a16556530b6f46d47e81fbe400481e119dd1892f01fbfa8bc6caacf29f7f8c14ce7258c3f0c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\3A5453C39FA30A8986EDD018B3F5619A4115CBBF

MD5 81a4373fb869003e0112ff248dd96a31
SHA1 0cbfbabc81a5029bc8dd57854c70caafa7430fab
SHA256 58ca28942f950447ac922bc2ef4bd2d5e6978788e5312d87ea164976ff308968
SHA512 612f40d301f75b9ccef2a7513b06c7b7ab1cf22b48fca2569b2675646b4f561116e0734605c412cf034152c18edc3d3fdde308a0eabab502a55ba1deb2b57a6b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\targeting.snapshot.json

MD5 1ac13b343d22a59bcf3b6b0a4eaea751
SHA1 fdbf4053b2bf7666d1480c7c073dd4bf797deeb0
SHA256 a6624eb655aecf979e88da32a4246c29ed71869b659c8218cf489406108b07a1
SHA512 20591fce2448d5b1ec3da0841008a762ce0f448a20e4c025e4b20a27b9250ffbd68ddd71386ced6327f81bbd3a5ded17d00b6751ae9a04524b627721497af4f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\search.json.mozlz4

MD5 028e0cf6b83e5e2d9057f60aeb8244c3
SHA1 17d27c6581ab4ae5a72984dfcd62c10bc42df148
SHA256 a0e37d4e51aabd99735b307900ddbd634b5fcf77d58a6c417c35de53d9099613
SHA512 5041d8d37d5abc271ad84913b16c4f8d4be87cd380e7f658d6745fb5f8746523ec3acc00cce4031e3fd535bc2ef5721b5a4a4ca6c730c41149a05764ca5c7392

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\399BD45BE3E7C9D27AC54C6F0C6D82E58619F9CE

MD5 d9ea7a04ee2b8c6dea7a943b4ad12df5
SHA1 87bca939f180a04ac93df8e9ce57fc3a22110b54
SHA256 b14c8f50882d732aa956cb7b90e900caab86a6f843bbd554b190c1e90616c094
SHA512 45f8c0fb770fad7faa5ab47efcb35366329eb31fa53acc123c58982a1bcb42c6692eae9b32c48e65c2dd70154392d0ab805aa10d18ef79ff764057046c44a474

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\ABBDAEB0F9E8C444347D067D9833F38423C63778

MD5 e4f9a0d0ba7acbdfd0898b5604778ab5
SHA1 19af65e984f02be8011859ac3dbafbd9543a7417
SHA256 bec5dcf04b7d80b2d32938f88666a6123a22b61155a0d495c7b430c31cd0a89a
SHA512 42b6d609dc6ff64c05cb0b964d5bcb456fa44c80d4b48bb479959b12d23e3ae9e4fd3ac49f5603ee23181d08db7c3f7b95899bb20ee11e14556c3d3c3fe08b48

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\ED71EC6B58A38DE06EE6954AD522904F464C6F98

MD5 cc3ccfecd8a7aaa92fb39e4125eda461
SHA1 6935f0a1ff9bdecad85ec7cd0aef8e07e8fe5180
SHA256 dd6d7319f3820b5653b82995e2b19c5b0d548e55e5e2f0bb8fd26a55cf7532cd
SHA512 0294cef48c77ea9ae4b8e7556bbc5b63ece06c568d71f21cc2ef87cfee7b9003cf40439a2169db6adb1012a68198d5cbeb05fb06de3e548d77de736a8c359895

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\8D88ED7A6AE6A02E71FD2DD47EA93A07FE680FB6

MD5 ebf3430ffcc8f26bf077a1385779d907
SHA1 0a033e4ecbbf007e1b918a44cb8ce5eace413786
SHA256 56e2e58b81b9554a30f775b7de3a571801658c4389d4aa7c589fe3456764f1c8
SHA512 bc6011640e8d7022b678070515070818cdf1da790dae419f79760ad90d3bfb568ae62391e15f1a7b06530d748e59aa61a5e07a1dbc331f45291c51ebfb08feed

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\EC2464D6A6B901202DE1C3EFAB70A4C4C8D0A851

MD5 9a04f69bf1976716fb64ce66c95f4bc3
SHA1 793a4ccbba658a8141ce048612fc4dc6f70ddcf5
SHA256 30f2a43e1e46002cb0f15d726b03ab1d729c9802ea28cbe10863e2f37c7f6c6b
SHA512 eeaee57d0b12b8931a35ed629f47b22f020a1904062acaa4445678152c216d3c601ac6da95fbc0d26efd0342b20c630f7fd45dcdfbfcc7354629f79a839edac5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

MD5 d1079df2e5e92ef67a3cdb0a8f390ec3
SHA1 8b5486a94d3a00570e98b10a2759ba56cfecdb12
SHA256 a7e1994602432c058db998f4a2bd7507d960c91d56d472f93f35cc19c6264ae2
SHA512 1b93ac2bc456b08621be3e00925a4ee8f443933e2d14d4feea5bd65c1676076d7a3c5c8190f3b86496acff0ed1dae49d0335d663da3b903d061d6a4b34e09556

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 9869a506fbbe9cecab612ea74cce2c6f
SHA1 226f94702b2c9c328985ead4d8c4ed12306d60f9
SHA256 3c5ba23ff3f2739b0052f20d48479043c4e870e2ac9bd1a2f2d43d3509854e46
SHA512 2d20e79ade4829530f8922547b021d2eaba476fe8638076bc224de3b5d9446cea23d0d4720cd7526acdfcd76cf37f018caada7f9b072e05bb21a2074bc14c378

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 8114bb05f68fdcdc929e27e261f5ff4d
SHA1 087e9ac986643a3a9af1e7ea0dfd7c8dbc3f96e7
SHA256 896db0365d46d12b3a41a3af43d5d7b68d3342301c494510ca44447d4b81edba
SHA512 95c731b94458c9b641e3ebb4e78b985338d426b62179477773ea0d18e3ed7837016a438146161d00a01b684b1734e49f6efd3bec9a30a2e7390c6066de3ccd01

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\80E9C363EDF44BB80B2A71D4812C461DF573FD24

MD5 b6b746859415d82c9cafc814a15c0f78
SHA1 ffed32b61996b9c3022c36080fcb5c29c61643d5
SHA256 ed297079e28a9eee5b7892d99873aaeca07c2822eecd34349e699ad82ae90128
SHA512 ef603636f47fb13bce3a0dbcc29f113b99637b9350d26a730af0a2f75ef00d32fefd3aa2089c8b4c2ac17660f3b6f888d54b7f1511fed90c0aee25af192e8e2a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\853A583AC6798F6A9797867D8E654B21C0BDC15A

MD5 ca44444871fa6685f4414a9fced23ea6
SHA1 527e66cd0df207e9482d904e64876cfd46dc4c95
SHA256 f89c6fce8cbf7a5acdf98e36dec5a28820f3475c73743b3c29e2b013ed051060
SHA512 046be6fbcc8213d2f63c448c58e1fb483ead06b70cd2fbfa3f89fb922c820428d1a03605908ed3580e820f7e4544611718451e8eb0c6f5bb7b9e04bd1387bfb8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\1AD355F039D16630307D2A433D698024592FD438

MD5 0c9ca1f72ea6e92731e9f2f96408c893
SHA1 2a3a0a76b3554587a86e410076670fa6ec887937
SHA256 92e8bec43a04b75cca4e30895d7026ffc1f835a8c618b4bacdc392bb59fdad39
SHA512 b565aa59525c730ff1f6ed98d5b650a9d2c056071820cb8afd7d43e48a9fa4de98503ff783f65cdb27771254ea32a9bec19c43bab73c4c936bcf4b29b8fc6d4a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\FC83D10AC56B0E7C74A0CF06362D08CCB58E9318

MD5 8472d2c5a841e30b49cb03767f773acf
SHA1 7c91808f1eac5cdcc1daaad2155d5a7ff8b2a8fc
SHA256 c20032df6959c77e94b4272b6a7e77525b5b843ecba2cc97393b09b665bade5f
SHA512 77ee11544b357f86b89fe91ccd719cf02fc672feb8ffa3dedcd585e23ebbcee32ef74562fb809f945a0fee25e57bd249c82ecf3ad62cf859ce185a4cef16dc16

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\5EA79F486C2BCF18D1840E7C03C6BBD2877645A3

MD5 2c035fdfb88d76746bf76035fe6df515
SHA1 70c51ba2742a3144fe19f7ced03ccf92533787b0
SHA256 ea17cd46cb6dd611f1dedb4d3980f5aafbfa9437ad5525134d5d3cb2ab10e7b8
SHA512 f21f758f24ef80ebadda3c109987dc6cd1f81b48cb3b3c61b5035a62c701f2731ce48075f3b9e702a3b6082793a790e4224725dcdc031267a2e0837c96c04f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A701FDA4921503474622E0AA39850168C3ACF5F0

MD5 156c6439058427b2a1b63b7a711b2738
SHA1 a34f0fca7626fd3888a69ce42a868566997c2c3d
SHA256 4cd595aa231ef9de3e315c2a872a92674d041ff284ae4fb7b31027c1556ecd02
SHA512 ed149659aadbf2947d79aab675f575a10fd6603cb784c51da53d5d2a00d2e2ba8b6ba48c266fd26b80a3737ee21aec5f96766a474aa3019715ed39dc10716273

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\7BA24EF10F41C19D07D8819FFDCFE241ED0F1A5E

MD5 5f3299711817fbf3016b65f2f77cd232
SHA1 f6c3837a82b1d8fd808876014bfc2d66ebf05fdf
SHA256 58a9557fdeeb7f881e1fd8c0c371b146f937f8c0f6a37d2f6a30a423d14999d7
SHA512 59649730638136fc7f60cd900deb6f25493ef99726b5cf64355dfc33bd3a803cf63be9f4c4ea35932b53b69acd4f4e1ddfc4d8ddbad86b7f62da2b7602fd3714

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\78947EE8D391500A4BA092B1DEC484E612C5B38D

MD5 d3fabc5836b8fefe097d8f3166592768
SHA1 16613316cff75c9f996c92591aa2fb9f90dbcd55
SHA256 c2996b3363af57bf994f96f96976c82cd5a4a02cafada8349eeefdecf487d710
SHA512 24b50c0012ecf4958d766ef62d3e8063a8b7c37caeb993fb43fd85e0fa03b139ec98e3fe58db059e1cf4eb223b746c55d68715e2a678a9d8754dd1f0f275c1dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\DFA81F4F29B88DFE84D116D237B85B1D3362673C

MD5 002c486057b49b29117f31d65be3105f
SHA1 9db5f4716e8c0c3bbbf6bd64686e212a09bedd0e
SHA256 36132c48e1949df43825deecbb5433d8ab33842880b29acb62548f361f7a3946
SHA512 601af499c567ba50081601c1f48c7cedc37a7d73752a927be1da03c4277af66dd16ee50f2d7cf56dc7106f29ecdac0cc51b1cb3fdf67de1108f2f54af1a70eec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\99C6C62927218C3334AC4A56CDC07C5BF17098DC

MD5 e5197fb4e457914cd8af994977e92fa7
SHA1 e4f231b6c17ec278acf65c1cef0deef739465c97
SHA256 d2c4621a75e13cb2f921bce3edb0eb44889c9054056d4ac8f3741ff012018767
SHA512 cdab581e998aabf2042635245ea8f6182dabb15bca33fbf64ca488fcce994966e45fb97fbeccf86c545d59242914403aab98b1bfe4f3537eade8ddc1849b927e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B09B9DFF2D047FFA2698366E505E4946D5EFD953

MD5 0b1e53fe5a3f2cd2b002d31838f047fa
SHA1 3567f08345916f17c7556a69de2e08b6f916fac3
SHA256 d2c6c9afe568aea8e918b3078438e8aa79e2714a2d3c08c708bb0033be876751
SHA512 e17212fc290940850c3cb375aa17bbae1aac30df8b24f5c7c42873a2160d26fe245f5d3880c9454b00a493e064d0229303e8d6e957c39df32241edbfa9355a99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\AAD19BA69CF1980D1395A81FC54B6A104A7AF60B

MD5 952e9fccc7a572e7b6842d2fce96b109
SHA1 5337f5952dc9d926e99b012cc1c007a6a577368b
SHA256 af800ec21700d7822da6725048e9021e7d4b94cbcdcaebf21fe22a8e1c9e32ab
SHA512 ea4b24be182021727d6a50582a98129e554d9eb0eb311414852c695d286cc4d6e69076eb38afad4ee2e42216576c3046f990113231967986f567872f54bdef57

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\9ECDE3BDB7D9B24F46378B5F48DFB843F45825DB

MD5 ed5025bcccb6e8774bb0c4ce3590a714
SHA1 b4f1cf18d8ee112dbd3db9077276a1e099f2f787
SHA256 b5b4b55efaab2eeb2710c95a0e4ca51ffe54997d195204abe05ff07fefd50454
SHA512 ea6abe1c18cde0e742a19f8feb0ffbafe9f779c84d11712d7503d5141693010dd0e20021bc6b09bbbbeae2729709a5e651e6acfc70063f5141b18fa854ffadd0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\7C921169AD3F0DB05A9DF19F11E636C1D9262BB4

MD5 8a90a2c081d1408b411b7d281a0f8525
SHA1 ee6214d0798f47fee3ba960e93982a678c3c735e
SHA256 9a5f42840c2b06bc77994e486b4f850b04d4199a0f1a807863acd72ff916a671
SHA512 1806038cef1f602f7b6237c862ba9a665016a7b4afcd6593f0d5c84d58edac094ce49f12c1fdc053f1e09f3fea4ac70241a77d3d4bfdc1a36667424846cbdc8f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A1B32634122F21F815708487E908093D2A2895D9

MD5 837d58f36afd950ae59c2270fe3bf7c2
SHA1 94135861ed334e7d3d986f8e89aed6f617357f0d
SHA256 8ea22beb9cb113db6d300a8fa396ce87ca76b1adaac4a63bbebae8798cfb5a38
SHA512 cfc2db20c03d353e97a9fc48fede6bde660880ec1d2e1ef87669cf1e18da5a434f91aafe140837606d9137a9936902a5cdbc6bdcb9712d332f17d852abb1e92b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\6FBE6666A9FAEEF4F02207B214BB4E3DA7B78EE0

MD5 eb2fb09e62420ed590a080695b8112c7
SHA1 84843b21915e034ac94a1a4d6160c914b170bc34
SHA256 4771d354c087a861d9816e9ba3a26616404f842be5c2e36e285692b29b49757b
SHA512 973874bd07794967730557fa01ad26c6f8934a48b894b3c7e713141ff6a5f1256927c97101e5469d564ead4c94ffb73ed82d533fd168c809ebdf52d7995ed9f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\0B7201106BA06C7A4E6F7688D8BA31D4998FF508

MD5 51104224a7915b97a13a5de305374778
SHA1 cc63b60cde1b6f599a6d6c7cf635ed194ba2c669
SHA256 efbd28afedc1a7f55fc994da8d191a2ad98a9b65c70883d32f67373f5d078ba2
SHA512 66f0f3f140fe0f1c002723ea6d399b9e21853caefe5b6de9283f5844054f0683c3633976bb8bcf07da72a96d93d3ce31bcdf1286d5cf7a2cb8b41076a42ce30d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\553FA244A14AF093C88B84E7B7163A644FFE5B1D

MD5 7881822b1e09ff30effb93d5dff2b537
SHA1 59ae434778a701d60510a3793ce3a498a50e436d
SHA256 dce843f3b7c0ac2a42006ebd3fc5d7e75acf1d06aa4c9fc349934e3ea62bbf54
SHA512 1fa3699ceb6f245e6b12dbbb6fd56e38798f5b296f225a8edb677e5b7d014c1bb688539535340ef9c9db2d35b9ca1a9c0377a6c9930684c0f52d2fe718934854

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\1E8ABFAD24B5E76F5A320A06813E2C43336D8663

MD5 ce366bd98adc1ef3fb3b0a4f2f5cf703
SHA1 cdd3d06a9fa4045133b09af5f3036a0c2c4ae22e
SHA256 014513991eaab84e178a613297e2d7b80dfb5b1a8d2644359211cfa52dfb8f37
SHA512 acae7bf4208eca395b0ef1c55d7c4df234bc4a861196110054b64c5086e72f91c10d7c0ed237f53d8f7ca9918fb979b3633fea75e29cebe7b0f2f2664e67138e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\C8148C2D23C747411D79A2252AE0B932FA6954F0

MD5 21c9b307b475250f1cb8c23d2f2bbba1
SHA1 e27931ce85c8b0d7ca73842cff0efcbc5d4304da
SHA256 f70d2a94e157232873498583b891746e837f73d832b654fcbd6db8172fcc19db
SHA512 71bbb8fb004e4315bc6995d30f03fd0de56582bc6678390919815b7ebef58de2adc4a27fe06458e2e5d63620aa585dc61cc45ff39751373c6793349df7a51e03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\400809978273CDC24FFE4BCB04C3BDF564B32E49

MD5 2bba63ec878228e0c9eec8f1470a8d4a
SHA1 7d59e717a2b54d4859664acf621dd021e062c3cc
SHA256 ad0370ac90918070a1bc57d7cf2ef23c90b1853d91e36c0c4f36e713238601c7
SHA512 c63c0b6ca06238b4b0a813d47a4eadd64cda8b67b50a9211e91e4a510f9db48333857ef5f9fa9f2f907ab93301a1a249279ce85367cf20c7ea9f3408a9ab32c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\65E174F1C2940C970D61DF4540A512E734168ACA

MD5 26e70a0067b489000b286caa502ce0a2
SHA1 9cfe6e2e1c272e08830b96ef49f2f66174f0bf55
SHA256 bca243a0480b887782f5e5cdb6c9fb4f632f5a86f9073fd6ab33189d4749780e
SHA512 88a9cd1bf5f0af98953d5d0ceb1da81a3552c8f4a25dbf28ac34236b5cc97bebc79c31bf5e357b5f8a0a494837dde66100deadca1a313c38b0e5ae8250776f6a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B4D33702599CFCF728EDCB94B9D371DECBD25754

MD5 0bb3231975cd01337af5cf7dda46dc58
SHA1 fcc0c955f9dcd85c6c0d998769c8e001dc392c17
SHA256 f1e9a4ed89246d7a759d3505edcf2c20c18988a60e481cfc336b949bf593683b
SHA512 c95e3d592d55898c1f86e548ffb35bf50c1e57357ec3c5943409e62226ba188be199e01c342f487ec31079c6de876d688697cd8ad4ceee26ef6e9144ac0964f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\53DD2E5C47152791460A20F66D6D7228FD3E87A7

MD5 ea52e3253673c2fd1a025cb6820dc178
SHA1 0b99c719301c5e201526dbd225ae6afaff1d4558
SHA256 4024c5eb078e9fd8b4852ae2ae018bb8040cae928ea52161a4b74415b250322d
SHA512 199be391181b2516f7a8127458185b840fcbb0d89ddc952a388656e62f04e144ad8bec7183a9c966459e45a8a589a227d441ca9d9d91c7527ad5a0efc74c9676

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B032CF6FE0B55975F37E7164085886765F541E1A

MD5 902221bd5ddb400da546fd8230a26cd2
SHA1 cd683c550ab22de5b1014c5a57a35fcde3ef4eb6
SHA256 e3c189f5d9e078055faf3e865bf11d62348cd2b2b009184cda201b9fb24decb8
SHA512 2f8d030b13ee946ebf3b11f02fd29769c5d06782f18564b3b5f9a7c1fa6b3b19a615b89ed191662cfb7c2aaeebbe11e25017ed56472885a060aab62b77e70e96

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\F994FB7090EBEA8EF0903239F57D7465979256A3

MD5 6c42202128aa18ca58cf821fab2434da
SHA1 ef3438aa369218c455acd3691bab0c9097659240
SHA256 708023a99b024d709ba78e3efd8ef01e2e4ba4bb1c4c9d1054b5793ad8b4943f
SHA512 9428dc2548e202fffbf4848bbd3eca5969f0127c32689ac5a5e311b7f5f00132ee3094658d8b6e4648e5ba00fb7033682bb9b0b50bf39ea52b59f0f209bc36d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\25222CB7226D2C966B550A8621B8B0572C03BBF5

MD5 31b5c3acb189cceff06ab1671b5a8dbd
SHA1 dcad24f7f0ebc8670e6013a5a94b376b2c8d1a39
SHA256 a77f717b2b4ce267f632c7793f61906e0abe6cac2ab7be8a1a678cd38671efe8
SHA512 77a70e370ba94b74619e3c21d9f3f2b43d3028f83f26aba3a32f9d394a23e3883504233068faaaeade0946c317872d6fe10c3e09d9037e06b80d7089b43143ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\DECE5D3EB6BB4CEAEE9C736EA46540805C0D347E

MD5 f30e4a83386b7261d798e1f86f314291
SHA1 14d82959180079747ba0d55c27b336eee835268d
SHA256 e6a67ac63f09e60742998c985d2156978599b9551232bef3dd7a0039426fa83e
SHA512 425d558256dbf0dbabfc6d976a0e2c231091609d381a6ed796964c23bc69789f4c31f2af67200b287cbfee79e773a3ab650403b4c3dd7c96c4ec5ea2763f895c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\E8C115C5CE1D423E4E933678F221A2539D11DDA0

MD5 53d83233a60171762519e26d2dcec01f
SHA1 d0b0e23b1845f187883da95a476ad201f35667c0
SHA256 9628e62c353936088086a0e49d7dddea093f353738ceabf179c9f946627406bb
SHA512 aa36231ce385c802a833370ad0994e5bf854ce6f1cc0410f1d5c605d8ac6e8d378f1d8722982d15502e8677026b56076289297f392a0b005b67b27d414324a5b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\C13F0F42016CED11023056199AA05258295E8B6A

MD5 035e769570738df8a5788d2ff6a2b9c6
SHA1 2f60d6df32e86f6d0818916652e4f83ed9003f29
SHA256 14d0c1847fcdfa5f2deaa440702b1bb15583dd5f71e17112cbc2fe0af0d9979b
SHA512 7dc9790d004e71b18d9fd0bc2d4d2c501c006cbb37c63c111d09b1782a6005912cd95bdbe156b6f4c1858f7b53f72f2b0388c2d886d2d4c81d74a95220941772

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\42FC4194BD1334E01A1295892DF638B55F071D2A

MD5 5f16956e86516e2b880e2db1244c281c
SHA1 ee93996d51c4a10688983343fcd8b73b7c2a91e5
SHA256 733560d92b7e5426383cbc9059eb0dd6f9468520351fbe7677f6b49600c4bacd
SHA512 248310d8b92739320a1327ef055cda81550eba8aede24d2b7ee5c8e1ba8404dbcb2815ab9b31fafcc2c38b7de21ed34898e2fb5cb6ce3a1dd54ef8a6d5c21159

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\7D661694CD0165383F47374EB7B6B23D3551FEB2

MD5 dc8307e80b0a45ef01c99385e3e18adf
SHA1 fe19ef501f5fff8bc7337a4bbb78b3cfedd9b8b1
SHA256 2fcfed1bfa6ee4ed5b18de2fb9f107173ac412dd2661b903ecad40e4adc45d2c
SHA512 c2e12977bcd336aa7ac2555c0e2fb6b219022f89f6718c06d44e54f4384fcaa9c0f6178e440ae3021a223dff5777155bb76901f77e7cf7f51639c84c64c07122

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\90061A7841A11BF0A618383EF8EACE0C8526D977

MD5 7d39bd108aea8d5967a506a01a45a8de
SHA1 716314fe01b231318b5d61a6554fda942f7bfd72
SHA256 1feb3080ba724581c6219f2f693da1a7b0a93c49716edd903952a6a763a2d6c4
SHA512 48366472ca7181d0da81a05e4c430c4e300b1ce1b467ac11fecb42a8c808ecc71cfd5c085635338809ad8e86a7523cdf298ced6e30f3651f42cc020df866fe26

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\9A4BB0D002CB2B1D132C8A531627F929D703B965

MD5 c1959d7e0dde455641b23bab5c327e54
SHA1 5a603a869259ef7cc53bcaf2241ea75614cf765c
SHA256 1624a07bf7287c194d89697b08658a442b69576640db9de009fb22bcdbfcf14d
SHA512 278ea545626d2dccc6f96aebcce08e123219836dc82198c6ef7030f08b1866df31987101077bf12d37bbd46347a4308dc0bdead4373455dd6fa34d3c11c08bc4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\D760F2A992D3B3E3C6E767A8453BE2FFA1B2D907

MD5 c97ab7f0053fadc81557fa47f062246f
SHA1 c955a6a551520c908d9cd202e8c1a675710c59f2
SHA256 9785a5d7a6b851534a44eefec1b887346cdc01ad0ffb09d322747f38bea5128e
SHA512 66de925859c85c221eb963922ac06c2f467646bbba522ae524ab4f89aeb3bc5a6c25703a238193321a3af5512195ace8a681d415a268f95ee71533aec2d54b3f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B9A640EAA33F3237447E18A7B5FC11B21EE2D532

MD5 0350b2013d41e473450fa289adcefd1b
SHA1 f1552eb6052f740d7d96e2b69d5406fbbf8292be
SHA256 5de3927d1e35233245a614c9cefa03fc24653fbf501c67557ddc28ea93980be6
SHA512 91a44db7fdb4d0bee0ce56f579f0397314ee52985597167c5e448b1adf724f8b5e296b90c1541f58d8cabe0a0796e291363b2484a1abc0d082920618991623af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\6EACD520F85D3146D0415546656F1EEE5A1A1992

MD5 261b5fb422aea0218c8eccfeb7a497d8
SHA1 af8aea1b01933107d056e0648418b8319c4c0f6e
SHA256 8390653a8af4e604f2f77c888401a60d8111ab3a18ad5e90f759869d61135cb3
SHA512 1b0914caf723d7e96c50d01fe62287d74e54651634b8a78002405a9983b93049e2f2d96df485bf05ddcc1ed0aa5c50727bb9bba068fa047fdd4760edd8c6e084

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\0EFC382C918E560DEB288D302665494048C380A5

MD5 d226d5a38eaa3526ecd03b09f485aeb4
SHA1 c9c2f1c1ff640f1db6ded5001e1c8778b32be7ef
SHA256 66a5b83ceb0e00215e74405c166c13e06d1a01c27d7ee6ed59253322ae375760
SHA512 02359f1682afc4792c0c7ef3e6cc10b591e3d22159bf1f2503830e127604ce2b018d2b04e2e5cb516b0a6c3b20316432378bf6fa3b8c9478a4d4b3fb0fe082cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\1CB5784F714A88ECC8F4443714D04B514B9AE8C1

MD5 25994963daccbd53fd5b211a8d60fbdd
SHA1 9c34b4a1c27c99dd95ae5dc94d02435cdc6dbd31
SHA256 22e0187f79a8d326a9253956dd7908b7dc4effd2fe5cb06d1362293edb9e7191
SHA512 dfd31d07e922c95107634a7af2b787faa8d2b0cc8ef2434db11d51a883b10bb8dcabee795d8f2772f732801ec38f19351e860bba879ec3ebb5d4a021b468b216

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\0173D3F7C63BE5440FDD01FDBCD592DFED25826A

MD5 3771a7798a07d6c92a6db14064260f3d
SHA1 1f1b494525f307e93959e922b4797d6a366c438d
SHA256 c6431499cb89885b3d1458ea407e64a2c36cc1f8ba638457c3ad5621a8d3402c
SHA512 0172277bb83231d213aeadf68a8f21350bc1e71f8a9d4c122119596c1bf15b65937a2c00009664bf19536015241493467e10170cd0b76247f98c11ef105aedc8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\42426A81BA0412EAF5249A671BA28A4415EDB90D

MD5 5f002cb49b314e4dbb2fef6e53b96de1
SHA1 94e11adbba25585502d0583e274c341d6130876d
SHA256 78254ed2a721464c13db3c82941a0a171958796c2a115cd1ba3fc990bc1efe15
SHA512 745f8d2ca075892e8d184b76c14bacbcf3f26af5b6dadf64d61c7695b16c1d430200934949f7724157c648176d7f4c407a213c242b6e5bb4274ba12a2997eca2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\66989FAE1B0168A7319D0EFE230F97042E9DE35D

MD5 dcc52368f912fe467cd67861f919ab47
SHA1 d6d507244b5213855d4fb8acb3014cebb91ee0e9
SHA256 246dda2e8e472ad5bbab19e6d7d880fdc1ca18d43e182be5162a87ddad0de110
SHA512 a578dc2c68e5e2cc6767bfda9fd634b6b2065c590e5d9bbb3d0a44514c41d768a26b4f139e12a6c601539ced9eb8e4960e1cde7aa2af9269bfab1c35e76bf793

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A1F1B7690B73FC4CA220FF165D4BB14E726E8351

MD5 5fa52edda135a80a666cae12db70b344
SHA1 11e7bcea117c8bc40e783875c0c28b4978896dca
SHA256 c72bef31851f4e22cbff97324c66b16cbbb816727711e0637c52a1374596eeb5
SHA512 77fa37903bb7a0557c0c4d321581c58a5b71b5f30a73ba5386ab11a5502bffcc40c008483aa3ea920e8923e9ccda6e0332f6e212a132ed722afd54b9e9774fc2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\180CB964026436E70EF1CCAA15210C0D9D9529DB

MD5 3bf3af9c9620622e98df5dc30959bd31
SHA1 fff1dd1fdc620be674ef2a869d5700351c909f70
SHA256 8883606c8eb08deb73aa635754020bcc7344d0847c08c3394484c83a89aa5647
SHA512 e5f55e20382b38995c66d707ad42d35c35063202b50b2143b977143b3cc2326558cec1c865727d1fea2a9cc3901363d26b541886b4c8618f39f642d03106d0e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\3E304AC25A717CCD353DD34FFA1AE148E622E72D

MD5 6115cf0272dd34db010866a1b1ae926e
SHA1 ddc45c6310039a8dc8ee0a096727388a54bcbfab
SHA256 2f8879cfaf017c27612176b2b87175f0e2330deb96f7fa9b790336f89d1d5cfc
SHA512 73315cdd6cfd9cd1320791ed88b35c0e92a7f4716a674391bdab2989f4d82147fbc90c82efbe5a6d7f010a095ce3cb485bf41d3b87476e3fa5a0d78f872ed6d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\4B6614772EA62C9DC7E17C3EF7FB756CBD8DB308

MD5 87a3f86cb1fa61a9cf666196ff75bb1d
SHA1 df87ba2a7507595257251de8f0ac6a87ef005298
SHA256 c5c6c4ed8757bb9a3a848ed8f747f502dc3db3ed215a15cabb72671e538f8d9b
SHA512 90896dc445943cc1317c3e57dba5597367eb309222663e932f6d5c9df2d265b9eb69104c43530ddac1d8342bfe040a14ee073554cf9c833710f50099bb92ec0c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\71450A02C6C38A2BDBAA0041A2D811D2B2E3BEB4

MD5 dbc5055b85004e728f61864578490ed4
SHA1 55f2569617a7791d5ee105654169b0fbc925443b
SHA256 999fdf32730f6f3df7bc4b562d3809905322c876d4ed5519efba4ec168de447f
SHA512 fa86104e431e1a959c7ae03c4f4a15b6705e709e3ee8753f225006bab9c2d541959bb161fc928038c255d8e6c8127d76fb908c6e83008874cb0b2c4805e56876

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B56E3CAA7907245A37D6A41BDFE76EC22448683B

MD5 30cf2f96a1100f9e21b3c0f67fa4dd79
SHA1 a6ff6a27dfcd045f0e1f4ffd536b5363b6be38ee
SHA256 7214e651694df66a400078b458d27185ede52243d46bdfb306ea0eae76ea0898
SHA512 9e7342130c8e9c6f68f51e47d1a302ef42f03c0d3f5f4ccccd150ee0e4f1e4e95fc20e66dff86ca348e02106312ce3e1dfa63329bc12a0e03a1264d0d4388b08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\F07E37005475C4BA94629F08E7D7C9A873CC9AF3

MD5 77749f24ae717e0778bc4d1044b2b47d
SHA1 cc6afd983ad90f8cbf0bcd3cb84d44366bcb7081
SHA256 c890bedd34db5557412c9131a81b11d02255c89ecd9feb69f1ff5f4f69d8fa5b
SHA512 bc0d95e22ae5276577f3ce65435e744bc85ca87e1795429b88ebc4a117f81964d1cc22fc37124552595d2da3eb99d2ce10a2a56236da0a5d32ff84293986daa4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B95C96ED71900C1350E1A762797C9277FA85DAD6

MD5 9c085866e9d89e24620a51b3f624b181
SHA1 7bebb1a3dfafbfff04d7e8b5282a5524563d6f7e
SHA256 d07d4012410a6003c3f810fc85420b95b427c5035ab899aa837e7e1133f35228
SHA512 7b2148998b2acfeb8bfa97579960a473826bf6976af7684ad477651fa5b15a3814b23dd5cd385d5ebf0b702bf99c64209dc9bdadd76267bb53b5cc3fc884ebbd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\70B2FA86D02AFEABC6DD6862CBB24DDC3B3FF0ED

MD5 19f668a4062817fece3b065fe78589bf
SHA1 1dbaefa33eed4521a4f94a311d79f2005bfeea98
SHA256 3d097b60035d21ba2499dad265b11cd5e19deef86b659ec40f0a05a60e162330
SHA512 ac81c6f340ff24a51ca7ad56ba3b36c6129f397884ed4257f88beed33133c2afc97c0dfb0c949dd7b52b18634da1ca4e21bf40271374bdb479b4eea8627a78fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A3645F3CDE4B7925F3875B76B36A4425AC56C063

MD5 cc367395da88aeb82bf13f7f944d7f80
SHA1 56f80a68008d43f3e487423b121bc9e0c0543741
SHA256 1eb08596a2493d7c57344b2f5e9186ffe1f34b942a26e3de30266b8a46f29073
SHA512 22c626814819fab415dbc8a18a78d2027f2c5b57959613edd9afaacd2587dc66b107b0d646824aa454f86378094682a3b438adc225f6f97de2ee2a783e3fabbd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\69AA7DF6C2FAE4E526A24012714E6653442FE6C4

MD5 784884abb15275258e5cbe644257527c
SHA1 973df0270fa392bcf7514c7128235e9904beacfc
SHA256 f9dfb0206b3aea2a216ab164669c37cd05c55c317e41ab017caf2f0a8153ee56
SHA512 1400a2952c27f5af434e06fc01a362e599d45fb1067caaad4572ed38a76745ce01d8274a9ceab0e322a058e79148732e1cd1daa7abc753eb30da88bf708990ff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\D9B7605048C194F8B46DEE170FA09EAEC546114E

MD5 f0bb3656c6644ba5e8d6e5aaa1cb24b3
SHA1 9866b22a7fd266db7930cf23d1b55f4818b05336
SHA256 362f785ce86d5d12c23bb65d4519613672d3257cda1f9b1d0b2821727a3fa8d8
SHA512 98632f31a033e26c9fd48b649ebd7327918a72eb0256ff3715457823ed8a07350f21bcc79859b66d3931a5b02fc6c622d18ab910ca07c8855faa121a402cf4b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\5C5A38982F9117903129574E6C933B2CF45ECF5C

MD5 9f44768832072a276f986ae992183068
SHA1 2a0a780f5ca5dbdf78b518571b42e9029eeb51bd
SHA256 ce41b614047f185a17b402e60da487a9461ece1e2620b59dbd48f1903ef666af
SHA512 4cacb87bcb08b4df9afc0182ab110516a2fb6a3f588b1240c8187da69cc66542df5304e8f30e91a75a2e6593cd84436426ef99abf6693b43f4ce7dd483ac88a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A37AEA85B88DBAB71E0898A5761E5A4AD7FCBD27

MD5 db596178cbcad9dd57448bb51c6abb7e
SHA1 724725ae10fe985041f1d5cc7cd565e93d4ce046
SHA256 59a6cb3908c200db763139d4b8f545d6e42a7d5bad0b69d7d22ea2017aee9c01
SHA512 bda0f7b9baefed549c5ddb58697b5acb0c8a5c10546fd96eb71d8f5f66cf18297c93d4a8eec814274cfa7951f7a76069fa64e389c6ec602d56596d9a74619c48

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\C838A65DD87C1BBF31F362889829EBEF98FD716D

MD5 80e9963f64059cf0de2bfbfc160a31e4
SHA1 50cb367ae7aa4008f62bb8721a64f4fa82fd4f0f
SHA256 7104e314cce55758c108ec108c953b885980617a0b85b9930a43d748a9711da1
SHA512 63e8296e2a45b6f775f4ddc5d69fb590e4d5032d45647c8904bf2de0c38de051f0efc7e3710e4828eba790f3d80944d4d26484891bf11408baa70f1a79044bdf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\D6F0D6FEB4A9EB87540C070A66AF4F8510B210D1

MD5 90ce6060b7b7b7341da09ac4d78d0317
SHA1 7b02e7e482854247b448aefae26ae8746e99256f
SHA256 275e1077b50af64fc1eb2dd45a44053f55ba3afa8651c2590bda6f33ab5d8d99
SHA512 e5edebe97484888a4e0ebaa44d0251464a57d73762a6c2074d5ede820e921ae387cae0c1074481468788b2854890c50fb2e85824b06b3faf64016b980e738d62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\D646DE4DDA9260E08473C1297F2906D402E1914A

MD5 770d98a8d47a64283a0cf1d07b2c7f2a
SHA1 7b9c2b228590aa05ac71acd3a11e16c62307d676
SHA256 228da205efeebc4d275c9d8aaae941c120465e12df1a9509f23726aeae0aa5a2
SHA512 265f9793f362259d8083128052d1af26e95c4e9acb18b3046fc6f4faec87550affe1d8027778e6a858e650688e2f97e3ed065e7097590e8c2be8ccab3dbbf930

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\248ED65C92C45889E78B1EC0E84E3C39F1008680

MD5 473863000f92f8e7d8257b7902896a33
SHA1 c511b7ceb73cc61e8505b170019e67d8fc508d5d
SHA256 4c1b65ab9b9298b5fc903df883b9a4bbd359a5e075d4edb9eea43fe21f3f89cf
SHA512 fa8e171e269003f2d88947bff574a7726a7e1f845a077cca8caed5e44b60ccdd35ea4667f2b66b0025200dac4394a478d4c701701f4ad4a8bf7765314fbe55ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B349DC06BF2A61836C0F0BB79E1272DD04561FF4

MD5 c08b8105298ed8bcd2cf74799ed8477e
SHA1 3980d3ca264ee824949737429384fbc05b511547
SHA256 c24cce74471b1cc2a5a3a359c5d0efb302fbb4a6e08413ed4ce2e51112fa646b
SHA512 cd208fd3902027f0aa9c60023013bb60483809079292d9d79e593b70fedd676f7f7406ef0226a73315f8203a2b99169e00c00e54628f1905abd624629de5ae1c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\6E704B6682B2404BF995FD6E2EA90B03691B0922

MD5 2a66b64095a7f12f23449d878e92ed6e
SHA1 3095da49b542d5222340ef5d6dd4bcc3e0f2218f
SHA256 ac741311e276105389f12846d475130edc031e61833df6e557a994af9ab67a19
SHA512 a5e3768f14c55beeda9ed29dd70bbd1a1119f81e54563173ffabed63870c9e2965f368f9607cefe5aa67338bdfa3925aabe732c333db23fa7429c58fb6bc4513

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\44A77B9B340D5E57B14039789D2F6A443EC9C79F

MD5 d2a15ed5476af5f1101558d80274e8b9
SHA1 38d3a4f02437ccaa03ad384f45f1d369bef4ae89
SHA256 3e3207bb0941d8dfd594d2a06d8a923746650162a39172d1a1467b76649355aa
SHA512 b7b6e82b29e1e86fa734b1eea4c002d9842c5acae83f26534aac903f1600bb4f7e812909cbcd14ea0aa2aacc710b983c32b72b7fdc343d620910fb45413ae741

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\EF1CEF7DD82E6C4CD1D35FF18355C06041AD6F72

MD5 50d7afc5214aa43997e9618e51587bab
SHA1 b7f0794c8440a36088392bd6fe2adf15252eba39
SHA256 ce50ee51d280b8f28c808bcdaec30cce7e32f664abb42a797627e0141b700279
SHA512 48aef83b34b3e73d5ef657d100256f0dc77997f4f0f748a13ef5a5fc60a3770387dcf5a7c3f608173add2183800aa0ddab51773a2c1770e75578c5a7c5b18a03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\02F6FD4EA68DA6E4B7F9E4B9BDFD368ED5C260CC

MD5 c5eb6314f66141a7597a1103b0f699be
SHA1 b56692460beaef998c6b9c1a0d8dc5060a562a17
SHA256 21ccd2e1c494e3a4b224788cb36be20cd2cceb76833a9d9a034e0b0a307e91c9
SHA512 a559a4852286ca69f139a951f233942d5b7c100c580e65f44df4b74cbf8e638c1ac9ea70d6aff693b1bdb93668fc8aa6149a1a67beaa115f7338a56228fa1f63

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B74739E2AD9979759A9C48708C8F677ADA19AC5F

MD5 da4a2f90e9ac69c25903a48d99399a14
SHA1 7774c344c3aef0db18a072b8dfd8d36344bc16b1
SHA256 ce6944a18ea316637b2e42884f3d28f7fe25754666670ac9e4fdc3b409ddeb21
SHA512 0af3e1f8a923d1ee5320b8b7106c6c1d17ed139dca5f618c7bbbbd281cede2e7cadac96076f7be5f0971dff42e6840d1fc212ad2332fd4384fa16996091f1218

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\0698B0B88DC6816FD2260FE620869596DEC431A4

MD5 4018c2e2038eec975b20c9211b052423
SHA1 26d1c8a7f6b6641b33adb7e092b1c05ff828df8d
SHA256 9695ab31506014ffff31104dbfeffd3592105bf42aca1c6cd54bf0ad6e176918
SHA512 77471448add70036977909c83dc6f584afd5d0f29c99df2ae342f9b38310f60d453698680c29a220449485a1096104a259889527cf021ab09ab9bd029760e5f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\42917D58C04E1BC84A41700BF329E99EBB19B613

MD5 a934d69651deca0aaf8ef9933824e756
SHA1 611e638e32844178e73da7dddbccecd24134a164
SHA256 8b4adb9c92d263a55476f7f21fc01d5f8546d91b919bcf4821181e0fdebbf92e
SHA512 3b78a943c8abdf4214f9b0765c5e74b11d9452a683b400b892f9480957a343b33952e082525b80e0bd33b3e437cbf70eba98fd902daff894b4e4437b312d5e3c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\87B7962CC437FDC43B8496019CCF2CE2689910D8

MD5 38db1be6f3480be612c29d2017e27b77
SHA1 e28a7b20c170f73c0151f87ba8a3cc4b30bc414f
SHA256 bfba49569fec84cbb034ed1c428188fd84d75cf075032337caa058afa43e39ff
SHA512 9df45763d3552b7360ea86ce97128ec3a5960d89075385bc5f90a5c69d156c86fda731dc722eb08ab88ecf4199dfec493046af17acd3f96f7fbe65f5aaf5a505

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\C7BBD63A6AE6D4B4F889B2872B99EE6ADA842710

MD5 b92ae33394ed22c97188e96174d4f772
SHA1 d66f911c2aa1876cc2e6f9f8a1a9079ced05d81c
SHA256 0723c8362e764b153d33a6acef51a3b36219298f27053fc8cd4062b36785cc27
SHA512 067dbbba79106fd6fa5f54226a87e4bcdeba6de8b683aa7a774014aa4bc2fc2535488ee0efc3b0caa7e069a0c1f73962afa853b92974af63eb3261c85809fd25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\22BBC2D1C8FF7919279D2C7518A1163052698D48

MD5 0991078301dd0a3c020657a24b05a1b3
SHA1 a064db2314f8a8fe43ecceff83f425855f2a6b43
SHA256 399970152fc1039cf42b5f1104ec1b1126c8dc7d53ebd8c670c7334b94687ec7
SHA512 c08b7a8ca3c881e4238d207a9992561c873d0039577549f2033c49361b3f668e3c0f7d2ba84e51d9bc01b075c9771d59546e043b3c2a03302cce1f7b18833a36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\E16F8294AC13475575BAE887BEDD6AFE40E6964E

MD5 07e3b18cc7af15b7d0a689ff808004ff
SHA1 6b7936ac4630d6e4209a4836dbc52a000a7cbc70
SHA256 618aa6ea1eb3557c461d64282e95c324673fe0423183f4a5b0b3a7378b658543
SHA512 e6306a699a2bcac8bd9db3c1476aac27e54c75bdd70a17ca8b513d9ce07569698c2db828d41208c0de5c5f2edb5fcbf3f0fb78b9e120417fe5e4f036daa155c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\D64598DFDCBE596314486E235AD2FB47DF15FDBD

MD5 2872fa8f772edea474c690e485a9f41a
SHA1 3907f1694d6b34bc1497ed806480f666fcf6cca7
SHA256 3cfa9f114c3b5189a8ea111a4e081c9faf41a417d02e7c5d73806bec8e5d8161
SHA512 d63a877003479fe31357b93077610b0ffcd46c3ddf11bb4d1b4c08e6cb10b887c4e55e9e474c3a6c2f2d21785233b6903e817600d6102c2d7946205a7ad0c946

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A980ABF1A1A3F974B33E9E653AC73CD196130484

MD5 5f42e05075f05e517707d51907417b0e
SHA1 e1faff662e2f2cb435581bcbaa435c509051eed8
SHA256 372be2453116ebb0bc5de04fd4588deff7825ab897093800cfbadeee8c62889c
SHA512 7263bd3f80e5f62eefedfc2e519a55ea7a9d58c0908ce1f91a9ab852d16f05c829cc2f9b846aacc688d103803085e4f28767321a569b8f928a9fe643ed56574d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\732FCAF1F097EB4B2D4A69DAC293E29711A8EA88

MD5 9f45484991125c5636a716fca79d6b34
SHA1 6741f1de2d5fd1e5d740fc3df00f363edaa16ec1
SHA256 591eacec91b8809a5406538d48283698a0d0f89cfb71044204a9a35546d67424
SHA512 67a6d87174d59d9b101ff9b3863d2dd3eb6660de42692c5fc3b84b5827f89a76a9db72c711235be5f5e35da7e8a2a16cbe0264e453e368f2a63bd80cc90bbffb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\973E11C2C8318822B4901CE92491B8E8C74DC3D1

MD5 f52cda26b7b0cb38397fb16c6f6f309b
SHA1 1b1fa8cc40569eb36a6150f8ebc053e7ee13e2b7
SHA256 38c63d12a18de64d2aeb75ba09196c25f92061dd8291b24e0be9497bc21aa9df
SHA512 861712d8f831ac9d9ef76d1a109d9d53d8209853d68a96e795b65f9904bfccd366e253c96877adaca1a3c0daa2da335f35f3235c2f34fe87cdbf2f72d45ffe0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\E7A57C8B43C56A327BF9775DF0C5CEE0185D277B

MD5 ea0f5756b1ab49e589d66a4bf83176d7
SHA1 7e08ed74109b59fe193315d793362ea5a8046d6b
SHA256 a524fe1d0e23f040a5af7bb2c02b4741bebd0cf593cba5cf3b848ca317de1270
SHA512 749e046ec442bb8d345a064ecde617ddffdfc78b2afbfe9908cea0ea8619e08c24e981d4a5904fcac54110af7ff0ba161efdf12a885b7135b72f362b6554e80c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\6A9BDB0DCBEBDB1DA08891E05DB767ED868A7AFC

MD5 f76618f4163be5486a7845191793ddff
SHA1 525a5dbc6d24faf68e5b8d750570b0a6b50e86a2
SHA256 a688f724709810fa090be37ebcaf3eeb06076cf7e0d661bb96c5e7c3df616b75
SHA512 affb4b77f2fffacfa5672ff82976457a1681e6c5f2ed600c52e634171d853bfd4141d14ba9b10a1ce86f24b2374b3e5cef94454d4db3450db12af6c3c45fd0f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\5C3BEF23D199FC35F9DF020A0AB6CC2CB5244A63

MD5 01b09dfce33a869c19ba02d14735d568
SHA1 f90e25e93669e0618cdda4fa0c85165a8b5f93d4
SHA256 5b1a0d553d0856112f0ee4dbd2e85fa23aeb415d3e85b83a59ded4afcda98137
SHA512 23618b79c4e7ff7f288f932aedcaaad6e4c637a5bc0889635e68ca409f7454d4b20c4d7c8e1a05533295501df5995f91e7e6098e980f87859712a9c4dd7ba970

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\0284A387295F506E5378CF3A59DDD7F5DF0875DC

MD5 bc81ea64356439ce228f4dc41a4c184e
SHA1 b9c5dfc99f7100d02b6c72af6048c32f54c0fe06
SHA256 51c37e72a865a1b54fea6695e52ec0a1cc2b49e88453549841e93f893a94ac7e
SHA512 29bf7f8c7b0af28bd8f46a381d744294c09a6179ea09ec075b5058e1a27a5928e2ae8db01f6cf0f81775f5d2531b59a290d93bce923af07ac4ea50c9d6f75f62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\634F8E5DC134F7CC1E37C31D641C755EA5B0A7A5

MD5 f56fbc9211f9012d773726f79bc245ac
SHA1 4fa216ba96c4fc4042485052f5568f2f977f31fb
SHA256 cde6ee3a3398e01bfeb84e4c0b91600122fc1088dd0afd95fd2ef80c88010ae5
SHA512 5d4821ed4848a575bac48736d346f825e97b1afc166a1f3fca6f50cf75af396ac82763c4df8d898a1b65ee465da0f2b1298f8c88644fc42afe6b9a720e852654

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\378EEE3986CEC853B699627464174F860E951EEF

MD5 a8d773de3949a384cb96016acf70a1d9
SHA1 5299446267183371bea948d662e3b6244769e8e3
SHA256 814ed1cbc212f5235237648ea6685d91511432ee3f9ca7aa21ea0d408e21614c
SHA512 2b3f3c4bce3bb1780cff96ff8e031b1b1e0ee290b77af0cdb31e18582fb0f5ea29086d41e6a18e202a06cf56707b633a402457424ef61d9a3abeb17e789413d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\A085B2BC431C4823509EC90A6BF7E10977A66591

MD5 39647249bca53a3acff5b0eda2971d72
SHA1 7e2d407b2fa8ce2fb327b142898e5b89be3b7174
SHA256 e457fe042a034563a3c2c448ce0c6a95bcecc0acbbde51e15b203a64883ac568
SHA512 a22a5c657a38e01e3b690462e444edc5b601dc7ba60059d0de38b15f70ae83d7641016b8a0d79808505206574632bbb6555ded127ca2325d0f83ace3a44461c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\80298D22903BDEA58089C75B62E6BC88E4F6C2FE

MD5 ee6cd9478f0a948a04c42492206b94de
SHA1 436ca1e695a47ec2d1ade8acee3933c9dedd8303
SHA256 5ea4b344f42ecb5fafe82be1aca53437540f7b10a26bbd629c1b92a3fc8efa6b
SHA512 cff91469ba3fc775264295579e940ae038fdaa01cd54a5457be1d99ea84b19df54f032e7917abf54a27363e78d0a76ce8635e6d3f67a1c2b0e0feca0c7cdec57

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\AB0E4EC089468FFA3C58D29C560F5814486A245E

MD5 704926491527f2d1761528bf949fac2e
SHA1 526c39198ced826cf26cfaac831be1c42b4ea99c
SHA256 4ecc00c1df88792e9f08652450788efff7928e077bc4e0e76eb38db4108f4ab1
SHA512 138ccf14db7599c924a54b84d54a2d505dcac58054372a786747aa53ed82c65ceea88efd729543d0ec43bb7af9eb528a5ea550ac3512bb276820400906abcae1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\4DF6748B81AB24C880234C9430A2BAB525D887CB

MD5 f4fd15e212cbed04f864c00010c3040c
SHA1 f5b6bac219fea09d0ccaec567c31ca7783ece42c
SHA256 1f83214698d4d76f70b9d0a58f29dd1b6df4171b7593bb6ba36932ad55dcdaf0
SHA512 7502385bf76df56039d80fc63911fb7e863dc74fd265d08e07f9ddaaa59c059db4aa7c75525252e0f743854b5596fc37630a0f5259d3c325cfe94deee232a83b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\9347F222AF09F8D8F57CBBE1376C58A149F9F9C6

MD5 bb623234efcae145ff59a243d1842111
SHA1 8c196fa12d9a23f8296133cc3d2317ae8e503eed
SHA256 44acb4a06d18a0df9be5b73dcc5ae54299b14284e2a197e4b925623fa477f915
SHA512 0d1d57565608a389e38bf6422903ef54817db9fe7bda43984f8c38759c5f77bf7061cb8224a54dae4527e3618e190b29bb5b6765cb8c7625d5bba0a727b0c707

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\638AC9C899EEA2553D1EEC4ED4128360AB5CCE61

MD5 5347a5304729979ef0798015c0465cda
SHA1 f9522e60fe528336789f3f7e182c78c65233cc6b
SHA256 2b9005573c6382af4b0dd4295de7946b0501592e31a5acb26d7245f6b56e9321
SHA512 6f44971ef926924b9b898bfda61d7fb78e4f8ad5ce82b55230534f98b9e55561bbf94bc9cd396e902befeec284642a4b097d5d2867cb18f66db9fea59c0a4dc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\BC5259875FBE50C17A0D4F8BE3653863C662F3F3

MD5 21a174227bf330ce16bec1fa611e8d2b
SHA1 e9eb9797e741e5455d9e20ebb2059c33abcc87d5
SHA256 26420cde2e8bedb8f1d9ab0edbdfe0521fc1c4b0671a3284b5947d313a430817
SHA512 33c0f4e07867542189c85b751ca51fda95e52bb2a9ebf9b684f92bf99e63bf02510d69be71927a83c10e5c43e8f4e256db44846c6a52f5ee7b2a2aa321c8741a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\304DC90EDABDD4CF9979EE678512920D5A206420

MD5 6f6b727dad8f3ef937b899fdf7ecdd64
SHA1 bc9d7548b444f7385cb033397f35db122c5953c3
SHA256 e40bea0019369cad27e123f5691690b940d10bfa77c8dda7c81c8ab6134803e6
SHA512 fb6be5bc3b2f58d13e150c206b679d401ad5db1499ce052bee01711df4290deaf0facdbb273d555647d8bf562314d79f2ad07d02f8eae572ceff6142889b1115

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\051153A76587D2BD274EBFFCAD5D5768F287CAB4

MD5 a018e9205112828d45c48a56e412c1e4
SHA1 831e1d2501a6d7a463a0f0f23790421a641bf593
SHA256 d22662def927a2f66d7c1b3c51a7dac667b625fe10d23ade92eee1e8a340faf2
SHA512 80884e7d19daa6176058a054a091db3c96a00f3b69c8e13f29049c05bcfec09ca93fe7ce000e3c5b99573e1027768102eb31c7419043c0ba908f43c47315ad7a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\39DF193E6614AD956B4BD876441505A6D9D69367

MD5 cf35883111ccc0d80b99249eb197c32a
SHA1 a386bdbe92ea0255391611400a06fa46c7c5fe3b
SHA256 fc1bae17f6d335445b7f1447c794e15de77d89a7bce572541d69f17e361ab37e
SHA512 d6adc1a4d63c94ec87086c5f95e5990ff3d06f3d8f2333d74595c002a515eafc683217db1f455e8bb2fa344dddb3af8087b41603fe2eb1550d8ea14e5539f091

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\E3067BA364E5199421CA80DEFE655E4B8B91143C

MD5 87295f6ff3a2d6ced036b1224a377dce
SHA1 ea40d03c5ff4ccca0c109f762df57d7fe55fff65
SHA256 6fe52190e52179206abe3a4bf498fe68dba41d85797fa65d9837c8e859fa63f7
SHA512 0d17a3b8aa3f0ef36b6f8e49fbec83c1421b15da2e99a8281322058ce36b6939f82887fb485ba4cf4c6790d1a06eb4be8ba94ce2248f1a62b89aba101635b926

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\B2AC31C33A4CC4E99B676E035F7FBAAFD70B507F

MD5 19d08c556634fa8da78835387e3d4e75
SHA1 f7091256d76fd24adcc6585bd3c8b8830dd9ddb3
SHA256 95c3fbba482168c9e10589a61dd09a2d9cf139bb69668f75cbdb75fa2425bf55
SHA512 b6e2f80e291c056143ce830201406920c9d2c64ebfd67c9b25d4d0f1c3d9971e8247e6ebd0a2ec559d00f597b1e0f0c642f9fd8de8ea718715136d59faea49f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\F1167E4B04ABBF4F1FBD1EAA08505766B51A809C

MD5 02b3644167209a19726f2a8fb0a47924
SHA1 ccb6ede6f380de26eebea6646b5931c0de78591f
SHA256 70750624817a3887daf4b463f6b6f84a6992b211930c345e2592f09fb32673ce
SHA512 28c62040f447a1939f92f91655385d082520a4c5c0a729d436ed30a7747bcfa84483b513cedb6b9a829004a6aa2f88ea6b8c33ca73a80c2788f85aeefdcd18ff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\CD0019AF6CA4166EA8333B6ED2BA05A555D3DD36

MD5 e59e28be1e3d3dc1df60b3b9da00ef9f
SHA1 f256f488fcae197f747de7476c4349b8718e2082
SHA256 fd6b2498ef25ce9e5ced18f1a73d6226243b944f9899cf438884e55ca98aafa9
SHA512 bfa8554d6143743a7ab9501d43d6e54dc456c169ab04d17ad3c93ced8a7843a0a76a28fafbac9ff3d0f001ab69e7b88ec5bd7d3feab9f8309e532d628c8a052e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs-1.js

MD5 49bed0d51c57d301df64c871dd794741
SHA1 b8af887ae9a86e04a9cb12a8d894e8e7d3cd02a8
SHA256 1a8e137ccfe39611d5e1c8fe9ace5fc80796f2c11e79f7fe880771e829d9a4e5
SHA512 f121610a26ce7421662dfa7ee6ec25e89c99b973a6d17a7f2bf3cb742945f8ea5bba487eca98cba8976bd7bd2d6bd326b0e86250f50852d8448ede105c19b863

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 6070c0a873fe58555c1d784833cf0402
SHA1 3b1eeb4b6960177c0e50814d5efe3ec9323d4bc4
SHA256 820f2a706907461267b7abb1452c874aaa385bd3d501ccfc682e643882fb8df9
SHA512 8f00699e0e38ffb95db6fe6031a73294505e1a78bac228b41aa6729f35af53311912b36806891b585c78217c386ea5830d0d5151154f6649bdd511c754ff3257

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\bookmarkbackups\bookmarks-2024-08-09_11_eGOo9s42d0LqSlX+FF4WNg==.jsonlz4

MD5 3f81962185aa138c2df5546f088235b6
SHA1 7337acba5aa3e8bd1f70b1c179d6ce1c8184c7b6
SHA256 e2eec6db65b78d493ef1a8059373a16f86988e3402b2b1ebe029af4c1032fc71
SHA512 466e916a13e4235195da32fb5ce9bde4cd22e0c93998876ef42a101e1dd499dd98d39d002db3d869c54888412ac66588c6f70edacba28a254297fde9c939a232

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\AlternateServices-1.txt

MD5 2f26abac860aed915d76e5ebb4741a9b
SHA1 d89c4af904ed1f479720bfb2146d13f69f6f2bee
SHA256 64fd4da410c483e60d0564b8ed67bebb70ed8e85a76a365c37acd528c7262678
SHA512 41ad4af11aafa0259de753708929265e1a730bd38e7e19eb8eb1fc516fa78e55d74078acc3da37e027ac6e95463ec2dbbb5f5f0889cd3d0d1f4cdfec5e446b10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fe1c2b78f35a55d5b55f8858e6a6889e
SHA1 31b396b5183f7c93898febc598a4cb52daf448df
SHA256 8884da402d0797ea4ae0029493c2dacdc65950e76ba58d68165daac141167d34
SHA512 4f425727521c8c0143f1aca8d261e536caea08dae87b521b819bbe4dd6febd8da6a3cd4b88fd91e602c3aab9b4ab4c308b5f2e2a2abd6c8f5917539d081cfb7b

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-09 12:48

Reported

2024-08-09 13:19

Platform

win10-20240404-en

Max time kernel

924s

Max time network

923s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

Signatures

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\EUEDKDC.sys C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
File created C:\Windows\system32\drivers\EUDCPDC.sys C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
File opened for modification C:\Windows\system32\drivers\EUBKMON.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File created C:\Windows\system32\DRIVERS\SET8EF7.tmp C:\Windows\System32\InfDefaultInstall.exe N/A
File created C:\Windows\system32\drivers\.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File created C:\Windows\system32\drivers\EUSSRDVR.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File created C:\Windows\system32\drivers\EuFdDisk.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET8EF7.tmp C:\Windows\System32\InfDefaultInstall.exe N/A
File created C:\Windows\system32\drivers\EuFdMount.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File created C:\Windows\system32\drivers\.sys C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
File created C:\Windows\system32\drivers\eudskacs.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\euimgprt.sys C:\Windows\System32\InfDefaultInstall.exe N/A
File opened for modification C:\Windows\system32\drivers\EUEDKDC.sys C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
File created C:\Windows\system32\drivers\EUBKMON.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File created C:\Windows\system32\drivers\eubakup.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
File created C:\Windows\system32\drivers\euimgprt.sys C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OOSU10.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
N/A N/A C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\DCLoading.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\SetupUE.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\firebasefetch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JJVHQ.tmp\TodoBackup_16.3_Free.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\AliyunWrapExe.Exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\SetupUE.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\FuncRun.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupEnumNetByFD_0.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
N/A N/A C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\firebasefetch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\System32\InfDefaultInstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\TrayProcess = "\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\TrayProcess.exe\" autorun" C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\cleanmgr.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\powercfg.exe N/A
N/A N/A C:\Windows\system32\powercfg.exe N/A
N/A N/A C:\Windows\system32\powercfg.exe N/A
N/A N/A C:\Windows\system32\powercfg.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\LogFiles\setupcln\setuperr.log C:\Windows\system32\cleanmgr.exe N/A
File opened for modification C:\Windows\System32\fbnative.exe C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Windows\system32\is-GKBIP.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Windows\SysWOW64\Eaolog.log C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe N/A
File opened for modification C:\Windows\SysWOW64\EUTB.TODJ C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe N/A
File opened for modification C:\Windows\system32\LogFiles\setupcln\diagerr.xml C:\Windows\system32\cleanmgr.exe N/A
File opened for modification C:\Windows\system32\LogFiles\setupcln\diagwrn.xml C:\Windows\system32\cleanmgr.exe N/A
File opened for modification C:\Windows\system32\LogFiles\setupcln\setupact.log C:\Windows\system32\cleanmgr.exe N/A
File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG C:\Windows\System32\msdtc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\DCDsBackup.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-JMEN8.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\x64\Windows\is-M0HR2.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\x64\Windows\system32\is-JMDMT.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\api-ms-win-core-interlocked-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\Transmit.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-8N948.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\VssFreeze-Server.exe C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\xp-x64\is-212JH.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-5VFSJ.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\waiting\page\is-5KKSJ.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\is-UQA62.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-BNJHE.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\xp-x64\is-MPJGH.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-QALK8.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-KS61Q.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-BE2HI.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\AutoLoader.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\is-E9QHS.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2K8-R2\is-CUCME.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-E63JL.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-D8VU2.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\api-ms-win-core-processenvironment-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\HotDrv.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\dxgi.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\innerBuy\is-QGOOO.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-JBUEK.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\UserRate\res\is-3K35E.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-O41EK.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-B5641.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\is-227IN.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-GCIN8.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_en_US\res\is-99H0H.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-KMMJO.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-ST37I.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-EBT8K.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\is-31EMJ.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-GV5MS.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-5863R.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\Burn.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-JO3E0.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-72ITD.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\msvcrt.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_ja_JP\bin\is-DA893.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-EHHR2.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\string\is-874A0.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\UserRate\res\is-TCSBS.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\api-ms-win-core-file-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\ChromeData.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-CDUOQ.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-3J1VM.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\backup_option\is-QSMUE.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-TBLD3.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-QVT9V.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-JA0DM.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\is-MIAJ8.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\string\is-P419P.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\liblzma-5.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\is-T8B6H.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\Todo Backup\bin\VssSupport.dll C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\is-81GNV.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
File created C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-VMNJP.tmp C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Registration\_RegDBWrt.clb C:\Windows\system32\dllhost.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\Taskmgr.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\system32\Dism.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\system32\cleanmgr.exe N/A
File created C:\Windows\Registration\_RegDBWrt.clb C:\Windows\system32\dllhost.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2FFE2676-5756-4F78-9A8B-5FBD83211628}.crmlog C:\Windows\system32\dllhost.exe N/A
File opened for modification C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2FFE2676-5756-4F78-9A8B-5FBD83211628}.crmlog C:\Windows\system32\dllhost.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Windows\System32\msdtc.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\SetupUE.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\firebasefetch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\DCLoading.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\FuncRun.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\SetupUE.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-JJVHQ.tmp\TodoBackup_16.3_Free.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupEnumNetByFD_0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Disables Windows logging functionality

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SYSTEM32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\TBConsoleUI.exe = "9999" C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\TBConsoleUI.exe = "11000" C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\SysWOW64\FirewallControlPanel.dll,-12122 = "Windows Firewall" C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\MuiCache\1a\52C64B7E C:\Windows\System32\msdtc.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\MuiCache C:\Windows\System32\msdtc.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D67B84AA-3232-46D3-8B30-0AC87FDF65FD}\ProgID C:\Windows\system32\RunDll32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pbd.file\Shell\Open\ddeexec\application C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45203D3B-3D73-4497-8AFE-D29950AC6C55} C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "559" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{F0E324E3-53EA-4B7C-8E78-54808F4AAB = "8320" C:\Windows\system32\browser_broker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "1437" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8d2702295ceada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.easeus.com\ = "2293" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C1051DD2-472F-4B24-B47A-06769096CE34}\Shell\Open\ddeexec\application C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pbd.file\Shell\Open\ddeexec\topic\ = "AppProperties" C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\update.easeus.com\ = "387" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "905" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{45203D3B-3D73-4497-8AFE-D29950AC6C55}\ProgID C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pbd.file C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F88CC4B5-6EEC-4A00-94E4-EA48EE7E1EF4}\1.0\HELPDIR C:\Windows\system32\RunDll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\update.easeus.com\ = "41" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\update.easeus.com\ = "108" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{E5D26247-2A98-47EE-9D67-3E3F35D90445} C:\Windows\system32\RunDll32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SimpleShlExt C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easeus.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "960" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C1051DD2-472F-4B24-B47A-06769096CE34}\Shell\Open C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C1051DD2-472F-4B24-B47A-06769096CE34}\Shell\Open\ = "Open(&O)" C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "2286" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "1444" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pbd.file\Shell\Open\ddeexec\ = "[ViewFolder(\"%l\", %I, %S)]" C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "1797" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{F0E324E3-53EA-4B7C-8E78-54808F4AAB = 0114020000000000c0000000000000464c0000000114020000000000c00000000000004683000000200000009c1e05355ceada019c1e05355ceada01c27afa4a5ceada01504f480a0000000001000000000000000000000000000000b50314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018007e003200504f480a095938682000544f444f42417e322e4558450000620009000400efbe09592668095926682e000000000000000000000000000000000000000000000000003ecb320054006f0064006f004200610063006b00750070005f00310036002e0033005f0046007200650065002e0065007800650000001c000000ae0000001c000000010000001c0000003400000000000000ad0000001800000003000000544c1a931000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c546f646f4261636b75705f31362e335f467265652e657865000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a058000000000000006e64746e7a76686e000000000000000082dd88fe5c4e9049a366c23e19a8eb0e61a5aa1c86f2ee11b03fc65e46bcc2d182dd88fe5c4e9049a366c23e19a8eb0e61a5aa1c86f2ee11b03fc65e46bcc2d1d2000000090000a08d00000031535053e28a5846bc4c3843bbfc139326986dce7100000004000000001f0000002f00000053002d0031002d0035002d00320031002d0033003600390039003300360033003900320033002d0031003800370035003500370036003800320038002d0033003200380037003100350031003900300033002d00310030003000300000000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000005ffc38000000000000d01200000000000000000000000000000000 C:\Windows\system32\browser_broker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FCA7DE15-8A25-40FB-B23C-1C55DF71FF0E}\ = "EaseusSoftwareProvider Class" C:\Windows\system32\RunDll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{E5D26247-2A98-47EE-9D67-3E3F35D90445}\ = "VssEaseusProvider" C:\Windows\system32\RunDll32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C1051DD2-472F-4B24-B47A-06769096CE34}\Implemented Categories\{00021490-0000-0000-C000-000000000046} C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C1051DD2-472F-4B24-B47A-06769096CE34}\Shell\Open\ddeexec\ = "[ViewFolder(\"%l\", %I, %S)]" C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "2387" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSh.RightMenu.1\CLSID\ = "{45203D3B-3D73-4497-8AFE-D29950AC6C55}" C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "1112" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1112" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easeus.com\Total = "2744" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pbd.file\Shell\Open\ddeexec\ifexec\ = "[]" C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe.de70d7u.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe.uut6h1b.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OOSU10.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\powercfg.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\DCLoading.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\SetupUE.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JJVHQ.tmp\TodoBackup_16.3_Free.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1524 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 4132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 4132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 4132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\AllowTelemetry = "0" C:\Users\Admin\AppData\Local\Temp\OOSU10.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.0.1201492740\1454402235" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1728 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40fafa3-7cb0-41ef-b4d6-8c69d1949cc5} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 1828 237910dd158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.1.1721383723\1713267232" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0ba6ecd-a365-480f-9583-8a5f81f8da94} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 2184 23791005c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.2.1069414541\1003911890" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b01071-aaf1-4443-b744-8bfaa7c6236a} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 2872 2379529ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.3.1265275040\1632939944" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3500 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eadc79a7-5fa3-4dcb-807e-0004512f65af} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 3512 23795713258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.4.1895193468\27151796" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e39367-5123-49a5-93c2-485287e3e873} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4224 237970dd558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.5.170738878\501245271" -childID 4 -isForBrowser -prefsHandle 4808 -prefMapHandle 4776 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43dbaf4-d7b6-41e2-924a-c33aacd58a6a} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4740 23797677558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.6.204233113\2056770278" -childID 5 -isForBrowser -prefsHandle 4940 -prefMapHandle 4944 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {350b214a-4f23-4df3-bbb4-24756f18bf67} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4760 23797819558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.7.43128784\190277380" -childID 6 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a2c1c28-9df5-42ff-a394-b35ca0d1fb2b} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4728 23797ec6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.8.1060028347\2056734530" -childID 7 -isForBrowser -prefsHandle 5752 -prefMapHandle 5748 -prefsLen 26641 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac06f09b-1f29-4669-894e-86683f315d12} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5768 23799690a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.9.1320663790\1265489120" -childID 8 -isForBrowser -prefsHandle 6168 -prefMapHandle 5880 -prefsLen 26816 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5512e82-4a0b-4a4b-9447-d830f20d54ea} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6176 2379e227e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.10.381743476\28162783" -childID 9 -isForBrowser -prefsHandle 6248 -prefMapHandle 6252 -prefsLen 26816 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf9b30ab-7e1a-4c84-a589-a6fe1a442bb3} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6240 2379e228758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.11.847584250\321769648" -parentBuildID 20221007134813 -prefsHandle 6432 -prefMapHandle 6436 -prefsLen 26816 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0625e16-111f-4dbb-bba2-ab355f506248} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6424 2379e2d5c58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.12.828920952\402073851" -childID 10 -isForBrowser -prefsHandle 10784 -prefMapHandle 10772 -prefsLen 26816 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0929fe91-1f6c-47c9-82a7-449997c98dc1} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 10740 2379c19bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.13.1584270698\686728209" -childID 11 -isForBrowser -prefsHandle 10568 -prefMapHandle 10560 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {595cf80d-80b9-4d05-a877-0f43944457ed} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 10556 2379e218d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.14.962103585\1739794854" -childID 12 -isForBrowser -prefsHandle 6276 -prefMapHandle 6272 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0e16d22-e75b-4382-a264-3589806da67d} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6284 2379e218758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.15.1166690226\1669690598" -childID 13 -isForBrowser -prefsHandle 10264 -prefMapHandle 10260 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2860129-b6ae-4b5e-aa04-36895c1e8eb0} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 10272 2379e219058 tab

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pbix0quq\pbix0quq.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1280.tmp" "c:\Users\Admin\AppData\Local\Temp\pbix0quq\CSCD95A85E0C8AF49928146DC79233B8748.TMP"

C:\Users\Admin\AppData\Local\Temp\OOSU10.exe

"C:\Users\Admin\AppData\Local\Temp\OOSU10.exe"

C:\Windows\system32\powercfg.exe

"C:\Windows\system32\powercfg.exe" -list

C:\Windows\system32\powercfg.exe

"C:\Windows\system32\powercfg.exe" -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61

C:\Windows\system32\powercfg.exe

"C:\Windows\system32\powercfg.exe" -list

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\powercfg.exe

"C:\Windows\system32\powercfg.exe" /hibernate off

C:\Windows\system32\bcdedit.exe

"C:\Windows\system32\bcdedit.exe" /set {current} bootmenupolicy Legacy

C:\Windows\system32\Taskmgr.exe

"C:\Windows\system32\Taskmgr.exe"

C:\Windows\system32\icacls.exe

"C:\Windows\system32\icacls.exe" C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger /deny SYSTEM:(OI)(CI)F

C:\Windows\system32\cleanmgr.exe

"C:\Windows\system32\cleanmgr.exe" /d C: /VERYLOWDISK

C:\Windows\system32\Dism.exe

"C:\Windows\system32\Dism.exe" /online /Cleanup-Image /StartComponentCleanup /ResetBase

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\dismhost.exe {44A77A7C-4344-4FB9-BEC7-9FFC80EAD08B}

C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\216CFA31-E900-4F5C-828E-54528C366587\dismhost.exe {0D10348C-B75A-4113-8657-41D629E01B25}

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" interface teredo set state disabled

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.16.682745160\798379572" -childID 14 -isForBrowser -prefsHandle 4728 -prefMapHandle 5292 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbc5744b-6a36-4e7c-a02b-e8d1a44ab706} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4952 23797a48658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.17.1550408149\1506372676" -childID 15 -isForBrowser -prefsHandle 10712 -prefMapHandle 10744 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dbf8417-4083-40fd-bee0-d0ae71881e88} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 10688 2379bc85758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.18.2090400572\1359923999" -childID 16 -isForBrowser -prefsHandle 5820 -prefMapHandle 4808 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3900b5c-0103-4947-a4ec-bba0c82e3d56} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5808 237fc65e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.19.1448375654\2114722956" -childID 17 -isForBrowser -prefsHandle 4008 -prefMapHandle 6668 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0adeebcc-9a80-4af4-8366-6bcc3c0f3a7d} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4044 237fc660a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.20.1382434524\1354629737" -childID 18 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4ba7c81-7dd8-438b-a535-e9d59b24d444} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5460 237fc65fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.21.2012626042\491178452" -childID 19 -isForBrowser -prefsHandle 4888 -prefMapHandle 5760 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a807a7a-c560-49a2-b573-5c3183e59bfc} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4860 23797a62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.22.1395271044\1248382817" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6292 -prefMapHandle 6160 -prefsLen 27138 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63eccbc-9e1a-4fa2-8e02-f9ecbeba889b} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 10556 23798c2fb58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.23.1271212577\2039390364" -childID 20 -isForBrowser -prefsHandle 5760 -prefMapHandle 5520 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d2b7b0-1849-4cca-aeb7-a79b3436e851} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4924 237997e3b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.24.94274129\577709804" -childID 21 -isForBrowser -prefsHandle 4848 -prefMapHandle 4248 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c013797-df2e-4842-b120-845cc213c19d} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6048 23798b7d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.25.1326345152\32343249" -childID 22 -isForBrowser -prefsHandle 10044 -prefMapHandle 4872 -prefsLen 27138 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b174c307-af28-483b-8609-7737060e6b8e} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5544 2379a15fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.26.526821536\1044779155" -childID 23 -isForBrowser -prefsHandle 4924 -prefMapHandle 10716 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07afc33c-a105-40aa-bacf-1d02dd0f37ee} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6052 23799690158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.27.1323368989\1427620260" -childID 24 -isForBrowser -prefsHandle 6664 -prefMapHandle 4776 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81af05d4-5dcf-473c-b200-1a25708974e7} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4904 23799692b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.28.824813603\1496995564" -childID 25 -isForBrowser -prefsHandle 5204 -prefMapHandle 10048 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4b59c7-fa6f-445b-b520-42da072bbaa0} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5036 23799690d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.29.256917539\813699770" -childID 26 -isForBrowser -prefsHandle 6772 -prefMapHandle 10708 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48b62df9-f6b0-49aa-a671-13fede6be24b} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 10272 2379811a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.30.1162582250\1280528067" -childID 27 -isForBrowser -prefsHandle 5764 -prefMapHandle 10776 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81d6a163-2dd6-42b8-a3e1-6bb3ad058708} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4544 2379cec1158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.31.1002336881\732280788" -childID 28 -isForBrowser -prefsHandle 6356 -prefMapHandle 5936 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e79fa44-a18f-4859-b11c-b987a28b0502} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9816 2379cec0558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.32.484732287\523398222" -childID 29 -isForBrowser -prefsHandle 9632 -prefMapHandle 9628 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dde8f3e-8f94-443b-82c0-475cb284ddfb} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9640 2379cec2358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.33.1437043808\1584377421" -childID 30 -isForBrowser -prefsHandle 4812 -prefMapHandle 10108 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25381162-bb5e-4d81-908b-990c245ca065} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9540 2379d3c6758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.34.1501156565\626561918" -childID 31 -isForBrowser -prefsHandle 4880 -prefMapHandle 5016 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {001f20d4-adfe-42e2-b483-fe8d99eaa44f} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4488 2379d578f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.35.924474292\616856918" -childID 32 -isForBrowser -prefsHandle 9400 -prefMapHandle 9396 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57a25e8f-035b-4053-a9be-c25befba1aa9} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9408 2379d579e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.36.604338666\267320116" -childID 33 -isForBrowser -prefsHandle 10080 -prefMapHandle 5876 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed2e43e8-9711-417b-8d27-1f122702d5f5} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4876 2379df6bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.37.1253102903\1017174593" -childID 34 -isForBrowser -prefsHandle 9904 -prefMapHandle 3872 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c23ee26-4914-4e57-af4a-7d5a0bb777c7} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4612 2379e554558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.38.2138976801\1946992076" -childID 35 -isForBrowser -prefsHandle 9756 -prefMapHandle 5804 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {208b218f-d20a-4616-82c4-0472ae12f967} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4608 237970dd258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.39.1840435263\1514051278" -childID 36 -isForBrowser -prefsHandle 5252 -prefMapHandle 10092 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88022dfe-de7a-4440-9a5a-76e02c24513c} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9888 2379eb4c658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.40.1840628437\1177777024" -childID 37 -isForBrowser -prefsHandle 9324 -prefMapHandle 9328 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a8873e0-1d33-469c-8d1c-2f3f2a2e07e8} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4536 2379eb4cf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.41.1127739156\23408048" -childID 38 -isForBrowser -prefsHandle 8988 -prefMapHandle 8984 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2227573-9b10-4b3b-bf6d-28761f446c03} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 8896 2379e3e4d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.42.294598104\323435514" -childID 39 -isForBrowser -prefsHandle 8788 -prefMapHandle 10400 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2599b96d-b129-4808-a3e4-8824e283e2a2} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9088 2379edc8058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.43.29472623\1988738269" -childID 40 -isForBrowser -prefsHandle 10728 -prefMapHandle 5820 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78690942-6152-4d43-b6c0-d924d060709e} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 6500 2379e9e2358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.44.1806814373\365273095" -childID 41 -isForBrowser -prefsHandle 8716 -prefMapHandle 8712 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f71c11-fd50-4500-8db4-6e833123f19b} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 8520 2379ef7e758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.45.933136564\1099947894" -childID 42 -isForBrowser -prefsHandle 8076 -prefMapHandle 8080 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90d1c5d9-732a-4038-b18c-a61a0dbab74c} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 8068 2379f3e5058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.46.977914389\756973290" -childID 43 -isForBrowser -prefsHandle 7928 -prefMapHandle 7924 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {171c0261-afd7-4ab7-ba89-cb44f52652d4} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 7936 2379f3e5c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.47.724398265\1324649160" -childID 44 -isForBrowser -prefsHandle 7736 -prefMapHandle 7732 -prefsLen 27195 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f64cb734-0f97-4710-a025-7a933f4e13e7} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 7744 2379f3e6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.48.1080584914\866422255" -childID 45 -isForBrowser -prefsHandle 9612 -prefMapHandle 10704 -prefsLen 27739 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f88abd7-021c-4c16-b3fa-f761f96bf070} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 8960 2379984cb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.49.1054881871\399102205" -childID 46 -isForBrowser -prefsHandle 8684 -prefMapHandle 8676 -prefsLen 27739 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {883ce49f-52d5-4960-97be-2d0089177858} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 8968 2379ece5358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.50.2051084174\1146655943" -childID 47 -isForBrowser -prefsHandle 9364 -prefMapHandle 8968 -prefsLen 27739 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f5d36dd-bf1c-4465-9f3f-be7b442635f0} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 7956 2379f867958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.51.659990149\3326945" -childID 48 -isForBrowser -prefsHandle 8860 -prefMapHandle 8856 -prefsLen 27739 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dae7507-986b-4119-bc83-0b8fe5414150} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 8848 2379f868558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.52.662997135\113017552" -childID 49 -isForBrowser -prefsHandle 10612 -prefMapHandle 5816 -prefsLen 27835 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a5a2061-275d-4757-98ed-7434e4e63ea9} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 9388 2379ce06158 tab

C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe

"C:\Users\Admin\Downloads\dc_portable_ad_bing_20240809.17232083912853b1006409a12039364.exe"

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\DCLoading.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\DCLoading.exe" 6.0.2 0

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\DrvSetup.exe" "C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\drv\win10x64" -install

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe" /AutoUid

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\SetupUE.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\SetupUE.exe" /Disable "{\"Language\":\"English\",\"Version\":\"DiskCopy_Portable_ad_bing\",\"Version_Num\":\"6.0.2\",\"Pageid\":\"17232083912853b1006409a12039364\",\"UE\":\"Off\"}"

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe" /Disable

C:\Windows\SysWOW64\Wbem\wmic.exe

wmic os get caption

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Userinfo" "Attribute" "{\"Language\":\"English\",\"Version\":\"DiskCopy_Portable_ad_bing\",\"Version_Num\":\"6.0.2\",\"Pageid\":\"17232083912853b1006409a12039364\",\"UE\":\"Off\",\"Country\":\"United States\",\"Timezone\":\"GMT-00:00\",\"OS\":\"Microsoft Windows 10 Pro 64-bit (10.0.15063.1.256)\"}"

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EaseUS Disk Copy.exe" "NoNeedSplashWnd" "DCLoading.exe"

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\firebasefetch.exe

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\firebasefetch.exe

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe" https://update.easeus.com/update/tb/config.zip "C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\..\Config.zip" 0 "" 1 5544

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe" https://update.easeus.com/popup/product/dc/exit/en.png "C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\..\res\picture_dc_tmp.png" 0 "" 1 4252

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im DCLoading.exe

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe" https://update.easeus.com/update/dc/dc.ini "C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\dc_update.ini" 0 "" 1 5600

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe

"C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\EuDownload.exe" https://update.easeus.com/update/dc/dc.ini "C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\dc_update.ini" 0 "" 1 6108

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe"

C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5CEPR.tmp\TodoBackup_16.3_Trial.tmp" /SL5="$160462,171656957,539648,C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Trial.exe"

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe"

C:\Users\Admin\AppData\Local\Temp\is-JJVHQ.tmp\TodoBackup_16.3_Free.tmp

"C:\Users\Admin\AppData\Local\Temp\is-JJVHQ.tmp\TodoBackup_16.3_Free.tmp" /SL5="$304C8,171757556,539648,C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\TodoBackup_16.3_Free.exe"

C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe

"C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe" /UninstallStart "C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp"

C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\AliyunWrapExe.Exe /RunInTemp

C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe

"C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\InfoForSetup.exe" /UninstallEnd

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\install-EaseUSprovider.cmd""

C:\Windows\system32\net.exe

net stop vds /Y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop vds /Y

C:\Windows\system32\net.exe

net stop vss /Y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop vss /Y

C:\Windows\system32\net.exe

net stop swprv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop swprv

C:\Windows\system32\reg.exe

reg.exe delete HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VssEaseusProvider /f

C:\Windows\system32\cscript.exe

cscript "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\\register_app.vbs" -unregister "VssEaseusProvider"

C:\Windows\system32\dllhost.exe

C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

C:\Windows\System32\msdtc.exe

C:\Windows\System32\msdtc.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s /u "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\\VssEaseusProvider.dll"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\cscript.exe

cscript "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\register_app.vbs" -register "VssEaseusProvider" "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\VssEaseusProvider.dll" "VSS Easeus Provider"

C:\Windows\system32\RunDll32.exe

RunDll32 catsrvut.dll,QueryUserDll "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\VssEaseusProvider.dll" Global\{41BC3D5A-1102-40B4-BAB6-8BED3294C732}

C:\Windows\system32\RunDll32.exe

RunDll32 catsrvut.dll,QueryUserDll "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\VssEaseusProvider.dll" Global\{AF2DAFE5-BEC2-474B-8DCE-A049C61119B8}

C:\Windows\system32\reg.exe

reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VssEaseusProvider /f

C:\Windows\system32\reg.exe

reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VssEaseusProvider /f /v CustomSource /t REG_DWORD /d 1

C:\Windows\system32\reg.exe

reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VssEaseusProvider /f /v EventMessageFile /t REG_EXPAND_SZ /d "C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\VssEaseusProvider.dll"

C:\Windows\system32\reg.exe

reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VssEaseusProvider /f /v TypesSupported /t REG_DWORD /d 7

C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\drvsetup.exe" "C:\Program Files (x86)\EaseUS\Todo Backup\drv" -install

C:\Windows\System32\InfDefaultInstall.exe

C:\Windows\System32\InfDefaultInstall.exe "C:\Program Files (x86)\EaseUS\Todo Backup\drv\\euimgprt.inf"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SYSTEM32\taskkill.exe

taskkill /F /T /PID 5832

C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\AppSetup.exe" Install

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" install

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe"

C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe" TBConsoleUI.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe" install

C:\Program Files (x86)\EaseUS\Todo Backup\bin\AliyunWrapExe.Exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\AliyunWrapExe.Exe"

C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe" /AutoUid

C:\Program Files (x86)\EaseUS\Todo Backup\bin\SetupUE.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\SetupUE.exe" /Enable "{\"Language\":\"English\",\"Version\":\"TodoBackup_Home_Trial_2406\",\"Version_Num\":\"16.3\",\"Pageid\":\"\",\"UE\":\"On\"}"

C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe" /Enable

C:\Windows\SysWOW64\Wbem\wmic.exe

wmic os get caption

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Userinfo" "Attribute" "{\"Language\":\"English\",\"Version\":\"TodoBackup_Home_Trial_2406\",\"Version_Num\":\"16.3\",\"Pageid\":\"\",\"UE\":\"On\",\"Country\":\"United States\",\"Timezone\":\"GMT-00:00\",\"OS\":\"Microsoft Windows 10 Pro 64-bit (10.0.15063.1.256)\"}"

C:\Program Files (x86)\EaseUS\Todo Backup\bin\FuncRun.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\FuncRun.exe" PIPE:TodoFlSyncProxy66B61367 PARENT:1374

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s fdPHost

C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe"

C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupEnumNetByFD_0.exe

"C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupEnumNetByFD_0.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.fcofix.org udp
US 104.21.69.4:443 api.fcofix.org tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 4.69.21.104.in-addr.arpa udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
N/A 127.0.0.1:49812 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 205.86.155.35.in-addr.arpa udp
N/A 127.0.0.1:49819 tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 wiki.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 christitus.com udp
US 104.26.2.223:443 christitus.com tcp
US 8.8.8.8:53 christitus.com udp
US 8.8.8.8:53 christitus.com udp
US 104.26.2.223:443 christitus.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.251.36.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 223.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 utteranc.es udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 151.101.65.229:443 jsdelivr.map.fastly.net tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.135.141:443 utteranc.es tcp
NL 142.251.36.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 utteranc.es udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 utteranc.es udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 151.101.65.229:443 jsdelivr.map.fastly.net udp
US 172.67.135.141:443 utteranc.es udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
NL 142.251.36.1:443 photos-ugc.l.googleusercontent.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 tracker.metricool.com udp
US 8.8.8.8:53 fonts.bunny.net udp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 104.26.7.108:443 tracker.metricool.com tcp
US 8.8.8.8:53 tracker.metricool.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 bunnyfonts.b-cdn.net udp
GB 143.244.38.136:443 fonts.bunny.net tcp
US 104.16.79.73:443 cloudflareinsights.com tcp
US 8.8.8.8:53 tracker.metricool.com udp
US 8.8.8.8:53 bunnyfonts.b-cdn.net udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
NL 216.58.214.14:443 play.google.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 104.26.7.108:443 tracker.metricool.com udp
US 8.8.8.8:53 api.github.com udp
GB 143.244.38.136:443 fonts.bunny.net tcp
GB 143.244.38.136:443 fonts.bunny.net tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 108.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
NL 142.250.179.174:443 www3.l.google.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 97.39.251.142.in-addr.arpa udp
US 104.26.2.223:443 christitus.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
NL 216.58.214.14:443 play.google.com udp
NL 142.251.36.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 dl5.oo-software.com udp
DE 93.90.192.112:443 dl5.oo-software.com tcp
US 8.8.8.8:53 112.192.90.93.in-addr.arpa udp
NL 142.251.36.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.251.36.14:443 www.youtube.com udp
NL 142.251.36.14:443 www.youtube.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 184.28.176.73:443 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 184.28.176.73:443 www.bing.com udp
US 8.8.8.8:53 theunitysoft.com udp
GB 3.10.14.187:443 theunitysoft.com tcp
US 8.8.8.8:53 theunitysoft.com udp
US 8.8.4.4:53 theunitysoft.com udp
US 8.8.8.8:53 theunitysoft.com udp
US 8.8.4.4:53 theunitysoft.com udp
GB 3.10.14.187:443 theunitysoft.com tcp
GB 3.10.14.187:443 theunitysoft.com tcp
GB 3.10.14.187:443 theunitysoft.com tcp
GB 3.10.14.187:443 theunitysoft.com tcp
GB 3.10.14.187:443 theunitysoft.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 www.google.com udp
GB 54.192.137.125:443 widget.trustpilot.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 sw-themes.com udp
US 151.101.128.176:443 js.stripe.com tcp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.4.4:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
US 8.8.4.4:53 sw-themes.com udp
US 8.8.8.8:53 www.google.com udp
US 104.21.7.63:443 sw-themes.com tcp
US 104.21.7.63:443 sw-themes.com tcp
US 8.8.8.8:53 sw-themes.com udp
US 8.8.8.8:53 73.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 187.14.10.3.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.3.3.8.b.0.0.2.0.0.0.2.0.4.0.4.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 125.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 63.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 176.128.101.151.in-addr.arpa udp
US 8.8.4.4:53 sw-themes.com udp
US 8.8.8.8:53 sw-themes.com udp
US 8.8.4.4:53 0.0.0.0.0.0.0.0.0.0.0.0.3.3.8.b.0.0.2.0.0.0.2.0.4.0.4.0.8.0.8.0.ip6.arpa udp
US 8.8.4.4:53 187.14.10.3.in-addr.arpa udp
US 8.8.4.4:53 176.128.101.151.in-addr.arpa udp
US 8.8.4.4:53 63.7.21.104.in-addr.arpa udp
US 151.101.128.176:443 stripecdn.map.fastly.net udp
NL 142.250.179.196:443 www.google.com udp
US 104.21.7.63:443 sw-themes.com udp
US 8.8.4.4:53 sw-themes.com udp
US 8.8.8.8:53 invitejs.trustpilot.com udp
US 8.8.4.4:53 invitejs.trustpilot.com udp
GB 18.244.140.49:443 invitejs.trustpilot.com tcp
US 8.8.8.8:53 invitejs.trustpilot.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.4.4:53 invitejs.trustpilot.com udp
US 8.8.8.8:53 invitejs.trustpilot.com udp
US 8.8.4.4:53 static.hotjar.com udp
US 8.8.4.4:53 bat.bing.com udp
US 8.8.4.4:53 invitejs.trustpilot.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.4.4:53 region1.analytics.google.com udp
US 8.8.4.4:53 stats.g.doubleclick.net udp
US 8.8.4.4:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.168.195:443 www.google.co.uk tcp
US 8.8.4.4:53 region1.analytics.google.com udp
US 8.8.4.4:53 stats.g.doubleclick.net udp
US 8.8.4.4:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 49.140.244.18.in-addr.arpa udp
US 8.8.4.4:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 widgets.trustedshops.com udp
US 8.8.4.4:53 widgets.trustedshops.com udp
GB 18.172.153.65:443 widgets.trustedshops.com tcp
US 8.8.8.8:53 widgets.trustedshops.com udp
US 8.8.8.8:53 widgets.trustedshops.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
NL 172.217.168.195:443 www.google.co.uk udp
US 13.107.21.237:443 bat.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.4.4:53 65.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.network udp
US 151.101.128.176:443 m.stripe.network tcp
GB 13.224.245.61:443 static-cdn.hotjar.com tcp
US 8.8.8.8:53 61.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.4.4:53 script.hotjar.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 r.stripe.com udp
GB 18.165.227.82:443 script.hotjar.com tcp
US 54.187.159.182:443 r.stripe.com tcp
US 8.8.8.8:53 r.stripe.com udp
US 8.8.8.8:53 r.stripe.com udp
US 8.8.8.8:53 m.stripe.com udp
US 35.82.91.90:443 m.stripe.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 m.stripe.com udp
US 54.187.159.182:443 r.stripe.com tcp
US 54.187.159.182:443 r.stripe.com tcp
US 54.187.159.182:443 r.stripe.com tcp
US 8.8.8.8:53 cdn1.api.trustedshops.com udp
US 8.8.8.8:53 dnb0l6kvo4byp.cloudfront.net udp
GB 18.244.155.29:443 dnb0l6kvo4byp.cloudfront.net tcp
US 8.8.4.4:53 dnb0l6kvo4byp.cloudfront.net udp
US 8.8.8.8:53 dnb0l6kvo4byp.cloudfront.net udp
US 8.8.4.4:53 dnb0l6kvo4byp.cloudfront.net udp
US 8.8.8.8:53 82.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 182.159.187.54.in-addr.arpa udp
US 8.8.8.8:53 90.91.82.35.in-addr.arpa udp
US 8.8.8.8:53 29.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
GB 95.100.245.144:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
GB 184.26.57.234:443 c.s-microsoft.com tcp
US 8.8.8.8:53 e13678.dscg.akamaiedge.net udp
GB 184.26.57.234:443 e13678.dscg.akamaiedge.net tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.4.4:53 e13678.dscg.akamaiedge.net udp
US 8.8.8.8:53 9.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 234.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 cs22.wpc.v0cdn.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 e13678.dscg.akamaiedge.net udp
GB 184.26.57.234:443 e13678.dscg.akamaiedge.net tcp
GB 184.26.57.234:443 e13678.dscg.akamaiedge.net tcp
US 8.8.8.8:53 cs22.wpc.v0cdn.net udp
US 8.8.4.4:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 c.microsoft.com udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
US 8.8.8.8:53 ov-df.microsoft.com udp
US 8.8.8.8:53 az416426.vo.msecnd.net udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.4.4:53 ov-df.microsoft.com udp
US 8.8.8.8:53 cs9.wpc.v0cdn.net udp
NL 20.31.161.73:443 ov-df.microsoft.com tcp
US 8.8.8.8:53 dfp-greenid-prod-pme.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.8.8:53 cs9.wpc.v0cdn.net udp
US 8.8.8.8:53 dfp-greenid-prod-pme.westeurope.cloudapp.azure.com udp
US 8.8.4.4:53 cs9.wpc.v0cdn.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 h.online-metrix.net udp
US 8.8.8.8:53 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha5de21131f19dd4a5am1.e.aa.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 h64.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 h.online-metrix.net udp
US 8.8.8.8:53 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha5de21131f19dd4a5am1.e.aa.online-metrix.net udp
US 8.8.8.8:53 eu-aa.online-metrix.net udp
US 8.8.8.8:53 h64.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha5de21131f19dd4a5am1.e.aa.online-metrix.net tcp
US 192.225.158.1:443 h64.online-metrix.net tcp
US 8.8.8.8:53 h.online-metrix.net udp
US 8.8.8.8:53 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha5de21131f19dd4a5am1.e.aa.online-metrix.net udp
US 8.8.4.4:53 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 8.8.4.4:53 h64.online-metrix.net udp
US 8.8.8.8:53 h64.online-metrix.net udp
US 8.8.4.4:53 h64.online-metrix.net udp
US 8.8.8.8:53 182.133.235.91.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 73.161.31.20.in-addr.arpa udp
US 8.8.8.8:53 130.132.235.91.in-addr.arpa udp
US 8.8.8.8:53 131.134.235.91.in-addr.arpa udp
US 8.8.8.8:53 129.132.235.91.in-addr.arpa udp
US 8.8.8.8:53 1.158.225.192.in-addr.arpa udp
US 8.8.4.4:53 1.158.225.192.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.73.26:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdeus09.eastus.cloudapp.azure.com udp
US 20.42.73.26:443 onedscolprdeus09.eastus.cloudapp.azure.com tcp
US 8.8.8.8:53 onedscolprdeus09.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
US 8.8.4.4:53 26.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 dfp-greenid-prod-pme.westeurope.cloudapp.azure.com udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
NL 20.50.88.233:443 dc.services.visualstudio.com tcp
NL 20.50.88.233:443 dc.services.visualstudio.com tcp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-2-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.4.4:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-2-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 fpt.dfp.microsoft.com udp
NL 20.31.161.73:443 fpt.dfp.microsoft.com tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha225916645602298bam1.e.aa.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha225916645602298bam1.e.aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha225916645602298bam1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31hmvhjlxnyhejypkctcrx7tuo523ajgha225916645602298bam1.e.aa.online-metrix.net tcp
US 192.225.158.1:443 h64.online-metrix.net tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 233.88.50.20.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus16.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus16.centralus.cloudapp.azure.com udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.4.4:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.4.4:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-1-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-1-app-v4-tag.westeurope.cloudapp.azure.com udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-5-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-5-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.4.4:53 h-microsoft.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.4.4:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.4.4:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-7-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-7-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.4.4:53 vlscppe.microsoft.com udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.4.4:53 h-microsoft.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.4.4:53 mem.gfx.ms udp
US 8.8.4.4:53 c.s-microsoft.com udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 e13678.dscg.akamaiedge.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 ov-df.microsoft.com udp
US 8.8.4.4:53 e13678.dscg.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscg.akamaiedge.net udp
US 8.8.4.4:53 ov-df.microsoft.com udp
US 8.8.8.8:53 dfp-greenid-prod-pme.westeurope.cloudapp.azure.com udp
US 8.8.4.4:53 e13678.dscg.akamaiedge.net udp
US 8.8.8.8:53 dfp-greenid-prod-pme.westeurope.cloudapp.azure.com udp
US 8.8.4.4:53 dfp-greenid-prod-pme.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 h.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej318f104b7330d695am1.e.aa.online-metrix.net udp
US 8.8.8.8:53 h64.online-metrix.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.4.4:53 h.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej2e2a71c1e78eb59cam1.e.aa.online-metrix.net udp
US 8.8.8.8:53 h64.online-metrix.net udp
US 8.8.8.8:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej318f104b7330d695am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej318f104b7330d695am1.e.aa.online-metrix.net tcp
US 192.225.158.1:443 h64.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej2e2a71c1e78eb59cam1.e.aa.online-metrix.net udp
US 8.8.8.8:53 h64.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej318f104b7330d695am1.e.aa.online-metrix.net udp
US 8.8.4.4:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej2e2a71c1e78eb59cam1.e.aa.online-metrix.net udp
US 8.8.8.8:53 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej2e2a71c1e78eb59cam1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31wlfzvkanmkozhq6vttewewsplum5d5ej2e2a71c1e78eb59cam1.e.aa.online-metrix.net tcp
US 192.225.158.1:443 h64.online-metrix.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdgwc03.germanywestcentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdgwc03.germanywestcentral.cloudapp.azure.com udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.4.4:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-1-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-1-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.4.4:53 vlscppe.microsoft.com udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.8.8:53 h-microsoft.online-metrix.net udp
US 8.8.4.4:53 h-microsoft.online-metrix.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
NL 91.235.133.182:443 h-microsoft.online-metrix.net tcp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-1-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-g-prod-westeurope-1-app-v4-tag.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 www.thewindowsclub.com udp
US 104.26.6.120:443 www.thewindowsclub.com tcp
US 8.8.8.8:53 www.thewindowsclub.com udp
US 8.8.4.4:53 www.thewindowsclub.com udp
US 8.8.8.8:53 www.thewindowsclub.com udp
US 104.26.6.120:443 www.thewindowsclub.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 player.anyclip.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.21.87.79:443 go.ezodn.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.4.4:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
GB 87.248.212.11:443 player.anyclip.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.4.4:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 anyclip-1.hs.llnwd.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 120.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.212.248.87.in-addr.arpa udp
US 8.8.8.8:53 anyclip-1.hs.llnwd.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 104.21.87.79:443 go.ezodn.com udp
US 8.8.4.4:53 120.6.26.104.in-addr.arpa udp
US 8.8.4.4:53 186.199.67.172.in-addr.arpa udp
US 8.8.4.4:53 11.212.248.87.in-addr.arpa udp
US 8.8.4.4:53 the.gatekeeperconsent.com udp
US 8.8.4.4:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 8.8.8.8:53 pixel.anyclip.com udp
US 8.8.8.8:53 marketplace.anyclip.com udp
US 8.8.8.8:53 config.anyclip.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 pixel.anyclip.com udp
US 8.8.8.8:53 marketplace.anyclip.com udp
US 3.213.27.87:443 pixel.anyclip.com tcp
US 3.213.27.87:443 pixel.anyclip.com tcp
US 34.226.72.26:443 marketplace.anyclip.com tcp
GB 87.248.212.11:443 config.anyclip.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 pixel.anyclip.com udp
US 8.8.8.8:53 marketplace.anyclip.com udp
US 8.8.8.8:53 trafficmanager.anyclip.com udp
US 8.8.4.4:53 pixel.anyclip.com udp
US 8.8.8.8:53 ipv4.icanhazip.com udp
US 8.8.8.8:53 assets.anyclip.com udp
US 8.8.8.8:53 vid.springserve.com udp
US 3.213.27.87:443 pixel.anyclip.com tcp
US 172.67.142.121:443 bshr.ezodn.com udp
US 8.8.8.8:53 trafficmanager.anyclip.com udp
US 52.1.113.81:443 trafficmanager.anyclip.com tcp
US 52.1.113.81:443 trafficmanager.anyclip.com tcp
US 104.16.185.241:443 ipv4.icanhazip.com tcp
US 8.8.8.8:53 ipv4.icanhazip.com udp
NL 87.248.202.119:443 assets.anyclip.com tcp
US 8.8.8.8:53 vid.springserve.com udp
US 8.8.8.8:53 trafficmanager.anyclip.com udp
US 8.8.8.8:53 ipv4.icanhazip.com udp
US 8.8.8.8:53 vid.springserve.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 26.72.226.34.in-addr.arpa udp
US 8.8.8.8:53 87.27.213.3.in-addr.arpa udp
US 8.8.8.8:53 241.185.16.104.in-addr.arpa udp
US 8.8.4.4:53 trafficmanager.anyclip.com udp
US 104.16.185.241:443 ipv4.icanhazip.com udp
US 8.8.4.4:53 ipv4.icanhazip.com udp
US 8.8.4.4:53 vid.springserve.com udp
IE 52.16.62.78:443 vid.springserve.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 119.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 78.62.16.52.in-addr.arpa udp
US 8.8.8.8:53 81.113.1.52.in-addr.arpa udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 g.ezoic.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 172.217.168.195:443 www.google.co.uk tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
NL 172.217.168.195:443 www.google.co.uk udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 secure.quantserve.com udp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.4.4:53 global.px.quantserve.com udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.4.4:53 rules.quantcount.com udp
GB 18.245.187.41:443 rules.quantcount.com tcp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
NL 87.248.202.119:443 assets.anyclip.com tcp
US 8.8.4.4:53 d2fashanjl7d9f.cloudfront.net udp
FR 3.165.118.121:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 41.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 pixel.quantserve.com udp
NL 87.248.202.119:443 assets.anyclip.com tcp
NL 87.248.202.119:443 assets.anyclip.com tcp
US 8.8.8.8:53 trafficmanager.anyclip.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
DE 91.228.74.200:443 pixel.quantserve.com tcp
FR 3.165.118.121:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn5.anyclip.com udp
US 8.8.4.4:53 config.aps.amazon-adsystem.com udp
GB 87.248.212.11:443 cdn5.anyclip.com tcp
US 8.8.8.8:53 anyclip-1.hs.llnwd.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.4.4:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.4.4:53 cdn.hadronid.net udp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
NL 23.218.48.210:443 e4536.g.akamaiedge.net tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 marketplace.anyclip.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 104.22.4.69:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.4.4:53 bcp.crwdcntrl.net udp
IE 52.48.186.154:443 bcp.crwdcntrl.net tcp
IE 52.48.186.154:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.4.4:53 id.hadron.ad.gt.cdn.cloudflare.net udp
NL 172.217.23.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 121.118.165.3.in-addr.arpa udp
US 8.8.8.8:53 106.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 100.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 210.48.218.23.in-addr.arpa udp
US 8.8.8.8:53 34.189.245.18.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 154.186.48.52.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
NL 172.217.23.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 wrappers.geoedge.be udp
US 8.8.8.8:53 rumcdn.geoedge.be udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 172.67.23.234:443 a.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
GB 18.165.227.13:443 wrappers.geoedge.be tcp
US 8.8.8.8:53 d34psiby7ky5o6.cloudfront.net udp
US 8.8.4.4:53 rumcdn.geoedge.be udp
US 8.8.4.4:53 a.ad.gt.cdn.cloudflare.net udp
FR 3.165.136.51:443 rumcdn.geoedge.be tcp
US 8.8.8.8:53 d1bqktvj79b0wh.cloudfront.net udp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.4.4:53 d34psiby7ky5o6.cloudfront.net udp
US 8.8.8.8:53 d1bqktvj79b0wh.cloudfront.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 d34psiby7ky5o6.cloudfront.net udp
US 8.8.8.8:53 tag.1rx.io udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 tag.1rx.io udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 52.24.140.246:443 ids.ad.gt tcp
US 52.24.140.246:443 ids.ad.gt tcp
NL 142.251.39.102:443 s0.2mdn.net tcp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 ids.ad.gt udp
DE 51.89.9.251:443 onetag-sys.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 104.22.4.69:443 p.ad.gt tcp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pug-ams-bc.pubmnet.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 pug-ams-bc.pubmnet.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 0cd9a294c04d407c0cbd071f8be81dbf.safeframe.googlesyndication.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
NL 142.251.39.102:443 s0.2mdn.net udp
DE 51.89.9.251:443 onetag-sys.com udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
NL 142.250.179.193:443 0cd9a294c04d407c0cbd071f8be81dbf.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 sync.1rx.io udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pixels.ad.gt udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 static.fr3.vip.prod.criteo.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 104.22.5.69:443 pixels.ad.gt tcp
NL 216.58.208.98:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 static.fr3.vip.prod.criteo.net udp
US 8.8.4.4:53 p.ad.gt.cdn.cloudflare.net udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 34.102.146.192:443 oa.openxcdn.net udp
NL 142.250.179.193:443 pagead-googlehosted.l.google.com udp
US 8.8.4.4:53 static.fr3.vip.prod.criteo.net udp
US 8.8.4.4:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 150.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 13.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 51.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 102.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 246.140.24.52.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.4.4:53 pixels.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com.cdn.cloudflare.net tcp
FR 178.250.7.2:443 static.fr3.vip.prod.criteo.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.4.4:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 oajs.openx.net udp
NL 216.58.208.98:443 pubads.g.doubleclick.net udp
US 8.8.4.4:53 tpc.googlesyndication.com udp
US 34.96.70.87:443 invstatic101.creativecdn.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
NL 198.47.127.205:443 pug-ams-bc.pubmnet.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.net.akadns.net tcp
NL 142.251.39.98:443 cm.g.doubleclick.net tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.255.218.202:443 dpm.demdex.net tcp
NL 142.251.39.98:443 cm.g.doubleclick.net tcp
US 34.120.135.53:443 oajs.openx.net udp
US 216.239.32.3:443 csi.gstatic.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.251.39.98:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 gum.criteo.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 bid.contextweb.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 172.67.14.119:443 prebid.smilewanted.com tcp
US 8.8.8.8:53 prebid.smilewanted.com udp
NL 208.93.169.131:443 bid.contextweb.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 202.218.255.34.in-addr.arpa udp
DE 54.93.228.39:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.4.4:53 prebid.smilewanted.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.4.4:53 2.7.250.178.in-addr.arpa udp
US 8.8.4.4:53 117.174.228.46.in-addr.arpa udp
US 8.8.4.4:53 prebid.smilewanted.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.4.4:53 htlb.casalemedia.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 119.14.67.172.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 39.228.93.54.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
NL 142.250.179.129:443 cdn-content.ampproject.org tcp
NL 142.250.179.129:443 cdn-content.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
NL 142.250.179.129:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.4.4:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc5.fr3.eu.criteo.com udp
US 8.8.8.8:53 gbc8.nl3.eu.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
NL 185.235.87.249:443 gbc8.nl3.eu.criteo.com tcp
FR 185.235.86.145:443 gbc5.fr3.eu.criteo.com tcp
US 8.8.8.8:53 gbc8.nl3.eu.criteo.com udp
US 8.8.8.8:53 gbc5.fr3.eu.criteo.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.4.4:53 dnacdn.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 104.22.31.209:443 csync.smilewanted.com tcp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.4.4:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 marketplace.anyclip.com udp
NL 185.235.87.249:443 gbc8.nl3.eu.criteo.com tcp
FR 185.235.86.145:443 gbc5.fr3.eu.criteo.com tcp
US 8.8.8.8:53 marketplace.anyclip.com udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 209.31.22.104.in-addr.arpa udp
US 8.8.8.8:53 web.hb.ad.cpe.dotomi.com udp
US 8.8.8.8:53 adx.adform.net udp
NL 89.207.16.210:443 web.hb.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
DK 37.157.6.232:443 adx.adform.net tcp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.4.4:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 pixel-origin.mathtag.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 pixel-origin.mathtag.com udp
US 8.8.4.4:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 static.smilewanted.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 ssbsync-euw2.smartadserver.com udp
US 8.8.4.4:53 spl.zeotap.com udp
US 104.22.50.98:443 spl.zeotap.com tcp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.4.4:53 x.bidswitch.net udp
US 8.8.4.4:53 static.smilewanted.com udp
US 104.22.30.209:443 static.smilewanted.com tcp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
US 8.8.8.8:53 ssbsync-euw2.smartadserver.com udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 spl.zeotap.com udp
NL 35.214.199.88:443 dorpat.geo.iponweb.net tcp
US 74.121.140.211:443 pixel-origin.mathtag.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
FR 154.54.250.80:443 eu-west-dual.ads.stickyadstv.com.akadns.net tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 82.145.213.8:443 outspot2-ams.adx.opera.com tcp
FR 51.178.195.213:443 ssbsync-euw2.smartadserver.com tcp
GB 185.64.191.214:443 imagsync-lhrpairbc.pubmatic.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
FR 217.182.178.234:443 sync.smartadserver.com tcp
US 8.8.4.4:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.net.akadns.net tcp
US 8.8.4.4:53 spl.zeotap.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.4.4:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 static.smilewanted.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 rtb-csync-euw2.smartadserver.com udp
US 8.8.8.8:53 static.smilewanted.com udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 rtb-csync-euw2.smartadserver.com udp
US 8.8.8.8:53 ice.360yield.com udp
NL 35.214.199.88:443 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.4.4:53 ice.360yield.com udp
IE 52.49.132.11:443 ice.360yield.com tcp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.4.4:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
IE 52.48.95.220:443 ap.lijit.com tcp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 210.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 213.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 234.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 211.140.121.74.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.4.4:53 98.50.22.104.in-addr.arpa udp
US 8.8.4.4:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 us.shb-sync.com udp
DK 37.157.2.230:443 cm.adform.net tcp
GB 18.165.201.92:443 s.ad.smaato.net tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 11.132.49.52.in-addr.arpa udp
US 8.8.8.8:53 220.95.48.52.in-addr.arpa udp
US 8.8.8.8:53 92.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 tag.1rx.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 142.250.179.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.4.4:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.4.4:53 a19.dscg10.akamai.net udp
NL 142.250.179.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-4g5lzney.gvt1.com udp
DE 74.125.163.138:443 r5---sn-4g5lzney.gvt1.com tcp
US 8.8.8.8:53 r5.sn-4g5lzney.gvt1.com udp
US 8.8.8.8:53 r5.sn-4g5lzney.gvt1.com udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 138.163.125.74.in-addr.arpa udp
DE 74.125.163.138:443 r5.sn-4g5lzney.gvt1.com udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 184.28.176.35:443 e86303.dscx.akamaiedge.net udp
GB 184.28.176.35:443 e86303.dscx.akamaiedge.net tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.4.4:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 www.easeus.com udp
US 8.8.8.8:53 35.176.28.184.in-addr.arpa udp
US 8.8.4.4:53 www.easeus.com udp
US 104.18.6.90:443 www.easeus.com tcp
US 8.8.8.8:53 www.easeus.com.cdn.cloudflare.net udp
US 8.8.8.8:53 www.easeus.com.cdn.cloudflare.net udp
US 8.8.4.4:53 www.easeus.com.cdn.cloudflare.net udp
US 8.8.8.8:53 90.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 scripts.prdredir.com udp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 104.18.30.27:443 scripts.prdredir.com tcp
US 8.8.8.8:53 scripts.prdredir.com udp
US 8.8.8.8:53 scripts.prdredir.com udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.4.4:53 scripts.prdredir.com udp
US 8.8.8.8:53 chengduyiwokeji-haiwai.datasink.datasjourney.com udp
US 8.8.4.4:53 chengduyiwokeji-haiwai.datasink.datasjourney.com udp
US 8.8.8.8:53 platform-api.sharethis.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 dynamic.criteo.com udp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 platform-api.sharethis.com udp
GB 54.192.137.11:443 widget.trustpilot.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
GB 95.101.143.232:443 cdn.livechatinc.com tcp
US 8.8.4.4:53 connect.facebook.net udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 platform-api.sharethis.com udp
US 8.8.8.8:53 rtg.prdredir.com udp
US 8.8.8.8:53 mc.yandex.ru udp
US 104.18.30.27:443 rtg.prdredir.com tcp
US 8.8.8.8:53 e39296.f.akamaiedge.net udp
US 8.8.8.8:53 dynamic.nl3.vip.prod.criteo.com udp
JP 47.74.32.22:443 chengduyiwokeji-haiwai.datasink.datasjourney.com tcp
JP 47.74.32.22:443 chengduyiwokeji-haiwai.datasink.datasjourney.com tcp
JP 47.74.32.22:443 chengduyiwokeji-haiwai.datasink.datasjourney.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.4.4:53 dynamic.nl3.vip.prod.criteo.com udp
US 8.8.4.4:53 e39296.f.akamaiedge.net udp
US 8.8.8.8:53 dynamic.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 e39296.f.akamaiedge.net udp
US 8.8.8.8:53 27.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 11.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 232.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 rtg.prdredir.com udp
GB 108.138.217.99:443 platform-api.sharethis.com tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
IT 157.240.231.1:443 scontent.xx.fbcdn.net tcp
NL 178.250.1.13:443 dynamic.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com udp
US 8.8.4.4:53 9.50.17.84.in-addr.arpa udp
US 8.8.4.4:53 27.30.18.104.in-addr.arpa udp
US 8.8.4.4:53 232.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 rtg.prdredir.com udp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
US 8.8.8.8:53 api.livechatinc.com udp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
US 8.8.4.4:53 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com udp
US 8.8.4.4:53 rtg.prdredir.com udp
US 8.8.8.8:53 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com udp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
US 8.8.8.8:53 e39296.b.akamaiedge.net udp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
US 8.8.4.4:53 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com udp
GB 92.123.26.161:443 api.livechatinc.com tcp
US 8.8.8.8:53 l.sharethis.com udp
IT 157.240.231.1:443 scontent.xx.fbcdn.net udp
IE 99.80.231.207:443 l.sharethis.com tcp
US 8.8.8.8:53 httplogserver-lb.global.unified-prod.sharethis.net udp
US 8.8.8.8:53 httplogserver-lb.global.unified-prod.sharethis.net udp
US 8.8.4.4:53 httplogserver-lb.global.unified-prod.sharethis.net udp
US 8.8.8.8:53 99.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 13.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 1.231.240.157.in-addr.arpa udp
US 8.8.8.8:53 22.32.74.47.in-addr.arpa udp
US 8.8.8.8:53 78.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 161.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 207.231.80.99.in-addr.arpa udp
US 8.8.8.8:53 down.easeus.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.4.4:53 99.217.138.108.in-addr.arpa udp
US 8.8.4.4:53 22.32.74.47.in-addr.arpa udp
US 8.8.4.4:53 207.231.80.99.in-addr.arpa udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
US 8.8.4.4:53 down.easeus.com udp
GB 13.224.132.88:443 down.easeus.com tcp
US 8.8.8.8:53 db7wz9u6tfe6a.cloudfront.net udp
US 8.8.8.8:53 db7wz9u6tfe6a.cloudfront.net udp
US 8.8.4.4:53 db7wz9u6tfe6a.cloudfront.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 download2.easeus.com udp
US 8.8.4.4:53 download2.easeus.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 88.132.224.13.in-addr.arpa udp
US 8.8.4.4:53 119.21.88.77.in-addr.arpa udp
GB 18.245.218.71:443 download2.easeus.com tcp
US 8.8.8.8:53 d1kp3984eicvmo.cloudfront.net udp
US 8.8.8.8:53 d1kp3984eicvmo.cloudfront.net udp
US 8.8.8.8:53 71.218.245.18.in-addr.arpa udp
US 8.8.4.4:53 71.218.245.18.in-addr.arpa udp
RU 77.88.21.119:443 mc.yandex.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 buttons-config.sharethis.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 s-part-0036.t-0009.fb-t-msedge.net udp
GB 18.245.143.93:443 buttons-config.sharethis.com tcp
US 13.107.253.64:443 www.clarity.ms tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.4.4:53 udp
US 8.8.4.4:53 s-part-0036.t-0009.fb-t-msedge.net udp
US 8.8.8.8:53 d2znr2yi078d75.cloudfront.net udp
US 8.8.8.8:53 s-part-0036.t-0009.fb-t-msedge.net udp
US 8.8.8.8:53 platform-cdn.sharethis.com udp
US 8.8.8.8:53 count-server.sharethis.com udp
US 8.8.4.4:53 s-part-0036.t-0009.fb-t-msedge.net udp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.154.84.92:443 count-server.sharethis.com tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 d3oiwf0xhhk8m1.cloudfront.net udp
US 8.8.8.8:53 count-server.sharethis.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.4.4:53 count-server.sharethis.com udp
US 8.8.4.4:53 d3oiwf0xhhk8m1.cloudfront.net udp
US 8.8.4.4:53 c.clarity.ms udp
US 8.8.4.4:53 www.facebook.com udp
US 8.8.8.8:53 93.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 d3oiwf0xhhk8m1.cloudfront.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.4.4:53 93.143.245.18.in-addr.arpa udp
US 8.8.4.4:53 64.253.107.13.in-addr.arpa udp
US 8.8.4.4:53 d3oiwf0xhhk8m1.cloudfront.net udp
US 8.8.4.4:53 count-server.sharethis.com udp
US 8.8.4.4:53 star-mini.c10r.facebook.com udp
NL 142.250.179.196:443 www.google.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.4.4:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.4.4:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.4.4:53 c-msn-com-nsatc.trafficmanager.net udp
IE 13.74.129.1:443 c-msn-com-nsatc.trafficmanager.net tcp
IT 157.240.231.35:443 star-mini.c10r.facebook.com tcp
NL 172.217.168.195:443 www.google.co.uk udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 26.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 92.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 35.231.240.157.in-addr.arpa udp
IT 157.240.231.35:443 star-mini.c10r.facebook.com udp
US 8.8.4.4:53 h.clarity.ms udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com udp
US 8.8.4.4:53 26.201.165.18.in-addr.arpa udp
US 8.8.4.4:53 92.84.154.18.in-addr.arpa udp
US 8.8.4.4:53 1.129.74.13.in-addr.arpa udp
US 8.8.4.4:53 35.231.240.157.in-addr.arpa udp
US 8.8.8.8:53 vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc8.nl3.eu.criteo.com udp
NL 185.235.87.249:443 gbc8.nl3.eu.criteo.com tcp
FR 185.235.86.145:443 gbc5.fr3.eu.criteo.com tcp
NL 185.235.87.249:443 gbc8.nl3.eu.criteo.com tcp
FR 185.235.86.145:443 gbc5.fr3.eu.criteo.com tcp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 track.easeus.com udp
US 8.8.4.4:53 track.easeus.com udp
US 8.8.8.8:53 update.easeus.com udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
US 8.8.4.4:53 update.easeus.com udp
NL 172.217.168.234:443 firebaseremoteconfig.googleapis.com tcp
GB 163.171.146.54:80 track.easeus.com tcp
GB 13.224.132.15:443 update.easeus.com tcp
N/A 127.0.0.1:58808 tcp
GB 13.224.132.15:443 update.easeus.com tcp
US 8.8.8.8:53 54.146.171.163.in-addr.arpa udp
US 8.8.8.8:53 15.132.224.13.in-addr.arpa udp
GB 13.224.132.15:443 update.easeus.com tcp
GB 13.224.132.15:443 update.easeus.com tcp
US 8.8.8.8:53 kb.easeus.com udp
US 8.8.4.4:53 kb.easeus.com udp
GB 99.84.9.9:80 kb.easeus.com tcp
GB 99.84.9.9:80 kb.easeus.com tcp
GB 99.84.9.9:443 kb.easeus.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 18.245.147.27:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 9.9.84.99.in-addr.arpa udp
US 8.8.8.8:53 181.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
GB 99.84.9.9:443 kb.easeus.com tcp
GB 99.84.9.9:443 kb.easeus.com tcp
GB 99.84.9.9:443 kb.easeus.com tcp
GB 99.84.9.9:443 kb.easeus.com tcp
GB 99.84.9.9:443 kb.easeus.com tcp
US 8.8.8.8:53 w.likebtn.com udp
US 172.67.71.194:443 w.likebtn.com tcp
US 172.67.71.194:443 w.likebtn.com tcp
US 104.18.6.90:443 www.easeus.com.cdn.cloudflare.net tcp
US 104.18.6.90:443 www.easeus.com.cdn.cloudflare.net tcp
GB 99.84.9.9:443 kb.easeus.com tcp
GB 99.84.9.9:443 kb.easeus.com tcp
NL 142.250.179.131:80 www.gstatic.com tcp
US 8.8.8.8:53 27.147.245.18.in-addr.arpa udp
US 8.8.8.8:53 194.71.67.172.in-addr.arpa udp
GB 18.245.147.27:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 pv.likebtn.com udp
US 8.8.8.8:53 wi.likebtn.com udp
US 104.26.1.219:443 wi.likebtn.com tcp
US 104.26.1.219:443 wi.likebtn.com tcp
US 8.8.4.4:53 pv.likebtn.com udp
US 104.26.1.219:443 pv.likebtn.com tcp
US 104.26.1.219:443 pv.likebtn.com tcp
US 8.8.8.8:53 219.1.26.104.in-addr.arpa udp
US 8.8.4.4:53 219.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 8.8.4.4:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 8.97.252.47.in-addr.arpa udp
US 8.8.4.4:53 8.97.252.47.in-addr.arpa udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 104.18.6.90:443 www.easeus.com.cdn.cloudflare.net tcp
US 104.18.6.90:443 www.easeus.com.cdn.cloudflare.net tcp
GB 89.187.167.39:443 cdn.consentmanager.net tcp
GB 89.187.167.39:443 cdn.consentmanager.net tcp
US 104.18.30.27:443 rtg.prdredir.com tcp
US 104.18.30.27:443 rtg.prdredir.com tcp
NL 142.250.179.131:80 www.gstatic.com tcp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
GB 54.192.137.11:443 widget.trustpilot.com tcp
GB 54.192.137.11:443 widget.trustpilot.com tcp
US 8.8.8.8:53 bat.bing.com udp
RU 93.158.134.119:443 mc.yandex.com tcp
RU 93.158.134.119:443 mc.yandex.com tcp
IT 157.240.231.1:443 scontent.xx.fbcdn.net tcp
IT 157.240.231.1:443 scontent.xx.fbcdn.net tcp
NL 178.250.1.13:443 dynamic.nl3.vip.prod.criteo.com tcp
NL 178.250.1.13:443 dynamic.nl3.vip.prod.criteo.com tcp
US 8.8.4.4:53 o.pki.goog udp
US 13.107.21.237:443 bat.bing.com tcp
US 13.107.21.237:443 bat.bing.com tcp
NL 142.250.179.131:80 o.pki.goog tcp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 39.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
GB 23.200.147.33:80 r10.o.lencr.org tcp
US 8.8.4.4:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 33.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 sslwidget.criteo.com udp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.117.16:443 widget.us.criteo.com tcp
US 74.119.117.16:443 widget.us.criteo.com tcp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 16.117.119.74.in-addr.arpa udp
US 8.8.8.8:53 cdn.livechatinc.com udp
US 8.8.4.4:53 cdn.livechatinc.com udp
GB 95.101.143.232:443 cdn.livechatinc.com tcp
GB 95.101.143.232:443 cdn.livechatinc.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.easeus-down.com udp
US 8.8.4.4:53 www.easeus-down.com udp
GB 18.244.179.124:443 www.easeus-down.com tcp
GB 18.244.179.124:443 www.easeus-down.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
GB 18.245.147.27:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 124.179.244.18.in-addr.arpa udp
GB 18.244.179.124:443 www.easeus-down.com tcp
US 8.8.8.8:53 update.easeus.com udp
US 8.8.4.4:53 update.easeus.com udp
GB 13.224.132.8:443 update.easeus.com tcp
GB 13.224.132.8:443 update.easeus.com tcp
US 8.8.8.8:53 8.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 8.8.4.4:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 184.28.176.107:443 www.bing.com tcp
GB 184.28.176.107:443 www.bing.com tcp
US 8.8.8.8:53 14.97.252.47.in-addr.arpa udp
US 8.8.8.8:53 107.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.4.4:53 14.97.252.47.in-addr.arpa udp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 13.224.132.8:443 update.easeus.com tcp
GB 13.224.132.8:443 update.easeus.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 track.easeus.com udp
US 8.8.4.4:53 track.easeus.com udp
GB 163.171.146.43:80 track.easeus.com tcp
US 8.8.8.8:53 43.146.171.163.in-addr.arpa udp
US 8.8.4.4:53 43.146.171.163.in-addr.arpa udp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 163.171.146.43:80 track.easeus.com tcp
US 104.18.6.90:443 www.easeus.com.cdn.cloudflare.net tcp
US 104.18.6.90:443 www.easeus.com.cdn.cloudflare.net tcp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
JP 47.74.32.22:443 alb-kswlcqbz2635ovcujr.ap-northeast-1.alb.aliyuncs.com tcp
US 8.8.8.8:53 update.easeus.com udp
US 8.8.4.4:53 update.easeus.com udp
GB 13.224.132.15:443 update.easeus.com tcp
GB 13.224.132.15:443 update.easeus.com tcp
GB 13.224.132.15:443 update.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.4.4:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 ocsp.starfieldtech.com udp
US 8.8.4.4:53 connect.facebook.net udp
IT 157.240.231.1:443 connect.facebook.net tcp
IT 157.240.231.1:443 connect.facebook.net tcp
US 8.8.4.4:53 ocsp.starfieldtech.com udp
US 192.124.249.23:80 ocsp.starfieldtech.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.18.30.27:443 rtg.prdredir.com tcp
US 104.18.30.27:443 rtg.prdredir.com tcp
GB 13.224.132.15:443 update.easeus.com tcp
GB 13.224.132.15:443 update.easeus.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.4.4:53 cdn.pushcrew.com udp
US 104.22.1.247:443 cdn.pushcrew.com tcp
US 104.22.1.247:443 cdn.pushcrew.com tcp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 23.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 185.235.87.249:443 gbc8.nl3.eu.criteo.com tcp
NL 185.235.87.249:443 gbc8.nl3.eu.criteo.com tcp
FR 185.235.86.145:443 gbc5.fr3.eu.criteo.com tcp
FR 185.235.86.145:443 gbc5.fr3.eu.criteo.com tcp
US 8.8.8.8:53 247.1.22.104.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
N/A 239.255.255.250:3702 udp
NL 185.235.87.250:443 gbc8.nl3.eu.criteo.com tcp
NL 185.235.87.250:443 gbc8.nl3.eu.criteo.com tcp
FR 185.235.86.148:443 gbc5.fr3.eu.criteo.com tcp
FR 185.235.86.148:443 gbc5.fr3.eu.criteo.com tcp
N/A 239.255.255.250:3702 udp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
US 74.119.117.16:443 widget.us.criteo.com tcp
US 74.119.117.16:443 widget.us.criteo.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 13.107.21.237:443 bat.bing.com tcp
US 13.107.21.237:443 bat.bing.com tcp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\c06ebda6-6a65-4c06-a063-a392a7fb202b

MD5 3fb944674fbebab9ea4507f8df771f70
SHA1 429b29730e9866bfe7a4a53c861b54d1168c3b3c
SHA256 25585f790805fc21b98cb5afdaf591066efafe0330782be30b28fd17e6d5907a
SHA512 1dc30aa7581cf960bbeda01c87c0000630c69d694dbd309f55bbc8ec54e9de0e850a292a5b16b66000e926a2fffe272de7d5f83cf26ebcd89f2f509a5b632094

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\eb45b6fa-a4f9-4fd4-ba46-9b7047c6718c

MD5 3987f4ba7c40ab4cefcb0ad5aba832b6
SHA1 31740ba4164061633727812372ffb6b829bd9908
SHA256 255fb9b9443ea1a32de93892a51435c55b4a88adb16312baac4be6ea136dc47b
SHA512 4255a3b390387c086ac5c67fda0389c6be3036836c96c4184b510667ab92e2822a3c9c05fe275c5c387360dd397da5fb60becb554e4c97ed6e47209990c9cbc3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 94b7d29661132b15f69c7d0416ed4b7a
SHA1 42473e699f0dfc9965e955fbba2308903dc1399b
SHA256 96b338bdd14fde53f377a16ff201b7d4dd2a1cd920c2bb3716f3bb9a24de15e4
SHA512 4ccdeb08d2f25f5b479a268da52861b24b88c0e6d546a8501aaef094f597caa8cfcaea8a7fc10a8e0974583b5d9632c0c894f92ddeb55a74d4b585956d9a2249

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 731c0e733fe1e3123d366af7c8e578ae
SHA1 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA256 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512 d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 989723bbe135c12872d3b34bfe8610e3
SHA1 c2592701bc476790b0c3362509c8b2f70885360a
SHA256 17453878742eddd1058e1c3c7d1679ee12337341f89721302904fd16083092ef
SHA512 615e76996db6a35bcfcce84dd812db318166af400baeb55168664ea207b6f556e8075d26328fd0aff8de1cc2bc383c99b3e608e95b4107b082fd109f09b3b24c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\weave\toFetch\tabs.json.tmp

MD5 f20674a0751f58bbd67ada26a34ad922
SHA1 72a8da9e69d207c3b03adcd315cab704d55d5d5f
SHA256 8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792
SHA512 2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f7b842592b7536a50a23a61fe53bbb5
SHA1 407f146d3eee52cf3d0ab721e44228f3a14bd1a3
SHA256 c80ad003393033fc1d29a8b65812f9c067f036899f024afe03a6436511387fd2
SHA512 94c7f4826aefbd0489213b759d3e0f1976ac27990f8d647d736eed3bfcf99f71267cf98950102754552fc8ed89bb5dcfc8454a6750d561c5086894a176379aef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 aea364f9968036211189eba52ccf3a6e
SHA1 fa28304ca9313af33ca46081e6298d300793586f
SHA256 319da14e97c69f5455ba362c620a6cd7e88fe3244e8eb8be5463efbece1bfc52
SHA512 e2e6ae370a84e2abc46cc7e3ad6f6a7cbe399ef2ccbcce8616fca98623c6de5878d3ed192a27190cd07ccbc2a9b6e9ae8dcffafd7a1baccea065823f2a6314eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 b79845435e064e8a8dc33ee8b765e27d
SHA1 903a2005739c8399cf3a74d46899bcf844c49d52
SHA256 0cd2457ad671cdedf779c1186333428c0184c1d702faa51277e3b97066c19142
SHA512 5da79f1bab85e11e006d09c54392333da30b084e75fa0dfc39288bdefe57f835519934fa2b7a3d2404c9f5da87baafb6b7c0c1e2897ea639de578487514b4f16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6611e15bf639030c480c7d139589be57
SHA1 d7cdf7602d1bc0ec398a6b09e01ecef9abb66143
SHA256 54d79d1a02bfe6a74fdd409abb24c0cd0267415577b7d713307313cea6b2ebee
SHA512 f90b12b69ed920216e832eb0bfb621f1c6b222246e1fdbf7f974483927faf92547d67ccfa8475ba3161055c86f70bc186aeabc8061396816db1826ade5e4b379

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 2422fb54fe86da2fa6c073d5532f7485
SHA1 1230ff4fe770176bf6ed11159cd49e490372c403
SHA256 7d38b7f5b57d1de264c51c4ad4fa5d32b909ea15c181a86710e659b73a0d7f01
SHA512 ca338b32260ba5053b1a8587023f82fe770ae2d5917bc087a63ee79bdb2bc1310629aa4c18ab1ce63be5aa7cc2627a5487ddc36eff876e355f7d21bd52750c2d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 71c47f98ff9a96204a53549ca007216b
SHA1 9e16e91bc2cd9557fb956682b476d89fb9d85e7b
SHA256 52275a7202fa99a56536fe6f4de2fa2cac9b8537d526b93be7f0a175944c13d0
SHA512 fa998a91ddce58931536354be2fa7b28dd3ed90fe2cf66fc1aa58829f36d5c55cb83fff14f8b8352127f57b01623c2bb94fda8c2c7272b0988e191630ab04ff5

memory/6056-478-0x000001F469120000-0x000001F469142000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mz0gll4n.o22.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/6056-505-0x000001F4695E0000-0x000001F46961C000-memory.dmp

memory/6056-516-0x000001F4696A0000-0x000001F469716000-memory.dmp

memory/6056-564-0x000001F469B20000-0x000001F469CE2000-memory.dmp

memory/6056-565-0x000001F46A220000-0x000001F46A746000-memory.dmp

memory/6056-731-0x000001F469CF0000-0x000001F469DC6000-memory.dmp

memory/6056-734-0x000001F469A40000-0x000001F469A48000-memory.dmp

memory/6056-735-0x000001F469A90000-0x000001F469AC8000-memory.dmp

C:\Users\Admin\AppData\Local\winutil\cttlogo.png

MD5 9e0dcc8b6b67afbd5e220f9351793581
SHA1 38a9d3522b9bd6ca21ce67bd279dc0b32a74ce07
SHA256 0ecb998625fd271e39ae3f7eebfbb111dd35a60e3de90b48bddfef876fcc878f
SHA512 8f7f74ad03d4da0cf2a39469cc352032be0b36b8cbf12d46d438013e55a76904e47be8555427bfc1aa89c20862f7474678fc0fb067094edfc59f7231b901912d

\??\c:\Users\Admin\AppData\Local\Temp\pbix0quq\pbix0quq.cmdline

MD5 12d2bd8525f089334c1dd877674383c9
SHA1 819abb22c278e776478a7e1bfdf436ca8380983d
SHA256 d1fbd2c3ca1bd1a66e9a703d7504b0126e9489b57fcb70417eec0cfc1e0fe0a3
SHA512 13f2e4165d6264cfd25d65661e5d3cb4bb05e99a68cb072b6f067a03fea0c307dc8d588b67e99523783466680bd8dd5e1726f832d263ad3f14eaebfcb806aacd

\??\c:\Users\Admin\AppData\Local\Temp\pbix0quq\pbix0quq.0.cs

MD5 66ca8de746bd5bc09574b9b5d72a91bb
SHA1 ae5b33f83239264d6202d1b9fdff566e851b85e4
SHA256 8221e96e5aef72f45e31a858a97638c7f2fc0bad68f6a21d92edb26cfba20f2b
SHA512 80d6b675b08acc1bdd65da19938c2a30a0bdb4ba75459d2677e56345720a5ce5590ace5aae48f2ca1bb14315cd73c40adb841af0ff917799a6a8e5963871e74a

\??\c:\Users\Admin\AppData\Local\Temp\pbix0quq\CSCD95A85E0C8AF49928146DC79233B8748.TMP

MD5 110ad9902de86d7ca3cd6dab789accab
SHA1 ad4d15e483092402eab1b8edf60fa748470b72d9
SHA256 c8b8e98951bfc1f54f0c6825defa400ef64c3ba8b0a9da5eb9b7f8a844c90ca0
SHA512 4ed8a4721915fb484c8477fdc845c1f1c24d5a0922116bc15620ef21b8fee20610fcaeb6d826f59b2c1f1092a68b075aa494c5f2d282e9acf466cd8f86e0813a

C:\Users\Admin\AppData\Local\Temp\RES1280.tmp

MD5 f4df7c4ebfc0f801fa8454f01ca4724e
SHA1 802e00c13b1f5493cd59c6b9d0a34894ea696040
SHA256 589d830bcc93e838a9a9b4dfe3145343efb0bec42278613b87eeec4bb1286f20
SHA512 e1bd08e80b4721b17d6593c059c7096f535983f414ec470496ff169ed92091247bc989a23271680eeaf033decf0953ebde4d8128e931b5fd53749c72d5065f1d

C:\Users\Admin\AppData\Local\Temp\pbix0quq\pbix0quq.dll

MD5 0e75a70cb0e8489c0e2965358deaf63a
SHA1 e62cf28c9dab082229bb9a4e7ec2df118cba1712
SHA256 07a4d165e0cbfebdc4759bf7ee1ff0c5e4e78ad8f33348ad1822c0e684f7a3f3
SHA512 854828ee3898b89e78b08411f0e42c6933e28ff560d7cfa6e52a786a69fa6525245872160d7e8602fc6f917b7b93e47d91263a6f575dbc6b96fd7de1729cba1a

memory/6056-853-0x000001F46D160000-0x000001F46D168000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 15506c7f1e3ee8bf3b54007d72e2e83d
SHA1 bb785023e5e2e02b212001fe5879dc2e4b136ffe
SHA256 61151e5603edff6359b690329de32b86abd6a746ca6ccba63115a998f534d9c5
SHA512 afcf407d5a9d23be6f2c7e2c5c9d18fdd12a2374a305e47320f0e06c74b30a9f2cf8bf3de063d04d63d3b8b5971ed58fa997619c375967267a4766a1c32fde03

memory/6056-901-0x000001F46D620000-0x000001F46D62E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3e522f30b8fdee1e92144ce61a79a719
SHA1 2abadbc9b484bb715178117f33f1d7e5ee3469be
SHA256 3fa2c57ebac8c6dc55bcd4352745deebc4794c0c28858a7b5a307b04f031518f
SHA512 033a06610d78937dc721379d473d714c7228c8ca316a37d23af023eebc31c2e4e9411ca0002f413b389c461a8726d3a86bb146bb0037e00b4904f23887a769ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cchristitus.com%29\idb\1305289650LCo7g%sCD7a%t0a3b3a3s.sqlite

MD5 4826485743bd14a894bbf977867a3dcf
SHA1 f5aca88c6bf9d52d55753083a9febcfc930ffa1f
SHA256 b4874fcc9e90c734b5f184c886411586abcd189e3f6e29d7765cf966e34fcdf7
SHA512 a63b13441fcde481aa7b2a1fbf5ff52606b8e1d19e5faa6b00ec8c9959884c53cc850f6e17c7a49e1a81a2f00b196cfc2f8a15e319941fb0b031f9011ca91b23

memory/6056-1128-0x000001F46D790000-0x000001F46D798000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OOSU10.exe

MD5 4803e06db91fdb8b6d1b65c0010d2f87
SHA1 f6d68a7dcc9c46e663f586341e8ba8d1be6b0f9c
SHA256 beb7becc38ccc7ed37c47fe607b25a966a5f71aabd36ab945c3cba15451dfa7b
SHA512 f34195e4dd2b9a0dc4847e94547b3b4f0ee13009878f0e88954e6a070234b902814a7bdc018782cbaddb52e31e19f30bc2273d1b2ed1071f0695563e070c58c6

memory/3324-1156-0x0000024E86580000-0x0000024E86770000-memory.dmp

memory/3324-1157-0x0000024E88330000-0x0000024E8835C000-memory.dmp

memory/3324-1158-0x0000024E884A0000-0x0000024E88546000-memory.dmp

memory/3324-1159-0x0000024E88360000-0x0000024E8837A000-memory.dmp

memory/3324-1160-0x0000024EA0E60000-0x0000024EA0F18000-memory.dmp

memory/6056-1263-0x000001F46D7D0000-0x000001F46D7E0000-memory.dmp

\??\PIPE\lsarpc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1285ff174054c1d69a376ad42733dbbe
SHA1 0ec22d805a8ef45ab60236b329a0fac3e097bf87
SHA256 6dfa7fb7ffa19295f960b37911218b327531d7a0e0311a5e5cfa198dc685f967
SHA512 03c06add4950cb57715109e6b4a032c6341594e41ebb28f5562a758ad6558598ba39ef84e7d0a41c7161ac1f436a51dc4151fc99599d6061adae5a22eba32b42

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 b9fafa1ec1e70739726d65af3541f732
SHA1 f5d405205c3597cabdff0252f2674df8dc6ded95
SHA256 d1236e5e87b9e41142d31e569fc2a8a48319af04234f46210fa9af29bc9a4a4d
SHA512 ba3686e2b3de1dc68fd7611711da39dcc1f7698ae95ed4fa54eed7fd584c753ff6c4a06963e92a3bf1ac9072ee52d9c59a51ca15e5e4912d6e41cddc98c1ad21

memory/6056-2509-0x000001F46D9F0000-0x000001F46DA12000-memory.dmp

memory/6056-2490-0x000001F46D9F0000-0x000001F46DA1A000-memory.dmp

C:\Windows\Logs\DISM\dism.log

MD5 d93b1a53fb1ecb6b72e6bd173bda0a9e
SHA1 0f6eacfa734859990abe432132c7299e80cafca5
SHA256 169d2cf401843b65e7044ac3459d30b3a44e47e32a3ba50e39b2bef87316ee86
SHA512 f27e557b050ce3196b5d62ac0ab025eb44ba8fd9f31706ba97a11a6c0031693e9033f5fe3a60ac4bc402463e0c7a01cd8e1c8a208677110bdf4a3d38415784e6

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\DismHost.exe

MD5 9ad8d8d2c6126cf9f65f4ba4cd24bcd9
SHA1 505e851852228545903c2423afa81039e0bd9447
SHA256 3687d79e43b9c3aa9ff31dbaafdd2f4674ce0937c7fe34813f43531f32e7aded
SHA512 e38d6af47c7443119fb73fcd6bcb23dd6b96bce19c4a98802af96fd6751e12a8add8c48cc0062ffe315aa7a5ffa6c38787c4f2051a8f6b97ac0dc86b3f8d279e

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\DismCorePS.dll

MD5 4e43afafe9483d72a5838cdb8ea8d345
SHA1 779d8c234343da4ca7fbdb16b5861eecb025f6e3
SHA256 80e83929245c4377ecc73b7596ebf885d8e919b69ef975701a082d2b5cf2150e
SHA512 22267fe42128333940b9574fc5f5a70f0411280bd4e294bb456f987eb30c5ec1be12f4e5ce44e7007d793a3924032315782eaea96ab18da832ce56c1f0a3fe3d

\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\DismProv.dll

MD5 2737782245a1d166a1f018b368815a16
SHA1 4fd57e0de191c817a733d07138c43ce9a010d64c
SHA256 498c301c9b5dfc36f1031988cb4a440ab17effd606345abd506a807f277b1938
SHA512 7830d377ae880183a2e51a9d557bf0fa324913df28b12f5d7aca815fb2e8a6b0373d76f36877f28cba4ce8bff32da62309fcdcb8ff3930c5f8a54963b7cfdeff

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\OSProvider.dll

MD5 bb0d5feee5b2f65b28f517d48180ce7b
SHA1 63a3eee12a18bceec86ca94226171ffe13bd2fe3
SHA256 f6c4fd17a47daf4a6d03fc92904d0f9a1e6c68aadf99c2d11202d4d73606dc16
SHA512 d1fc630db506ad7174da9565fd658dc415f95bf9c2c47c21fa8fe41b0dbff9a585244a0b7079dfb31697f14edbc1c021fccff60ffd53b447c910c70de117dc5b

\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\LogProvider.dll

MD5 76dccc4bec94a870cb544ea0ac90d574
SHA1 0e500d42b98d340aadd3e886b0c4abefa8b92bc5
SHA256 53637290e64e395a0f07d7423096ccf341ccdf1dcb6e821f4e99d47197ea849e
SHA512 ef01adbf1dfb3856d5a84512556f38af291c0938c1267c8d627e1205385f7be56b0a7e2127f18818f987b53f0a3f910bc930d692be2a8429d03728d086e91a0b

C:\Windows\Logs\DISM\dism.log

MD5 977ab9db6c1d5b586f7b626881204ea0
SHA1 0f214722aeee02463879938d622e1248f49d406c
SHA256 adb69a37871b8913553b98d418c092492fdaf244ac57fcb2339f59a3d3ffc801
SHA512 1a44ff5cd0fd524921f9ae2a8a798ca02dbc3daab078bb3d1673117917fd7dc380190b3ce1eabf0572b29929f17ec32d77eecb3445f1e4a17b9712636abab54a

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\CbsProvider.dll

MD5 299b6b11642c3ad2b17181b35e9dadc3
SHA1 1b1dbccd60304ba0be631db3a190ec59ecc84746
SHA256 45eec38b42144bf80e46ad7356cff12849aa11af45e73174e2101132716d79bd
SHA512 2943af89e024c94808a2428ed5923dead1c44748742acf20b66ff52ba6ed8375c4b7938eb5f79ca42701df07a9b5ba73ae2b18b848adff3aecd5bd3a52b6261a

C:\Windows\Logs\DISM\dism.log

MD5 594c5342f0c000fe261fe9c44b4a9288
SHA1 f2bdb6473ccbb977392640f52bd4980169daee5a
SHA256 2cace055f9414670a8c29b81d5c9049c64e8d3dab33aa2d23d5bae5e65c32f05
SHA512 a71f0ec94ee57447b0795a8c2ee1eeac39cb8bfd3db02242123ae413a0274671d3a35c6ebb3c3e403981baa3487c519ccd3c2a7797b1abd94313b591bec9a4a8

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-delayload-l1-1-0.dll

MD5 d030eef92ce21da51982b638a20298e2
SHA1 2aa7f0543ec3ec810f54f52c7892d65ddd99ffd2
SHA256 5c079c35b6a159be9782f9d7afefa66715e3ffb3d118d684e07cc1c40efc3fe5
SHA512 cd65c19f9b74a72e91ec029722b18e6866af6f1b3a9a875080acb52f277cfdcdb2c39bcff215e16166797a15f0e58499055fdc19894d76199cb5a558cef94f05

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-file-l1-1-0.dll

MD5 b2d93938b34fbf59ada9dd5344f71c20
SHA1 e1d70be43a7857fcfc5de39037d0dd67d34842d0
SHA256 92c1ad8edd36e04a587452e37773bf40acc7be35e110e43fa9d11e198eb8082f
SHA512 d48a2dbc32def408de7deee7fbba9d532f495dd013d64469418d64423be2037dade444796eb26f5676c535b27c678c39ff86fd9f1305e4a8cebdd51d16384869

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-libraryloader-l1-1-1.dll

MD5 cd982e31c511c86bb0628950da4d8303
SHA1 ab300641abaa150a324618ba4ae2d37fcdecb045
SHA256 136be4ce4b4602fd195fd051d804d6f1dfddd50b347d6e1581d02234a4781f46
SHA512 57f4512e85383ee4559a600767843b1890e8caf9e556574630c445902cca3ff4799d3290a0f72bd677aa2ddc899af5ee11bbb966f4bd586642f9bce593bd0451

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 99a1e08bbcfeeb97bec6b2134d5b70ee
SHA1 e7da23b2cfe2db8a5a676d065f63992bed0403b2
SHA256 8306019ee028e25917846e27411a9efe872d363afbc3619fbadba959241eb368
SHA512 4e218340f2bf01b8798149ba13104d7adea55ba08d9ab95a81e1ff698b20b1991d1aae584775ed5cd718504297640acdcb863e0ccfd9e9e347459c8d337be74b

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll

MD5 2280220274965c6cf0b2063e118e77fe
SHA1 a3fb39c74fbec9ac3f7852544514b320c8cd7add
SHA256 09527d382d4c4b0bf4bc7956d448cf0b0b7e0256f9ffc692343a937cdd1e7990
SHA512 25071366f3d4d56e5bb7e5a91206b73de7ba6cd1494b1d97ede96a63b4776bde2b23ebee9f4837eadc820f0d27ec9949a7fb28edafcba7e2a531098931cb22f2

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll

MD5 ac4bb6a07b1774f36c7b35658970950f
SHA1 2733a1dcb45f7386caa9065a472e327563f0f6d3
SHA256 6f8079936682631244f1bb827d75f401c4620145284fb1e2296b06c8020b3dad
SHA512 ac38c5e457d6cea174f46d9a5d4757a04865976d2960d17ef19dec313c9b90fcb7db2cc22b531816934688b5a7bf86ef57749ed4650a09ed325f48eaf5cd2ea1

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-kernel32-legacy-l1-1-1.dll

MD5 d2206a386a018164f8356da4e4b28491
SHA1 da8b49a5cc25a62973859abda1c9321ce90754c1
SHA256 e417a1dc52bcc65c9ab7d7103f7b5aeb542683662e2eb81a62214a783ef3c119
SHA512 17dd2b8b1ab5df03d7b7b8415a3f731760e09749971247f3613d202c82746889a2bf22a31c679fd42e7bc3f9227ee69a724c3d775e11fd0d9ce7cc42f716044c

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-kernel32-legacy-l1-1-0.dll

MD5 5697347f82925a92ffcd79baf1ef7f70
SHA1 03a3585e36f37bfe582783df151f0423152ec42d
SHA256 354602a889f9080628ec5f42f0e5f1dfcb2bff0d3d1380e677192a62a6a0a38d
SHA512 6c05163a3e4bd16ecd6df15cf4a824b4e4c42342c5d71862f4c651707cc8e6c212bfebd227e2a724e5f599f4fcaa4906b75f0297c9fd322359a785d0867a0e24

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-io-l1-1-1.dll

MD5 090db88a045d0bcff001ce3671f56097
SHA1 1f394c2726b3b68c49dfb180267cc28c60b0fd7b
SHA256 3727f043e8fdeef4cc21aff12928228ac95de1d6290e14c6aac13cb7be31aedd
SHA512 e5de47efa25756e39419dfce2f3d4f9ceb0f1ef323d4220215af43951d7ac3c412555ed19be825fe5238df1ee9b5f1b2b38c27548a7fc4f710f209c21a451489

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-io-l1-1-0.dll

MD5 b3a00ea6ad4e3362798d12da0d2ef711
SHA1 c171a25536c2c9e8cadb549fea705369152c9c56
SHA256 cd85c48d73a4d2ef6e7d25e69050ae3c5f12ad10d2264a3f30e2be52c8137f0f
SHA512 078be76aee9fe0767fe8afb6337b5068d122688524fbc833a985de87285cbddae176ff8f44b48bd8a7d9148e5c2c085baef3aeea3b3222836547858d38116702

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-interlocked-l1-1-0.dll

MD5 48d8a3bd4080743ff20bd931b326b9ff
SHA1 eb99b166057a698d7b27fbdad796b911f672b055
SHA256 cd9d4b07efc67b783a5c7704e90608a228d8acf7c11b38251f8b09b39ad96c20
SHA512 ffedacd20aef352d1c215150edb4c1de8310317bfc53b1a77bc19603571f978339ba02d60855d9e4acbc8ed41fa9d5e8df9cf586f3aa00cb9f23146e99865133

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll

MD5 4b07a850da9cbedb5d4a172201c0474c
SHA1 ffd6213335b5085bc72b12a1e26c005cacec18c6
SHA256 dd03abf3ffde8a55c8a803cdd64344589b3f6bf8b38f73049c957a4bc734bb3f
SHA512 919fc3a0fe468cbe058933f74e29bf9094002989715321d1ef437853ce287bbc942471c65aae59fa6f02342aaae4e16f55acc57fcb7cc88b903455ed116e8f58

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-heap-l1-1-0.dll

MD5 56e263cbf158e7da598bc7b5c4b2e3e8
SHA1 99b5569905f341b2f3b356138da4878b9cb1da7c
SHA256 bbd2e5017be5efd63cbb5613822a44c09fbda60ae4e5fb9688ee0e36d2c2d5f3
SHA512 d61f0d85406c82e949d73d798d799156fb076659a74a2526ecf2362ca620413445bc4e0cb11bfd54d78aebd34994a94b1c96b433cc85c3f2f6b7fcf374aea58a

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-handle-l1-1-0.dll

MD5 38787d38ffcce319daa5888462b1b012
SHA1 fbe8ef772ab176a843ec39bcb6bc98291ced784a
SHA256 8e6a116757e589e067296831a65621a3fd8f4cb7c8b78e4fa8f45158001cb9a3
SHA512 5f5539fa4c1fd335cfdb493007cb65ee7818eec6f3e97da644c9ed6322125f83e54a7d7a9d57b54d4f87cc437b557198b743bb3543da4160e3bd64c195b646b6

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\API-MS-Win-core-file-l2-1-1.dll

MD5 d8bd036bb29c8fa2c1f2bd5b109b5074
SHA1 67b4d54d1a1f4c4b49cdf4d5ac7f6fdbd0df74ec
SHA256 8504e26cc213332a68c46f3b1cc36e9fe6679f17bd3327791863d23240206c2a
SHA512 599d0087f48ffa1b99b4a9f7619f75d1ceb4f6409a7e770e2e0eeb3a6578de9b42bd11d9e90c778215938a8b14a5b1de5285eee719f13f5fed7fe16d43196e36

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\API-MS-Win-core-file-l2-1-0.dll

MD5 94c80efa2029dcdc6bc1a3504ecc42be
SHA1 edb18cbd8166418b57e228e68277f5cd7862763a
SHA256 8cff0a47d0abcea953007bff2cacaff53030de7a34eb3caf8ed55a0ee7559863
SHA512 974e33cde77228755faf734e9c19febb8d74dec181ee1393c245ecc8bea5fa9dba659126830b57364ff562004516c089f8bfbd0259edaf6079daa98b255b0506

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-file-l1-2-1.dll

MD5 2b8a00f41c6fd4e535f605b0398658b3
SHA1 23fb4183e6f0a23197137c978e9f3e0bb30c17a9
SHA256 ea4bb38ea3f0eb6fd9a2b56a2b145de40b954db8e007913f4084717b0940b043
SHA512 3b75a90653b6ed10455174e928cdd941a186e988c3a6273e19bd3bed9ad290b50fb7961e128f0276e7b880de3a953df3934fb14bda86aa42828bb9b76323e091

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-file-l1-2-0.dll

MD5 fdcf01518857c9f531f325cdc280e998
SHA1 dcf6fb0df43a41b963aa9e026620081723ad00e8
SHA256 ceec82007183792bf7cd31d5d2d0047a2a91a1cc987e61ad888caf05c29a5a83
SHA512 c3ffed97e2a794bd1fad116adbfea9c94575685ee12778c18cfcb012799df212338cf88f833d7b75fa6b939eb19da47483f7a071b30e83c5f9d960900303416c

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-fibers-l1-1-1.dll

MD5 47928bc8607adb34157ef396a74b87fe
SHA1 f0b569f2f616a5a54805448eb10492ca625e1ef1
SHA256 316121a1402c7582fcc54154cd5799fcf2e13df9a58d21f9713d6cb60a8734e4
SHA512 32e05f911ffed0c7ef1af2b877683da99fe588c11fcb3626ff356e70dc78095adc761a96d294470e60f2d34e123541f5311f813904c66f261a8bf2b564f80d24

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-fibers-l1-1-0.dll

MD5 35b1084f10c9cc8c0d77c631481975e1
SHA1 3a9d92a0068eb6c1a502551bea38aa020aa67118
SHA256 4f1b8fadb782036e248aee66ed1df824ced7d283aa8185852e9cf984a2679fc1
SHA512 d19f3daf7d05a9a96cda30778adfaa9511d5aaeef950ea64c1ca480d6c915b04907930470e00e8d55ce003f26ee9457cc8c848facb4798b98b8e6fbcb7d3747a

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-errorhandling-l1-1-1.dll

MD5 f78e90c2c006848d03449d07b9ca1394
SHA1 615da7aa0f8df9290aa91246e31a2e57eaf94609
SHA256 0265ed365a82106c6b52f8302b3ae12eba190ed15e0583d7effe8069dc8043a3
SHA512 adf71a91e899ed7643acc09f24f3bba48eec1f9a0d17c569c93e4359b85843bc0eb944a3bd0c4b2e95556b91d02ffd55d7e1edaf3653ca17c51cd0011e55081b

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 5b9477310b7bcb3d6d89530ee43dadef
SHA1 4b34d76eb2e0c92fd7f9159880103dbeb16e8890
SHA256 0c80fb25181730c8e8ba969711e62063cac7a0adeb0105aa30ebaa60069d43f4
SHA512 3b27f0e55d656cfd14bd0d99950e53fc9bbfc3b099b962326fd3bba80789c70c2007cead96cadc75c2d09b550cd994724a221f9549a790974d2aaa29e29ea12c

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-debug-l1-1-1.dll

MD5 2d957d915f70e6c3c3be0ba2171a346f
SHA1 28f6cef9b1298a6d09cc68bb61f5651938b56fd1
SHA256 5e660d972e0713acbfd03d27e1f49cd1250192f81d3c441734ebc427cc83b7f4
SHA512 72ee688b0239fbe919642959e4722bddf3a3a18719cbe7725a14de75759a3caa2f72e29f8b79aff0145267e73a11298a0e51cb5b6fd721855028bcb28bd2de81

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-debug-l1-1-0.dll

MD5 e253885dbae8902784a506b3b40cbe29
SHA1 f9bd90befcab0e7fcc5a39438cc79c227458f066
SHA256 e3e50ee0bb419a184a3657eefb88586c85811b59fb3e26ffc3d3d6e1c6fe9888
SHA512 8ef55aa95685d94a70ede97d8bde0d86e479e8e674f7ea2cf6f46c7b6b29bca791ecf3f131797ad118df4ceabf75a6d7d045a7d5a394c76699974364e084fc23

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-datetime-l1-1-1.dll

MD5 9c4f4e8d5e03807ba68ca9ac8983dc38
SHA1 54301ad7b74d54355ff192481e89e68051757eeb
SHA256 76f2e1544670c98de09494d5ee0dda1a8bf18fd50a4e002af0fcb7f96044e634
SHA512 bc7ea5bb1f1f18569dfbe16f84cc33023dd780bebda1135466486df8736b4939b434d408d57d41ed1cb513bf32c92841d5f1f5cb919f623e0a0bd635c3e33eec

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-datetime-l1-1-0.dll

MD5 2cb1786277eb98350fab3362d76a3f4b
SHA1 59f5feb7021c17f5c1472bbda4b6e83a0261c678
SHA256 62e113e41ec298207a9320e231ea0e0b046dd938f8f1c4bb53a0f4662df9cec2
SHA512 3495ecb47bec7879597a1ac7bed58c88848046b771b27f5fec5749d84acea54779f4df1208cc4450acdc77cfce40f2fdd62a1dabda4cccb54597e66123121b4e

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-console-l1-1-0.dll

MD5 a162477325242991af4fbd468a8a6d09
SHA1 2af1413160ca44f161bd10229a283a77b224cad2
SHA256 93982881de73c66d048fb440b782fa07ef03ff97bcb63364d861631cb20fb67b
SHA512 d11df4fe18c71fe6767617412272a87592bec5e0604cf34cc17e3698ccc196c0bcab71789c06f538cfa87d5d5c02fd76a38d53464da4dbc5220587aeac2440b7

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-comm-l1-1-0.dll

MD5 22a0fc9eb4ebb04fd291dadbaeb01863
SHA1 4d932352d0e04163298bebcfd2fe829ee0667d33
SHA256 bdf2c64799df36b9588ef4ebc415ea1d717fb771513014d453aa0422988cdde8
SHA512 122bc8991b7d56c070ae0c987a9598773cf167d3d6aa257433e724e3d10d353466ea9ee44cfd125519a410703b65da9580510ad17e44d2f8169d8769c6f5eaf6

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-core-com-l1-1-0.dll

MD5 b4000191a951302105f0a61efbda6272
SHA1 87b9ed3ac565b8f99ea52c08cfae81fce047261c
SHA256 b6b380bccd43c76d2acbf1a76d99f72c876cf7fe584c29da30f7fe0af7f99ce2
SHA512 3d4bf2821f3d79a37308894a470c68ced8fb9d307c3d5928be7740e5ba8591b3565880475a7f7bfc74c107e647a8a450dcabc99c5b9a763b666006c74b83a8a6

C:\Users\Admin\AppData\Local\Temp\0401028D-4158-4A49-A454-7785DD914D3E\api-ms-win-base-util-l1-1-0.dll

MD5 b8145fcbceb205515aa2ab68b67b6cd2
SHA1 0e360d6f478506895cb421c75507d92087a12ac8
SHA256 325f1ae552036a2d99b4bb72790e81b9b2189a9e11a10533536558852ce36de2
SHA512 ef062d3ae24f972f3c433d4c4eaeee6ff9bea5adfbcf8e5816e488f18845c296e4e784ec6d9a5e6803649e8baf29e9b67d9f98d597d072de9d4585219207311d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\8D88ED7A6AE6A02E71FD2DD47EA93A07FE680FB6

MD5 5ce06d2e5f1b41c63826dce731e032ac
SHA1 dc9bfc000852eff8c51853282c7549930df30792
SHA256 0c831bdc57bc8db31bd6d2132e534cb34a672ccd8d118f22f860cb5324239a25
SHA512 78d7212e7eab3ca251e7da826507781ebdce156dff11d8d560ca5075854c3288cc2a7fabcd353dcbf6a97e513c8a3155a7d09b5839b8322ee31c9f8d21b035dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b8a8729b8df4bfb80c844b2b22c2e220
SHA1 236e2f8f82e11c63ce85196da122bd61b94755ba
SHA256 f5e8d0612500407c2668fa37c8ea08aab63970d125f494454ea13a7231fd1833
SHA512 47d4cb58d7aecee6e5ef1b0952f13b8419446ef0d367e5169a95bd62f7d247a5b7f95273cfeb75f2c51506477367541f50a60d0bb0859a5d9fa65f8ceb927717

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 143ce565683f6a0ee87212ee65f4422d
SHA1 51f6efb44638c4eeba422ae3751bb4c6fb9b6f07
SHA256 a7d0926d665b3e438edbdbc6ee142a85d41428b1e157f3743dd9a2bd026e0dd3
SHA512 79aeed42ac4f8c5a7a16a340e7ff504f158bb0b9fb6caf88736cfd701caca8b7c901644bc3e2481c9ec4ce382992439818e745c0cec8a7ec63a5025d706eda23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\17724

MD5 1be4bd08897facd633d70312cf5cdf0a
SHA1 d3b90d7a69d18c135b9936466d0fec04d20fc3c3
SHA256 0315d8b4105b5d9c03f96c14cf0a8a553bb044a21fd32755ef986bfb8c676a40
SHA512 fc3adb0ec558424cb62702e500be2a03eb34560bf8d31478a5a83e10b3508a545d6358fde39d00426ee75c4a65a88098eb3afa23854e5fecbadaa9c1b61647a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5e9f33b00110eeb8663819bd64387c77
SHA1 3f07a7fd394b9f686d5ae8f2669ebc538bce7c42
SHA256 a173e3cdc07530596a372cd061de5949f0fa1f1e232c1de814443abc24b37edc
SHA512 d8bc9f7a3dbaf6f82acae597d4402a56ad14a4111302f6c267c8f947cd7a7f5f809439339b51155b7b0bd5fce73d3f872d07d309abf38fc1d92087ffe7c7009f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\24958

MD5 f5a499c18843c23fb217f6c67d268542
SHA1 d4283f0dbcb2a4ab42b5faf0628586d878866f08
SHA256 6e87d237ff4ab065d4c85ab61437dc820181c8151dbd38be44f97cdb813a87f6
SHA512 26c4160642e69924da2d63bf308029e86320757a9a0b929b64e27d0f28dd7ee89e527fc847d77f95b628c1e3fb75056a474a6ccefb41c0c7e5d2cfa8395ef462

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\8464

MD5 4a5023631956b47e42b2bbee1a402a72
SHA1 87e4b3008c312871bb1af03686dc424d792a66fd
SHA256 39abc41d49e6bbfb8697a0e6b8355cd8ff8fb748e9ddfc34fa6fac4a474b180e
SHA512 64e22e5eaf6a8ed71b431748a2c4782c00dc56e6ca8856d39c2a26f0260766a8dd273ea43d1644cc8858e0d5e653e90f911cc332ed800b5ce243be825f0b2bda

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\25039

MD5 0d04945dfb7c0bcdcfc3b8efcfc733d5
SHA1 f53dbb9dc90721a68e07413165d6ba71867e7253
SHA256 c0375d715ca77d4358bdd6b26a2cb41a757c5e4ce8d7618ac1ced6ebbc7ebcf5
SHA512 4d779aeb28716a150cf0a485d8f53644bb17036255bf9958b44900371b456a75e8e6a49dc0e82cce7b9f39d0841f97730f5854b93ce02a25907415093154382e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6de5a3c76ddcc6d83344f4b9b2aa4ea3
SHA1 d9d45ecdca63a64cb8ea3ecab89d4d1acf330a2d
SHA256 31c20f2e030e2012aa75dec8b79c6fc57115e9fa8242622c4648f76b43b0bef3
SHA512 99980611d15ea58ace0adb0d858c9670df649e58022dff2fd0b320d20806b79fb76443ea157e62e62d3709051a23cee4d8041c8592f72cc6482f825f406c6eca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++vlscppe.microsoft.com\idb\301792106ttes.sqlite

MD5 fa814cfaf827d617750bc1974edca3f7
SHA1 f2095f57ca57f9c28fe47f2f90e6e733986839de
SHA256 11f9644ce871007d963958c1061a50acf479a33af3c05cc5533d448966aa9f0c
SHA512 cb9154603bea468fdb70006d6312ccfc9d71154cd1a9a6ddc16e4a4e4691e8816b80d1e85a3b02634fa0731ea72d5578db1b6f21aee9a9fe85bac056cb9329a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f69594eab5d49b3584ed6a863ba7f906
SHA1 0f22d72c9365ea64cbd12ef222de526e6897feef
SHA256 29f6226b0ec48866188acb2d2ba35646f808a4798d9f7564618f7a34fee1f866
SHA512 962495e6bf8a8505b949c9b33f2771c86e630da4dcfdffa89148c67bb719045ba40488242b2044c25401af1eb218dfa561cc3deffc86080afc7efbfc525e8206

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 450a376a836aaaa8e36e47063f7dae9f
SHA1 4843ae96abeeb32795c9cfae4a16934747b74121
SHA256 a2f8c5cf3cc0f6e604dc3412e11928b91fe582ec7744ad16d6e9e2efcac1f157
SHA512 6c82d41b5ef13a6e456e648703becfcf317a1fd0b60a98f17d2b6aa8a40297bd5f691704177579c141f8f0512f378cfb01eeb6b84ba40c74c293ebb77ed1e04f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 67c0b65f48cb4495e135984d93e56e95
SHA1 dececf0d8ab159694ae7e689c838dde0e545d3d2
SHA256 5b392bdfc615f28d85b9d49324b1ec1ad5cf2f85e883268c6f1d499494e6977c
SHA512 d32fad0d2895a9689db43dfb92e804c39113b34f4eacadfcf6cfc10202690f45bbc8cac4a3e3f5ef43a80e22edb2c8e13c1f0a4295d61b2d29a15b949fd6768d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\jumpListCache\aUBwqp2ovtfm4kbhINtjyw==.ico

MD5 c9da4495de6ef7289e392f902404b4c8
SHA1 aa002e5d746c3ba0366cd90337a038fc01c987c9
SHA256 13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f
SHA512 bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d73c6adc1fc3e702f24099ccee63bc92
SHA1 4caf416db918cdd80434ae86edbd9df9b97b140d
SHA256 4d04329128705be4f7683b3af82334907ec99fe4b34c8d50c272487d310ee603
SHA512 8e611efb5ccd40bc0b36363ac9c6e25aec6f07911bd22fefe844756061f60eec7881e67082d60e074d8d73957217ddd17a262338078d8ae96d5de8f7df9f2a82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 513f18e64f63f9fd9c984dbe5abd9a9e
SHA1 c0c359434c8ff44d0b5320330bc6766057f4ba94
SHA256 e8dd4e0d7dd07f2a502d55d5f14befaf026a5147ebdc074ae97ebd4936c9ecd5
SHA512 1b89d258012f8a2f05e4456604f5e30bd874d65f77afcc7f2fa3355f74ceff954d238a4dfb2d391f885266c707b008731ad1218d1f5830447d1d0e50673433b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 7ba7853f2a6ea2de4c9fe47fb2ddfe80
SHA1 f6c98cc75786b2469dfc68093fc2574dc52057c5
SHA256 41ead921cbad6707d8b71b498d102253d22a0df135aeb8a48a02a5d108725a64
SHA512 ed6fe7b316a590462c4922e1623a4f9e6a99209bd91080e99d9f8c975f88115ca0bfe6fb56d4736bdbe249d98fd9b3de7655060e82d6e727085e2f597f3cca93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e01e74be29fd94824718994b530934b3
SHA1 7f2ad51a0892fd368d4c8ebf409caddf989e73f9
SHA256 83d62fffa77bd11f34845e38b914fdc804b8dcfe00b1e59acb2aea34d74baa35
SHA512 2c63cd208af11ed758b3d9ce7892c07a062e8e51721c48d50ee0fb435ddd739f75be04a05421856127e6580438e74b5d0e3b69a9808ad3ab550568c9df981901

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c3ec5e92981f37c7ce2701b80d9d8e81
SHA1 81c6af0dd223ab7380708302f9a13d099ceafce2
SHA256 700792fe7ee4e4d78b313441f2123c61ad35534f21b1d37e08e5bd06263dacf3
SHA512 c4694fb79f10d1ce69d194cfc859d37b5f687370ff851ecec16fe2b4bb74754c28458dfe9fef00b9014f91840cdb5ae081192964758c0d348507bba71296e9f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 107521c7f619932fd935670ea946084f
SHA1 860e9b48c580e30c567faa0b2155e6e3f132cd40
SHA256 a45fdf83d1bd151477bb012a2863d00548537cf416e539b16e482efd2c53f0f9
SHA512 0b347d21abee0dfcf0c617c2c392d3c18c33e9958dd4783d661b288712bf0ab79a38557e77813f5a27b65856126a31cae5c3227e345843cdfb195ecc380d91c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fbd97aec9f0a266dbee75ded9850feda
SHA1 984eff554b0cbd3a3bc5d827a0c63a3322f10ad1
SHA256 36c8de5b69e802a51ae55538ec6d39216ca7156a3d44a31199faf132b78a256e
SHA512 d1ecba7c72d6db7aecbcc64f5d5287f8e87ef8e664d5bebaa38d61df5958093b5a28dcf63f5d34bdce01c50aab5f3c9667cf98378bdf1861c6dbd80657d17c82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2cfca9475d8b59773990db4ff66649fe
SHA1 5901ae323efdcd6317e778421f1c73f8d141b786
SHA256 775e4fd216d36cb5d7ff7a172358628c46587bd4fcd20020dca57ee44ca8a598
SHA512 2b9b49121f4fcb0b4daf85141452a32a2c3203d2f453432085bb6d70e26d18cc9793041a42d1c3d7aba1852773ce44de070babcd911d342faba4c574920f5cd3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\8f3b3bcc-02a1-42ab-995a-066c17199578

MD5 adecdb26d6848185bc2aba32db0378d9
SHA1 baad11101e31b24cfd0202c817762a9c6994fb55
SHA256 a65b5544b50c4f682d8a62245840522e0e711efb866c2b4d325d05c599919d55
SHA512 1db516b7c920fcf710d21f607742ad40664d6621bbae3743efbd95f9ebd0c2027ba1cc7cb17176edb0ab3c4ff8d18fc40c1763034b779a7441f41184b5a2e327

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\693c93be-4630-43fe-9049-d2c83f7cd4a1

MD5 d8523a8c5af739a496074f4fdd1ffd71
SHA1 a3f611f5f711414342556d93a66755dffd42e25e
SHA256 6a603b65b264e012b502e595937b7797862775df85f078a04b72f0cd04ef365c
SHA512 1481c5ebe7a84b1c48967876bd09a7b107430fb6065ca564e51e377437a5c46d0414f12c2786eb039d83152b05754d380b9cc37fe3ea9e444d33aef2c0a47a08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c17159d7bf89975d4d607e4537710efe
SHA1 712ccd64fafa8d559e91cacc93c312e7bd49bf64
SHA256 15eb32b9db25f020a84b8a2b09eda4a6d4e6e1e82cce0f3272d8867afaeda733
SHA512 083265f2dd79a14c0bccf6f3c8ba028e2855de8aa29c102894e2694518d9d011b47985adbbe118aea207d90832f74f1c47400d7006ec933da4e245b6eb92f61e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 28dd3a634bed3232b5e79ccd327b229b
SHA1 e64bd3bab387524b0cfc4e43c0fcad804221dd26
SHA256 38d9bd2246eba76593390ae17e4816d2de48888755e9de0b297445225d8eb3d8
SHA512 df45ab257f6df04619a9d24448bb563c49ccc0790224635c2c05d0b12eb5de6090a581affdcc8b29d96efa8c529e00aa743849648361cb8ea4fb81d36173604a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\13596

MD5 420c8c4abe1dd735e02bea065b361c5c
SHA1 6f96e9d8b6b88343d0f5fa722484ea9bd7ba7b5a
SHA256 4c9448ecff74291a2f004cfb93308377732737280d821e0bb799fce6c76fb57e
SHA512 e50b11f0f994c83aa4947e793c7d53478fd2cd5e1069bb480324664bc4ceed3e699b63bbfea1157b9c6edd30dc984751233c850849e6f527e61e0774e79a98ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d86bcff870d568c26cb3b13bc08cd678
SHA1 a0bf594a966859c1e106427d94df29a730ce79cc
SHA256 ce4b4704bd768538d0c62bbaf44d6b7c94e3cdf9420fceec57a4dbc106ec745a
SHA512 c627bf5432bbf399fcc42fc90d5b113385b959e2f474a766e197e1ec4965b8c288b44d8afdcd4fdfe59a8b3a18332016961a6cd6498bf8d562fa1d8f88c27b76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BA30A8866A8313A16394DA2599448520494928BB

MD5 75ff3b4b3c1ea7c9ce2faa8aec32f619
SHA1 872c55b0c1ebf9e020d43a2444b0b65cd4a270d5
SHA256 e18af7970328e7202da730697fa6aa23dc0c7d87b75fd92e0f3f49778b48dcc1
SHA512 b1045957d0ecf1a9b7c348dc9581467f13ebcd663d1b18db426e37d29e9221f7600884c5e0e163d81763c8316164b98b7f1f41440d9094b350d746f37bfbdbee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\3B6010BD9DB5450F15E0E1E21F7FC3CF09395079

MD5 6ae1034c49145fee1dd70659d542dce4
SHA1 c8ca209e5f1b0553c639df8e9c0bcfb9cf4f6503
SHA256 2c59e3ef23a791bf9b287001fe21e5d465e1b41d7b0de3209aa9e131d39ea49f
SHA512 b346771a01cd77b296a71158a2d3bfbb3c52ac6a4a0b4f955f382a32520ddfeb742dbdae68cfd9f1b6986c6db27fdcf0377a38bce3a7531e7a6cca4a7b054741

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\8927C1EFE8F1AC9B69A60F172D098CCAEE2E5723

MD5 1c082e8621fabf87820ed5a7e82c53c5
SHA1 b5a9464e6701bdf4febe8fbcdb3ce02c32daf934
SHA256 a28825596e499610978c15332234aa983c79db38fa205357cc96869d3d3cd272
SHA512 b276338c9cb51ee7e0e1f8d1e47b03f1826a5c7b5c344d63e27733e5a7c0873870674dcf09985740db90d3e22c4e496a63759cb1b1c68885a14228710b78534e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\1128

MD5 97fcbe5728589b977049b0a1bad2aefa
SHA1 0313cac1190380e80d12716cbd9d1cdd6c6d61ff
SHA256 b7bf3036c97e0a3e7d4a212f63e545edae19e11669df5a27e014631b90297baa
SHA512 93c53b3bd42f4a568512011c7ab85ba38a91e074d57a835702640f5c0b1d5e6443e4e0e8094445f4bdf6bac58812bc0fb10ed649266defe507e3a0ada0e2d016

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\47407BACF02492D9B14305D434F53D138608BDB5

MD5 5cb1cfdee5c02be1d8f87c41e5e6657d
SHA1 435311d21593aa6f3dfd4d5024dc7432eceb496a
SHA256 381b2a9cbe6bad0605fe80412cfe1cb3c33f954df84ac8088e11a46596d14c02
SHA512 64b388aaa1635d0ba69b4fe8e421929a71081562f9ead22d30dd5b0816e151e01fb89841617db98657b0415e80fe92ec16b784a975f2f8b3b50c92dd4a8e3887

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E3CE568CF43027EF1C0D22D482E4AAD5D66A470A

MD5 e45b91369416838016856975108a131d
SHA1 fff3df5d40852a5a2311ebb5f5ff48ea264a5a08
SHA256 ae2774026278ab54690eb529b386d4b93301de1cc972c0f45a76e3313388dde3
SHA512 7cabd78937ced2d0f2b7363bb46ae07ac705428004337dd615534602c9d3bfb39a471812f92ea5b7bffe20799450bf313778875a0d371d5f6b25183dbb7dcf6a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\F2BDD219B9409DE3AC3D6C73B4EA04F9CA54DFFF

MD5 a706d1e5002e5c9f8822d98c20a2ba96
SHA1 3f37c63f8a6507ca254b91300fbc0ec9a21e764d
SHA256 80bf7479e4b01aecf8c155333575d5271bd8a204932aec1ae2ce1441773df576
SHA512 c05e9f79c689c016c0cf60816df7f92a4eb207cca421c1861ef9adeb26b1c9e3e22c69218fe65c2b58870f4bedf6b70d757c72dbeccd0b84ff46a22e772ac547

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\C7F27F1B728D8DB7CFCCA0B5822E7997A8F337CE

MD5 5b87be624fdc65dc8577cc8475984e57
SHA1 7fe2852c9968435ac045e82c0d872cf9cd7c5953
SHA256 980eb4cec8f48b031687d513f7e7bd3a1878aa015326b39fb8ca263903a6894c
SHA512 2371b91fe4fa8758a0099052156b7ffffe2276800573f2804f27ea8a3ddb150733679ee34bc13bd42c53e7c7f00609f7da4407d82b2c4a83b37968d73a4b8037

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\46363B5291B13C1C6CEF012861BF1D47DDE5359F

MD5 632f5d410f45d2a6cc21c51486eec1a5
SHA1 514b8ec282ec147d9ee46c18d96ca072ef84abf8
SHA256 683487d905fc35771705ab99ff99910ce9630979c54243906bbf93a7fe1266a5
SHA512 cbc95ccceafdfbcf486e942559bbf0f98433a682210762773a02067aed897c81d402ff7653119573cbded184523e35df134ec0f06d8b9e5cb631c303ab3043ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\646829319C67DD4727104CB4F8B6606414E30D3D

MD5 241804d41146dff4515232d2d94f3b59
SHA1 a83386745fc95ec28f8bf6f5507f15c3df15c078
SHA256 a740ef79c63b9d66578b84089dc75a91da146db62abee230d1c9b93302e48354
SHA512 f2e9e059fca830f3f1e583d794d55f40ef0b3740dbd565ef0504ea3fd1fc5503a12b52dea920775fe5ea0d17661a06dca4203f6950c32f0448715be104949f33

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BB02C91B94BECA3714B2715BC1EA011A59503C62

MD5 6d1cb5f3f26e44156699b54fc49df6c8
SHA1 e3ae93491b549b38f0501142f483b03008014f60
SHA256 0997d1a3132fcf37dbf779a9c7fad41e55f4affcf29189173aa394794a52e087
SHA512 6535880f0dccfcacbf7539eda127ff0a44e64178df9a6d3b59fb90981b854e71299ba5e4611c6f0942da255236f2f3d3d2b0b1c5ab6926a1758b4eb4f31b31b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 c2a3cde2cbabd017ae35059aea6081dd
SHA1 ade243affc1af2bb3a3d9295fe908ed6e5b09018
SHA256 cbef501df050ba897ac13cb5f8a41faaab5f480ae4d4e60a8bc85a8f49c13427
SHA512 9097b9ed67ff51ab3af559bf96fe908136ac1ccf461ce9dac63dc85caefec95ffb3aff73c976c9a1c1d5ee993e8195b36562765eb5e0f11b234b83bbf94760ef

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 2f25a4c87e83a5d6fecf93b36b6f6cb1
SHA1 530cf39f1d3d32739a5b15533eecd37834fc11a1
SHA256 d16c3b8888456d07ef42378e7ae5bee1aae50e9ed4ed47109c4a1729d107ab80
SHA512 9ea116630913fff6a87300a42e23c054f2362fa67656e114128f4c151a8103ede2a36e4dd42feb20c678d23882d004af8ac0b0efe3e5451134b573254f065007

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a6236998e74dc6fa457d89cfd47f52e5
SHA1 f5e4f84153938f64c41ab0ad57bac9431160ef11
SHA256 9d4efc38b8bdfab8d1bba3b457e56ce8a0c9e0a388137c1f3b1089fcfecfb442
SHA512 96f7835ae5afc42c5f51030618d916e4b47a242285d90ee6652cd2fb681b98673b509f53f3c6416ab1a79f985d8a8b05b471f922998afc27f3bcda5dc23441ee

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\TBGetRemoteNetInfo.dll.manifest

MD5 f45fedfcce4a78fd25ea62ce9c2f089f
SHA1 ff2f255a5a9342f3b494b96bad04f3687623f0a7
SHA256 355f202ffd0106f6af1810742223cd92f96a63f0e4867d963152cb52b171653b
SHA512 01740f858ac78561f447710f00590f160e9faee7e7ac085ff4ccdda0ac9a0147bad8c810f52ae78cad13b8dc81f6fd2869121beb3acb3bbc04a48861bbfb59a3

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DriversPack\sas\xp-x86\symmpi.tag

MD5 bc949ea893a9384070c31f083ccefd26
SHA1 cbb8391cb65c20e2c05a2f29211e55c49939c3db
SHA256 6bdf66b5bf2a44e658bea2ee86695ab150a06e600bf67cd5cce245ad54962c61
SHA512 e4288e71070485637ec5825f510a7daa7e75ef6c71a1b755f51e1b0f2e58e5066837f58408ea74d75db42c49372c6027d433a869904fc5efaf4876dfcfde1287

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\multi\res_ja_JP\res\TBEMLib.ini

MD5 f79221b60d91d23bb8bac4bd5bc49623
SHA1 5b690f0d38abd5e392f78330014fd728af351082
SHA256 be04940e3ed42da1ccf5280adf1491d67b4701761f911253fce39ee0a984a988
SHA512 4e92a410d8137762b362aad1a3d4f3db2ce6731c933a60b001da22fe24200db41f8f1f8e5469776a31fee007e8881ee999adf4dd0b76fae797d5deed8da47757

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\x64\easeusdrv.log

MD5 5f4d20ae853733def9edd92c0ad11d4a
SHA1 6dce530746c31dee82273ce8647bbd84fbacea51
SHA256 4581139c9440d7db5c1fe330f3d5af881adc48d01838cadc59bb721bbe09e8c6
SHA512 a77fe4278d4d4c1cc637bc539d3c991d2ae8a753d5e150c7d349f2a594b3dd606c7ce406416cfc3d891695f831fed15e5875dccfd293b7a98958b7ac9119cb41

C:\Users\Admin\AppData\Local\Temp\nss519B.tmp\System.dll

MD5 b0c77267f13b2f87c084fd86ef51ccfc
SHA1 f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
SHA256 a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
SHA512 f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

memory/1776-8530-0x0000000004290000-0x00000000042A2000-memory.dmp

memory/1776-8541-0x0000000004890000-0x000000000499F000-memory.dmp

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 6a5db3aa309f56054c1d6f4bfa43936e
SHA1 b5342f1345058008831ccd8208226262c2896799
SHA256 8464bfe7313fb38b924e044e41358b4eb856d97fd62e127d2f87a34ab790551c
SHA512 03119e9da2d19373d9ecfbb79272b23ba6fb3e380f95e6922e171bc614264d919e9b832b6478cad4b6cf20e513f5d034ac8c6cff777ab9d8afb3b66ba9b9d2c1

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\tmp_log.log

MD5 882acd37f9894f56016f2d9043832851
SHA1 6c85b63c478d05c1b8e825279281e6d16e13857b
SHA256 97dc18a7960ea7c1d7c29b41820934d24e1c3804f1a7e305809b8c904d3d524e
SHA512 716fdec3853ea93e1a457eb08c59dc0451f2578b9a6e380156bfb45bd1bcf5ac365f2c8b025a05e8e5097d0cde14c9e4b1805d84025180eddd165071d037304f

memory/1776-8561-0x00000000049E0000-0x00000000049FB000-memory.dmp

C:\ProgramData\SystemAcCrux\2058908056867f6eac.bin

MD5 f1ff84aad7efdb281219f262d45295c4
SHA1 db50b531cdb3e730f77d93b24f8fe06e01956bb7
SHA256 0741af4efa19e187b28b04bbaf14b5e6f620081ac1e8c18f52fe6b92981f0c8c
SHA512 7df5a8941fe8b21236f3ba096aa1cf6a8d032b274eaaa37650e9a0c51be804ec1a4b56e1c3bad18f5c55e2f02444a6ba90c6195e68774dc4703edb7cce9e94ca

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\res\language.ini

MD5 88c3ee36d2f6649e5c175b864bebbab5
SHA1 4ae9c046c237d10e90dda5f57bcfb5ce0df837c8
SHA256 32a49e27e9a345ff8965a519565bea6f0e4a2fe2848eefca0271403ddb7f7029
SHA512 5f128e75349ba7e66a97a54eae7ca950548bfb353074d1db34bf18bd803a8415025bee148632cfb7e86c06b11c3e338368b45b1ae2b2141b208f006b1fb5f4bb

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\Schedule\EuNetAuth.ini

MD5 83cfbb2818914f930a340ddee67b3acf
SHA1 17bb3f1f621799114e1583e41eb78321a13b03f6
SHA256 023a821c76090911a2a616791c7f155211a0901804302caf4d7d217b2c579876
SHA512 8b8bb7a2bba5b8b03162c3dc7c1e5a6e7cce4a09e3c0026a3309415f27156a8c66417394ba6eadcffe42637770067a6e7834237eef27daf339d56a1223360680

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\tmp_log.log

MD5 fe793db19bc45b2f6e3f38f992cbe86f
SHA1 2da4ccea12c1e864e028071afbfd0da6cafe88c6
SHA256 73ab920d74584b2867f31a3367d024fe632011070cc992625ae8990573e04720
SHA512 324b8406ef50eae40e1622807f34aba92ff1b9ff5fbbfdc7d0909f8403fc22766e5b30fc9029f950fcec67bbe7f3312a60ff2e4e12c8c5cc5194a9e92dd43471

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8767744d9df2ae21ffda923b54c8c63d
SHA1 5ab3c4df941f659dfc92190e2643111d9bf4c655
SHA256 b3b53f1ae0fa8ef763b8e35342fb45655dbd5778d63e2a9f54f2cd16b0e5f150
SHA512 24d5c08b8b77f1e42722d9276f9698caf5bad41d95f276bc91d0c39dabe84617e3535664b01d266e1977e912fefd62548e40ac6f770f1aef96f33e47e98a9d90

memory/204-8742-0x000001B50FE20000-0x000001B50FE30000-memory.dmp

memory/204-8759-0x000001B50FF30000-0x000001B50FF40000-memory.dmp

memory/204-8777-0x000001B50D330000-0x000001B50D332000-memory.dmp

memory/3148-8806-0x000001E90C6C0000-0x000001E90C6C2000-memory.dmp

memory/3148-8811-0x000001E91CF00000-0x000001E91CF02000-memory.dmp

memory/3148-8809-0x000001E90C6F0000-0x000001E90C6F2000-memory.dmp

memory/3148-8805-0x000001E90CD00000-0x000001E90CE00000-memory.dmp

memory/3148-8868-0x000001E920DD0000-0x000001E920DD2000-memory.dmp

memory/3148-8866-0x000001E920DB0000-0x000001E920DB2000-memory.dmp

memory/3148-8864-0x000001E920D90000-0x000001E920D92000-memory.dmp

memory/3148-8862-0x000001E920D70000-0x000001E920D72000-memory.dmp

memory/3148-8860-0x000001E920D60000-0x000001E920D62000-memory.dmp

memory/3148-8858-0x000001E920D50000-0x000001E920D52000-memory.dmp

memory/3148-8856-0x000001E920D30000-0x000001E920D32000-memory.dmp

memory/3148-8854-0x000001E920CD0000-0x000001E920CD2000-memory.dmp

memory/3148-8852-0x000001E91F4F0000-0x000001E91F4F2000-memory.dmp

memory/3148-8889-0x000001E90CA90000-0x000001E90CA92000-memory.dmp

memory/3148-8908-0x000001E91EC60000-0x000001E91EC80000-memory.dmp

memory/3148-8910-0x000001E91ED60000-0x000001E91ED80000-memory.dmp

memory/3148-8912-0x000001E91DDC0000-0x000001E91DDC2000-memory.dmp

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 2f9164eccaebe0cfeb7ca34a8209d122
SHA1 fc42a73731c0593c6ccc4538f3f4ab31d77965ca
SHA256 48ba0815d27b40a361657d00be5d5174c1557708fdc1daa2bdc16210a99058b6
SHA512 6ab0dcbbebafd3314b841c058b441657e407b31d49177125386866c84f22fe2a73d0fcc85ba319fda88c5e908eb23b6950517d8053a123ce3935314c2938f9a4

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

memory/3148-8985-0x000001E90CAD0000-0x000001E90CAD2000-memory.dmp

memory/3148-9030-0x000001E90CD00000-0x000001E90CE00000-memory.dmp

memory/3148-9073-0x000001E91D5E0000-0x000001E91D600000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 37b814d354d18dc9f4c7a783bcc2d958
SHA1 a55fc1e980efe0df2b864a0a80b492b072568b7d
SHA256 3c0d110036b5ed81b33e371b4464ede3b910f5e14047aa5c654fad610c594d91
SHA512 d2e68e0518efe6b4f20bd5b9335a7f6e2bf041b37804f704a04acdd658807c95fc945980849468fead6300463d767f8c57d667844ea2178395abdfc69baf8eea

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 3f898db20de0e07a2a15d146637f0045
SHA1 c8fceb02dec762dd6775d7086dd8f2af161c6f8b
SHA256 25b937063e88014829a51233c4c0705ce8bfbf9c01e1695d8dad657ee290f167
SHA512 245648bf945635f9a53a71f60a2dc9d0042ec31f38460d6053295476d9dbf810aff0b5cfd6a806f0ea4f8c968ea7cf3c3e05d6089b1fc74dbe90d980e20ceb5b

memory/3148-9201-0x000001E91F410000-0x000001E91F412000-memory.dmp

memory/3148-9203-0x000001E91F440000-0x000001E91F442000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\fav[1].ico

MD5 d65969a6d5b592bf2b60c50b6bb22b6a
SHA1 bafbda8e344efb63e932e6ac0bcc8efff212632e
SHA256 26f9c1238fd6067b167a67c6bc2696ac067ccf8a12ad4c39cc30203ee3421db0
SHA512 fc48eb052c81368fc99097d20d62a380e7375de834f0557d88dd9c1a4cadfbc7a594f69b701eedacf160a5ec835672b6836b74ff33eda5b24ddafb2f3f968fbb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 958be0e6c529c18088abe99c15f920c6
SHA1 852d27e6edf1e20c4a31fcd6db186fc21a586e70
SHA256 3ef034cbb9e02fda5c2c3f2f6bcdc9cf83d9573d7917f66179047f628ea5cd55
SHA512 32865d187818f4d9c989dd857d1df51200dabe4584742791e3f0a1c5eae4442b358a7f765fcc64be5c5fdaad230cd6988161e98b0f4038cfb00adb2a589f8081

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 41786dabda5ca8a040c658696f511838
SHA1 2ed7ef5e04c68bc6a49dfa6853c20a9cfb8d3dff
SHA256 8bccae8d9a3184859be13fd1a1ee8f0f0e75f052a92d9abe25663974aaf041ae
SHA512 0c13c575b98238baba079852f175c755c322facb59dd8508c90c6bd75607d06e77b44f2da95e73f68c64381af30d29774d96f367668a7c0f28c1f40b206eb84a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\8ANJ6NZQ\cdn.consentmanager[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4c59a46afb168005f63d51afd3285ce2
SHA1 319a18d22aa727f30a2dacb8533d39d67b787ab3
SHA256 c6e2b4015ce5750c6525c39efe1a45f95b443fedbdf1a7bf34a55cef902963af
SHA512 5f3b085ee4d89391acb37e735fd72b3ac2ecfbda5208a6bd59b298b2ddfbad14f7cf587c894ac48a693f168f2c82e91e85a5b021f33b938f024654ff368c198b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 d6bdd95573b211b7ca0758d71f7410bd
SHA1 bf4261086c580faaa4f3aabb7085a512502405bd
SHA256 a96e110f5281f04f9d9f19fc4ab74b257aba8f18b739350cafd90867c9eeee9a
SHA512 d8bb002d60c48c99e7ab6b1887b1085a75d71e8b6fe95e1f667c0c43e97f4a68386ccf2a474af541d920c41e46f7c867398e3641ff025903e742f0377484dc8c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 f9b597b855e417e9ec1dc45401bbc47f
SHA1 1d1292c1b7dd7b2c20c75cf3817aeb75a60cf307
SHA256 6f5f92ab48d767f8c7cee0f98a10b67f6d0f8872dbb415d20f838e1bba2971f6
SHA512 0537872b009ae5ed1aab9d6c797640de9b29e375bb78053b73e602dd924d34947a0f528d75bf2459ec84076f62daf305badc9cedbc15a665d33edd599647c574

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WFQ509M6\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 70d8408ced951ac5398ae2e19b39082d
SHA1 cf160a374cf4b763bc6566cb5b446a9ec567e604
SHA256 a2ba6d917ecdbebe9bf26bbca77219f19a84fc6f7bd10ded43e5c0b33c9d0240
SHA512 4c009f98b817318e81e63fd2a6aff3d993d8e8c05be3c03fe1a1c15fb70428c44f64d6c1d942a6ca88c9efa4eaf97f618926aa66f1bbab3b346ccca14e952fd9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 c3a443929a98367834d55bac3e628939
SHA1 ecc14d9501ab1021538506512de1bbc7444d8564
SHA256 5ef9f1f5bdf92b1ee9cb4a9148e4b507baf0ee3ecf5379a32ad171bcf75fb8b2
SHA512 d1959f5c18f5e9d6ceec834f40f33aa98b0e5eea00d890365075dacfea333cfe4b1af8f22d8ce3897b5aa7846e5cc1891d35ab2a9a590f3e1e01c377b7ed7bec

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 46e3f9eb48c9efe0411e4880f45a10ae
SHA1 93ee8be50fb222389201f0986b6db77f29e792b0
SHA256 1e4076f0947a81cfe225f4b1e86cd784a7fa5e5d334904383f8ca64fc827ac03
SHA512 8a26d4ac744186e3034a4ae4348168734231d73dc9f786e2dfcacc0a0b778891398420b9447114baa505fc1bd3576a24e696a6f91041c61a93d38c9678e82d59

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\tmp_log.log

MD5 5c35c7b3eeccb896a832f2eb6300652a
SHA1 926a5ffbeb3903fc15f4ae7cd29a22122b6e3371
SHA256 a0c5ce6209cdc610ed07157f057a53db20e51fc1effb0a603e550cf5c0fbdd18
SHA512 8a62c0a26d933c16a68a4f45763b89490ad14e3576e57417457376ba93f9915b86663087c0c77bd92d57612b1b03b41dd0c47dcf801426f54565fbe9850f7a4d

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\res\TBEMLib.ini

MD5 a02fb4037ebbe315a52fddc0239b1e5a
SHA1 4b978f6e6b918e132e0f712c8c1ba678b494b829
SHA256 24701f54d8ed7988d1a12693a06d8f6d397130689bce38a7928a260750a4b6a3
SHA512 e5a95656879b114c6e7907ac2e927fc818ca2b72d85c60d66606e8b452f212f9ad5b1e8028b4ac1267bce84d6c7e3462f7889597b4dadf8f3de0922c830df688

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 6b4c82e1ab67fdc057c7075c4d4dac1e
SHA1 c2a74d0dd8f0c250637c7c2f22091b2ba9bc65ba
SHA256 f2d64156ccd400a3438a854c2497f1dcfcf80ae5b3e1969f1052b7c41c99e111
SHA512 cc77c5e59919da4aca7f30dd4b1ee150a1946cb320c238547afd31874d29077b7e80f128ee799daa17a5f0c15a5256414392c5927568869e9fe7f0afbe0ad803

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 3a754b9a9be7389b3fb79e4a8c96e108
SHA1 89255a38f62c5a2f6850742d2bbb1b33ea832337
SHA256 f98989fe7c5940dcd8003324712df3dc4991457fcea7173647a602bbb0cca2ac
SHA512 132031078454710ebafa6f88ca813c97e00d835f97ed89c5fc3f6a09a8ee6031046353e61c4eeedda478dc2eada82ff84aa06aa5a8f39bd622767d07d85dd28f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\A730AC11\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 f8a3bf03b5994f26152f5e4de8ee24e5
SHA1 54c85e4a961eb620bba17052c75d8787d3a10c7b
SHA256 2da1b2e2a98372410647292afdcc358f3131af51e6d59547214cc14f8c394b0f
SHA512 0923fb341290239b7121210eabe69c594e5a9e4f38ba8cde7a61f22c683de8c52cad0cac7be7209adfaac6073e4327c7843a86514dc551e64f5bdd0d1adf50f6

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 3a00ee422ad99b546de6f63e5b21c283
SHA1 5e22efc38e206894781961075e809c93e1f84a71
SHA256 2fd1ab1bb3f2b43d763ab9bcc44b383b4fab4413bdc6e00a36dad5f4760ec033
SHA512 117ee4132e311d7c884c5ae579ae8845c93ff18529a60fc4eb7ee769412b0c63659ec422d8becd49ef3eb0ef76e2f2bbf1193aab68be7a752dca1a45335a7976

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 a1ae090567b554072707be5aec978d1c
SHA1 1775475d3a430a1d3163b464eeec1a10752a0ccc
SHA256 fd438a42debb05293efdcd784335482f00682844ad3f0be938f673db74f5383b
SHA512 589da3ac827f50413a64c2fe7c5c9900d40909a4de74d1c57e54b51002345005959c78caceac9777608f068bf75e67ee6087c9d4cff3ec75cdf2dbfe81538b0f

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 087932fb9b399e68d39311f068ef6636
SHA1 10af9cfd80d1d9d5bbea78f4046c4b79faee8259
SHA256 79c24d9ed75cc381b6833efb7da305edd234867ca9531dd06bea1bffcbb655fe
SHA512 a9bf06d46cd196566fb3fbf61d961034a167fc1b3b7eca0b9f62c684186059adf2a396bddbfc85c4fd0c1530c01cae359af6f986689ce3c60fd24666265c66f3

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\dc_update.ini.eud

MD5 d7c97124128043099cdfb8b613b07806
SHA1 3edaa9c1f9c6c62198d734b6f14442f8fdc8fa77
SHA256 ea1c13e27bf2c516e0b32f03879effafd853a36749a8883b488d435392b88226
SHA512 ae35e50abbf69d4cf89cfb38a18cfa393f2f8fa8d43529022a1d94bc83118604624781cb114e2ed4005facf72ebe753f7a1ff28ad5e4da349244cf7eb786167c

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 a205f707f5537aea63dc6a9a7c942a47
SHA1 f5cd50bd301f6ca7a55d08bfd58e8ad5e112c3d1
SHA256 73c1e446fbec499098f42e4af0773dd625a81fafbe2af4af2f321f6a7675dab8
SHA512 3c40fc8c2bfc59f9d726c7fe1f2db6a2dbc908bfab87d4228820b5a336da81107ac5e7a65ebafc3e0e5a03f716bea09b8b7752b0f9410774587ebe117a5eb544

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 bf3cf375bf2e335c171c53cb928a2a14
SHA1 433824855eff49cf8b14be9883f5eadc6e2f543e
SHA256 5146b44bdc48dc5e6161b6ccd60770c703efb1525acde7d46d3468ff2cece8ef
SHA512 427bf78b7915c21ddfc53b76d72581b0d9a48d0e1dd5af30afa9ba9099fc1e352c9b51d867ab654cc5574def9ab0b4bf0c9a72477bd1fd5330ef1e1125855509

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 2121619e913ce504be19458fa07a3176
SHA1 3fcd3d12b69115aa68a2dec5ac34dc6add47cce1
SHA256 7e6fcd7cf888d9f897d922188096cb0a7f477191939b190a59b1c55485a952c0
SHA512 dca7283b57d64abe8d95c0766002d83389eb1bc96e425041544b4e533ad973de59eb30f64721d6e8b51ac780470a8bef32340b009adc601625b5f99546c08693

C:\Users\Admin\AppData\Local\Temp\is-JJVHQ.tmp\TodoBackup_16.3_Free.tmp

MD5 43e2ef933915b0ee2f09383978cc1614
SHA1 e392489240a33cd8affd9664d628ae10605a39c6
SHA256 1d6046d205c10f11e157a6166956a19e65a3ba0d21a86f74a22cc11156317090
SHA512 e3b37ec9df9759af39205ff30f826d6c7a49d6049c12d1b9b73a288bb87776bdded4e4f3e6357ac01559f8514d14f381a23268e3f32b91ad93b85ec8af6e63c3

C:\Program Files (x86)\EaseUS\Todo Backup\bin\is-SU7PS.tmp

MD5 4f1c6b3d52562838a8e9908b90a0dfb5
SHA1 9cf9dee75fc9e945defbee5ff2febc2140acf50a
SHA256 134f778517dede6c8dcf3e26f79b05262aa1b21e381f619f5cb3ffcd5c44e717
SHA512 5d0c35eeb998a0e34c0aef562591bc17ba5195aed23aebf11bd476bde8978701413c4bf7d65c2605b02734f57afd846b255f8a475189c22fe69d5ecc399423fe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\is-L79EE.tmp

MD5 6895e409665544d87533557db3c176a7
SHA1 45afcb8bb1bb25118f7106b54790b8228f00580f
SHA256 6c9c8027ba2e11dccc4a0f3772bb9dcd6b7cc930133667dce4a5a5293bc3eef0
SHA512 255269093e0c0b0a45baa0fe595e4dd64e23b6aa00338b352c1e9113b6db0aa189a7de8a9141ff0d54e1e220840fad8bf0f4143374753f886b684c94f7079da0

C:\Program Files (x86)\EaseUS\Todo Backup\bin\is-OMSGP.tmp

MD5 c287ee668258df6f825b68c0e7d7c12c
SHA1 38976ef283a5e2174208c2289d69319d4654f6a7
SHA256 cc99a162b956d3b5ac223f1fb9daa384b89bd4e61cff2fc25cca7284599d80c9
SHA512 02eb4ab7fea9f65cd89276d79c714f7726d00dd28a6df1c5e6b559271af1dff6081309f71cf1e475025698e701fa1887cc579d1ec8156915ff2b1e137c597761

C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileExtend_default.xml

MD5 37fd55f8efab63059a754e4edf689e1c
SHA1 7a580ef42cec64aadc4f1501208b9f985178366c
SHA256 82dd3ae435a5e23adff312d2f77f1657f5015ef9e91deaab24c8b36fef2ee3d5
SHA512 7b03008ffd048bacc2e50caab5e4c37ceeb5127ee6d97422d9a9d529110f8f7ddde8ba2a016e369312badde165f64b415b705c8686c35d4d13225a58670e34f4

C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\is-II6P8.tmp\TBFirewall.dll

MD5 8a855a2cf1af523298673d3f274c5d23
SHA1 14190e840b4ea194e849531128211811b59759ff
SHA256 bee5b968e9ce00660623614cb5716b4dbb558ab0b64993643232cdd70f39a533
SHA512 0221a71693ccd5eb22c272e90e238cf0c8974fc9ad832411514b8e7d8a924955c1f4804fecee9fc6a98f12a32b01c49ad66608c592e06de588adfd206fccd5d7

C:\Program Files (x86)\EaseUS\Todo Backup\bin\wimgapi.dll

MD5 5515f09dad426bdbe97c36a2695b98dc
SHA1 d29d07f2d2c0b6ff0ec61e096fa970971a948e3d
SHA256 225279f5ae5b24a3019e8d8d7d007fcc1f891966889619dd31b942a5de908e31
SHA512 26e4ead65f5b900db588be763965a02e02d5e362878b895fc553ed6e3d66e1df037cdf46e5fae8f62d523b8885e9ec9afdd1b06a2d1054e0c395b6be77828235

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\ide\VMSCSI\is-DJD3N.tmp

MD5 8136823450e7437e00bfe638d0f193ab
SHA1 353328347b9733ec6c5446ec24cd5c51d1f35ccf
SHA256 8c9e74823669629f7aa20a249b2159d38c013ba709ff40460c60326927b7afa7
SHA512 83dfb633df412a49b3cb42d7ea5dbdc23ec5a1367cf514995c9f8eb6e44bda2dd38841781f88e8c0d2d59dab9933c24ee0aeeaa4f13df0a331d86e9d54d6c00f

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\ide\VMSCSI\is-P8MKR.tmp

MD5 ec7850e3c9587b6ffe80098d30d8250f
SHA1 435feafaf0879edb5bb62c4f94fa562e2f3637aa
SHA256 bf201086bcf9e978caef1918481189a3901a6abbf51a3cd94ebbacbb6dc77969
SHA512 2e06981c916a12622df08839d0763d6aa33944072f8cfb7e9af7d7a1b109c829304c506924256029cfcd2c2f98f2d5aad1b0704bb2152e0bee9d7c5fdd011b27

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\ide\VMSCSI\is-4S6RJ.tmp

MD5 5a3bbb01a56d1375217738c30f2052af
SHA1 969c5e8e2566b203af8e834c3dcac55c93b299e7
SHA256 02b8bd2bd4975c3fcc32e3eb908ad95760352319d4fe1d31048e21fcf519ef7f
SHA512 9255f4abfc4eeee626e6353c33cb38dddab1f4c8f4d85bf619dfd9a91f021c091333ec7e5542fbb820928c8e60d1fe6398e17266050fc4e23c2128455c88a757

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\ide\VMSCSI\is-R42JL.tmp

MD5 55a928c40c11870df5b90300ba329878
SHA1 662d644aba5acc588e512ff1c37091cce7269050
SHA256 7cb582be4c783664887f601f9ec125873f8dcbd10ba417c8a2d24e813a777dd9
SHA512 45daefe8baad90caf9ec281cc6ac2472f4e66bfa3e8d49500b0555543477b11903d086fd725243fa46e05290d6f8a24c5b417023cf9ba45ce7bd2ea135a14a8e

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\2012-x64\lsi_scsi.inf

MD5 e9196583733140d7567747f6a512cb98
SHA1 b273a5fcdeb6a09ed0f0fb519084ec73738ed45d
SHA256 e8dc75bc861a70de22cbe41e407054f3fcdb17f11b19020910f21b44d56cdcab
SHA512 5ea2007a35efe0911bf18b0bcafee55143b5d8332f71aae3b7754fac0d2faf1ff7db05c74d5250164e722745186077709dcf344840bacb2c9f6215cabe99d16c

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\2k8-R2\lsi_scsi.inf

MD5 ea9538c8dc8547afb77fe8a4a2bb30d2
SHA1 fec0b000d924cfdeb225a44fa3e17f70ffb2b928
SHA256 6d3e68d46fbc5b14af5137ff36671190ad2f044c7e7f7c8dccc50e95f50070b7
SHA512 48271ca3faa25ee82f06fc45fe21bb11c8e05a41d86f0d652a8e7248a9af717d0ffdafa0fccb8d19914115016a261db91ba65a99636d2f63c80c429651b84bd7

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\2k8-x64\is-EFJJ2.tmp

MD5 64b8211e82bd7ebf33f8eea7b984f468
SHA1 cf4b4045633fd714981af96eb5aad2804ec8a035
SHA256 d48f66a6116d8ed14efd8783c3581ae7334889cfc39b2c4a941e533d6c87b80e
SHA512 b5ed840b9ddb23d481c95227cc5ff3cba52fbd414c97cec73ebb8a346502a264caf9570cb91108fbbf62de96f3fbafdd3e3cb671c9183b83071fb3480785ee44

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\vista-x64\is-8GVIB.tmp

MD5 f445ff1daad8a226366bfaf42551226b
SHA1 72e354a8968cf6a8f1cca12d2abc4d7147e6ec8a
SHA256 92b63e15363f1eae8a54d4e74ed21669d0a9fe99c654671556c58456228278b1
SHA512 b5af654a3992196b9f913d848dce40e07dbbaf5f5d5764a4707804af3c2dca537a2036c8022551c6362958045c83d359793f5a24a46d259a3d6728e18e35d240

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\vista-x86\is-MB2DR.tmp

MD5 912a04696e9ca30146a62afa1463dd5c
SHA1 649e0678e77a446fccb18d7764d36763b9a37f47
SHA256 1d336d47b9d1c8449f29cdb776c092235e3d70ce53d9440970533e376eb004d3
SHA512 58fd28e0c4e981fa13e4709fa01d0559dedff0643025e48ac817c3cc7447c488811018d9a4dadb1be231af39916dd37b251396479165810b9191fd758f8b193b

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\win7-x64\is-AO2LJ.tmp

MD5 0504eacaff0d3c8aed161c4b0d369d4a
SHA1 c2dc26eac246f0780b3124ac04e1b3acdae985ea
SHA256 4d272237c189646f5c80822fd3cba7c2728e482e2daaf7a09c8aef811c89c54d
SHA512 28a92a2b6a312136e9e7ff9884c6012794f3281379a6bfa8fce53d545de5e78025fb135603fac05d53c8666eb4d928282d0bc9330ab1bf425e9e1524d7d70598

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\win8-x64\is-1QJ24.tmp

MD5 216fb796aa4e252acce93b1bcb80b5ec
SHA1 c541b29c4ffd3246a5ccb508ee97e559ae231d12
SHA256 5b1e49b5f7b9c7a778198d27f8ee500fe35dc32d40b22a3d6ed67560beb04212
SHA512 767f82f4a737f60e7eb3331fb835d25811cceb5d39f6e7632a449fda6e2efd2ea5aaaddc06bdd46093001ce00f16c41d609b821e19e02e48cdadf6bc06088b80

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2012-x64\lsi_sas.inf

MD5 333957bb0bd82077f1a05462c29ecc1e
SHA1 3f65b3f852874d411c353d2042aa1042d6bbdc16
SHA256 d455ab517590cf70f682cea6c37bb66d8b7b0a3b64ffece08b7b5eb9481464a5
SHA512 8dc10c8e418c406253fc18f5475e589af8f681de53148a6db8598354780025427661a50a4546f1cddb788bbd9cc6504f575df1b0ef4c94b382da81c09201f640

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\xp-x86\is-OQU4R.tmp

MD5 868204832e011e2d64281d7eabee572e
SHA1 d85095e14c324a3d5d795b4cbe5fd90125c3c813
SHA256 0df5c5c6f8a864f91202172e4cddb066cd6bab5d8c3e3243708ec5a9e37b8627
SHA512 b2c4964ba8dc64780f279c7fe22ee1109ecd30d2665220e5b80b364909da98f7a3fc4735c5d98225a3c1723e12f02b79a4afd5d6f33af0390b3764dff69d64a9

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\xp-x86\is-KH3C6.tmp

MD5 f243aaaa51e11ab2afa96830673aa00e
SHA1 37cc597d7e74f0cc5c3d67747561618b5ddf2747
SHA256 72b4ea350f430fb3c50589107202f12bd677cc90cc9920c27c7ffa6b3323b938
SHA512 09e79a190e07c3d6ccf413dfc34c1ff50358219a932138205d4ad163ae64835fbe8954a7f24777c3605c6655915d62874fcb8eee45c77835a24096968970681e

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2k3-x64\is-OLFO3.tmp

MD5 534f8a3205b2ddfd8cb07d368a13e783
SHA1 ca8bd3159dd1a9dc9ceb38eb25977822b71d7849
SHA256 2302ae6e58191e047cc25168de16273030f119d990b1af27038d1698535d56f7
SHA512 c43c5a55258d95de90d95db488ec48395ed709d2d7dbbb6fe28733565e2ea9b8e840fdc1288de16a629db744a96aea663882cd46bed42d0534e8fa9df845990a

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\lsi\xp-x64\is-Q9PJ3.tmp

MD5 d3b52787f40ddb43acafa01583b079fe
SHA1 bb1cb30be3516720f04b6bb50cd3cc8f2a93a4da
SHA256 44c724ac0cc9d2e36ac240553aa3f05010ee13a72a6fd3ed1c5faa148d90e782
SHA512 a44cef2dfbc622123e23609528ef50782e20c3236b2a103c594c2536021e1b8fd00a9368c84d7ec58e7247d09ba4571ebf3dc125f48a2fca8546f1cdd75d2208

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2k3-x64\is-R1V85.tmp

MD5 72c0382a4aa36e8e1b4008b5fa3abb2f
SHA1 6b22c561feb502df8044883e2ec80194c9553181
SHA256 679058c36574b38bf6cbb7a06617b3d24e439908496f4b1e92b05cb1c773db2e
SHA512 eeb3c5ff4973ae4d06c27e933ab40eb2af2c90859c192638dafe8f659fd16c189b17ce422705566b644a1543a024e830774ee9dcac771ff3ed0a8efa941e2ebd

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2k3-x64\is-F2GG8.tmp

MD5 4d02cf495970c1d0ef511b04c08ee307
SHA1 cd051a53907d9e26ce9ebdb8e413cf1ca997365c
SHA256 344dd3692f1d73159422c580315a548360e588d0035e4ceead70464c0b317381
SHA512 011d0afccc0e32eaf2eca2da9a4b0e83fec48d9fd146b11622ecc2e29a7c483ae8c7accfae24771febb5e7c4bb0763eb2a09a64363ef53d3212718bc2c710d3f

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2k3-x64\is-6VBUV.tmp

MD5 b7ca91165b7cf66453aedc1bd757d9b2
SHA1 3ab62aee4b0d1a4caa5d79c4f74f330329edf439
SHA256 dd99d280e174dd367ef95979346dcaec9f6aa80a72562415d9ee04ba641c40d3
SHA512 ccaa4bfbecb21a3d4a6971c8e8fc126e9a8e32c21e9dc149d64e5f04e1e3885f3c74cd8aa53299e5434f2407514f20e316fed141b825a98cce009c980761e871

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2k3-x86\is-90H32.tmp

MD5 4129fa2c013d71e8f0c774a6ae6d5c7f
SHA1 4176adb46550a9e2b1d9e4952502fa603a9c621b
SHA256 78223df8820e0e7ddb924d6a9b7c79fb8405749dc58e9ca0560ac106ef2a5e12
SHA512 ee4eecff7b051681c89440696b13d7d3dbaf5f6344988ddfb387d690a5bfa2cd45fcf637faa0281256012f81519da30d4dcdc664ce7feb9e08a79188fdda8d3c

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2K8-R2\lsi_sas.inf

MD5 72a3e01b0ab67c4870e66522ff8e6e58
SHA1 3ddf1814f964e46b0505fae4cc68829d7971831c
SHA256 e59f2b740630e7f46e15f02d04926d3b5dddb8716ab989dc4f39f3958af751e9
SHA512 fd04bfbefe1da7766bc3fad46110345398fbd3b941bed73328b0afe290c7f23a6d27c9f1fb2ba8f2af5ca2d5a230c6fcb907786805298028586d53f2536b32ab

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\2k8-x64\is-VIE5C.tmp

MD5 239d24bcda4f4c215cd7b39481155181
SHA1 a5c5a83ce15e5e00e31dd1c8a7b3705eeeca5226
SHA256 b8e1dd75afa5dbd796138f5cdb79754be7c3ae8789336591e6c5ce055a19e32c
SHA512 daa8f72e34dab8aa2f92eb0766c3c3f9b9ed52c33f2b8007eea3cdb85bb470dc4788fbefba3fed2c0f0b2c028758779e091a0ccedf968ea7331d4939a428cfe5

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\vista-x64\is-GU6Q2.tmp

MD5 799ffb2fc4729fa46d2157c0065b3525
SHA1 b7ba6ce6881a3d1c054e73eabd8833fce12cf002
SHA256 ab462a34d061c113da12641c45159a58d0aea1c440233d061a20df99586cfa93
SHA512 153624923e54dc3ae838edeb5eb782c1d82f438b8947768a12fba1fa8b7f036526f9f33ba2ed0b79a4af535b3dbd37d12ec652bf4a78c6e6fc1b64981582587d

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\vista-x86\is-E2OGO.tmp

MD5 ee01ebae8c9bf0fa072e0ff68718920a
SHA1 2d97290409ba45e84a2aa093075e5d4274b59620
SHA256 655924440e611278998226299645bc72b3627a8a057286dc8d65a162cfbbe484
SHA512 09a7b854341cc913e18cdfb1634ea6bbdd5e3d6be87eeef28d6eae9d96ca4c23ed2d8f3c7c250b672ffd51d35307d8c40105be5106b6cb025f3491071b7ff739

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\win10-x86\lsi_sas.inf

MD5 32d26e0bf2e56c9e15a6f4b76f3fc88b
SHA1 5b87cdc81e9a4f3f3bf71927b05ec6cd7ba77f40
SHA256 b9b752e8dfb354fa79b0579a48781855e16ec5ebdae392a8d6104f6dff30efec
SHA512 3bca7ce059843dda5605d9477dcceb8d80ba7f6c134dc17efb292ab091c1ffad0f9b371dcf062e5f7eb01358a003f272ad25a9e054c936c34b3f477e69827967

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\win7-x64\is-I3HI9.tmp

MD5 1047184a9fdc8bdbff857175875ee810
SHA1 a703e2888e1814b571e99797f96b8f59f9e96044
SHA256 f2251edb7736a26d388a0c5cc2fe5fb9c5e109cbb1e3800993554cb21d81ae4b
SHA512 703ce4df651335e944bce185aa7bc131cc9afacbcecca245d4556f4dbb6b0461f525090c394aba2946ec2f95cfac0dcb17a8ef26c170fe0da7f9b71ac7d91eba

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\win8-x64\is-FO5N6.tmp

MD5 022cdd12161b063d7852b1075bf3fff2
SHA1 f7e6818f1d1884fb7e50ccfc40fa6a6d64107fa1
SHA256 e21267243af2fc208d27e67827b1264a762c99aecedb7ad2c48a04f421a6b2f0
SHA512 6340d9e9cd97a48f60bfa85cedc00f24d05a058a2426480c0db37b913ac1d7bd19322ab84d2b17bd5eba838811bd2f0694f4a28919d2c8e6d73819b77cfe2b07

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\win8.1-x86\is-C66P9.tmp

MD5 876ba8550e9f1f4ef8a7d056e66678f6
SHA1 83c0f6912bfcdc6cfb985d1b9112464d5eaebbca
SHA256 55937f75d1332923fd348b9931bc28e379debc13841e0ee4d1330d3d4e7707df
SHA512 c08b017299ad447dbb26852c81c61c142eb9e31515ba410af270777d4cee8b6472cd5baa0998ff6decde411a2966f721cb6df9ebb4d6250f101343a06772ebf3

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\xp-x64\is-RP5RO.tmp

MD5 81ef8693451002ccc7aa4a152c00412d
SHA1 07fb6ebdfdb6e4a919fc25c35bd2b105ec906968
SHA256 99b673b74f90a981d35e2580037d6a35b269e5594c32ac623e7ef24b7a387429
SHA512 f4faa185273b19d0a2e7e37929117477735b5753033677b75b05fd97205af02939dfccc995fac930ffc576ac9ddf91032367a9c31349edb651a1cabd201236f2

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DriversPack\sas\xp-x64\is-RI058.tmp

MD5 b8273d836c8bc8af34a70cb64c203e23
SHA1 56a5d250e9e97a2b6fdc298a0bff3fda54e08e71
SHA256 8b9dd5e17aabbb5634c1d1c9aa38f0e892083cdb9bfc3ad518c8bd228296f48e
SHA512 c157ecc676153dfd679ed0400462b171073bb4090581de230fb50d75d72af920872c80eafa0ec5584106ce1554b04f5dc11727380ed47036289b36215fbd6e2a

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\7za.exe

MD5 8acdbfc9777a604cfeca10f656c0aaef
SHA1 58b1c08912fb2f1388c69ac747d895d1006a73d3
SHA256 47ffbe04a61c9011badd7716ac7b3636c21eb6d0ced549607224779339764147
SHA512 21c955ba6aa543b0419256dcbb4d2b42376dc361f2fdc475b1e2d907bed006f31a1d8c06c044412b33330bc4a330b44610a3db908182d75a69275d7ba498fd50

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-UF8U7.tmp

MD5 221652d34cb9b7bee0b5ecbbd1089546
SHA1 d25b9498830507e24f72c7bce07fbb3eb2a3af0a
SHA256 a5d6aaaa12e3ac9e2af9adeff3983923f58665168613964822150f3ba0800d82
SHA512 7aa66b63164af314f9f6fb86d0fbef7a049a5c3629a4391ee6e4eaae3c8397fbf6596057af7b063413a8903f66880cd9a885f10a31ad3a8d5662430bcb3abde3

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\atl90.dll

MD5 55241ddc9a3c9dd0ebecaf78d4a767d7
SHA1 f65f38ddd4f4ec5ea0ea2fe069684072cb8637a6
SHA256 9645f00c8cdbd96ec61a99443ce4eaf178cfcc164848f847b70472c377be4fb9
SHA512 04f44715858280ca3e95605b90dbaf4bad20712cc03243762d2372900c4ff7263baf45e98469bc3e493b2b047fd0d04b371c5070c6dc70018aa422f4626d9eb9

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\AuConv.dll

MD5 fd306a29934d84ed646e71661f25f4f5
SHA1 e75f51b1738b272ab6d3280501ea68784e99a320
SHA256 6d4c96d9e2470d814450e196a5788366a99b6f341716c0d06169a9408f395e27
SHA512 a882f5fb547c03725b3a98a001dd68ec2df971255d3bae7116b0d9faee010c36c6d656a8c30b3fb05e7b4ef0f180b47905aa767c97d13ce554c415e076ebc7ef

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\AuConvEx.dll

MD5 e66211f9dd062cb43a8543a8e0e845d1
SHA1 6f62412303ddc9132f67b549ed1e8c4fe3142b40
SHA256 1960acb6f59da5fb8be25feec0e1b9736d7ead75b0f57d772025806046d198c7
SHA512 e8fceb24c7c32ae553a5f4942f3eea33b51cfc7f7378027578d37483b2887edc0d98f2b29b1efe379ba52a2dedf92e1d9d9d1a1bbff408ff34d393872b53ad5b

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\DataMana.dll

MD5 2dc27034c8fdf782c245c0b6cd27778c
SHA1 c6326beb793f52b9dc456c1a2074c6199ab57eb9
SHA256 90a9ecc1f37c526c952bb86b47b0df50d85175c7bb3a0ea59b90fe58fdab2eb6
SHA512 118e46aa3b350c8e9629c17b4840764cdc089c62e18f2b1dc7742bf8ec41a65dc04f5ecbfd751c2666a9bd9ff71a37a082937b4f0d91d8f0f9465a757d865a60

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\DevCtrl.dll

MD5 585353e5ea55a84dbe56c4cfc5829c30
SHA1 2198be1de2536ae582d6f496146b9d99608839ff
SHA256 c3f7890ca7c30c3279b3d7c145ca3f87bfb3621ca2ea027df7e4be96405c0da0
SHA512 52ed461a17beeb0fe511c66ff0be7b339beb91d59131d72d656e4901549da43c06189581845708b223ff6754aeadb1f97c3eab710ee252315ec208b49c142c10

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\dlconfig.xml

MD5 64fa6a2b969428202b88fe8f68aed572
SHA1 4f62fc2661a68654f960fdf6f1b7e000e720b9ce
SHA256 932f206929e5f763a35f825326e22569ccdd7d306a729435395d947c9a9e8ec0
SHA512 c3beb6a297f4effa389edb8db0a25a25dd66395d0ec00c589d682bb99eeea4f8fbe3615bac63d356099e940b34f3fb72e668d0f30643ccb0382c87746dcf6333

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\libGuiTheme.dll

MD5 2adf12b81a639f2b4325e3ded91fcc55
SHA1 2642775d87866a2b56507606466147b043fc464a
SHA256 98ae799cbb9a49ca6b2847fe7ad7e72ce2cdcccf39cc9b29918b8b3589f7d8a8
SHA512 4be63b91d649360ad1b9c2bfd28456d1f76fdf70f8d8eea99ef93b2365f56a9a51ab3aeca8cf9451474a6076350e508a9aa6b96861493d13c81f592c10a096d6

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\mfc90u.dll

MD5 52bbd0e905e886413a9e6fbdde8612d8
SHA1 8cf55a4e9b3d73611ab87800b0eeedcb3427c7a0
SHA256 05edbe012dac7de6cf398af14dd6007dd83b63a3e4f930972b12a1ebd75c0d41
SHA512 6d541026785008dcfaa962c242928af2206afe6ed8802e30ba881a583e1f63e6744fe50d3d5a4e2f19aea81e908ec9a9e13f7070ad5207843553f3f231a704cc

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\Microsoft.VC90.CRT.cat

MD5 378e43013ceaac08368673b7d9fd97e6
SHA1 853d0bbb2a874a9b97609dab2c5276fa4fac4a5c
SHA256 81c6fb67356ab72ab5375b7179a5b0c0467d524890194360783cc4971fee6142
SHA512 186d425fa81f1a99b379effdffb1e41fdda7e40f26c5bf25bc43f266f6f6b33052ea31725af25ee6e8d9005b677be388038747955f755669c8378802a3683421

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\Microsoft.VC90.MFC.manifest

MD5 a4f947a900e60561c05f12ecc0ac9b8e
SHA1 89965aacff28dadde79e09063b3421c1befff041
SHA256 e85ea26d156723557653b22c10adaefdfa0d9615049541a74cdb968f146a5ace
SHA512 38c54a752b53c60e7fe2a7c66f81757e3f047fd37339ac2b25c83b6a61320ce646c407c2ad90eb68e91702dbffd0dd3c9a39fddc2ba1df6c187a525e013b7d32

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\MSVCP60.DLL

MD5 cb21d826d9c39aed19dd431c1880f5de
SHA1 6eafcc2fdfdf73abea334ac7afb903829f6ff2a6
SHA256 f1fd0f1a54f196b19a6f21044092c89c02353dad173c236d80f6474cb8a7ea7f
SHA512 d4223a0ad6118b1dae8505ad4675f6e87e4fa9ebca6fdbe2ee3f0ea868ced15f07fb5ae2d9a41d8992a9d41a9bbe4b16f7ac6eeb1c99324ed8fa3a8fc47af150

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\msvcp90.dll

MD5 f7cd95a47f9c2291db184c6c4ad7e120
SHA1 67cba6f7fe2dd19b2640a7217cd968177bf100aa
SHA256 10859f06f41144fa32cf5da223511f85fe349b1d76471ef65f0395dac606ef63
SHA512 c96e17345d5b893a56d1004227e37a6906ae6da53e7cb33679e00bb807c28f4016dd6f91a2c038fe843fea56d08a55cf54ec3ea54b3a77f6ea0a08979ab7c965

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\msvcr90.dll

MD5 23b134891c08c7f04c1747f6bcec06ea
SHA1 26a77ccf0e62faa436255e47a0c3c8a818733193
SHA256 e11ce4b90db815359b2d76f95f623fc26924c5a254f0540224fa6feb623817e5
SHA512 30c89f058b3b9ddd39ed7a3e3c470c2df08940dbc3ea0cf72cf271fa76ee19d956ee503a3fa2839458fbd2a61658ff3aa7f8326e6eccae9c11ac78b4c2b84c14

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\PEtools.xml

MD5 0d14f3eb891e132eea91e3af15afce7b
SHA1 5db3076a15e4f633528f49dfd22fa9c7de41fd5c
SHA256 a05864295895e1294958d7df60c996575d53c2a7bdacc5bc60bc9ef5e404538c
SHA512 e78a6f2dea7081e8462600d7e33776d0ac9b80d79e1dbfda39fb7e930af2d9e39ab1dadd2236f61ffbc3f3f9e6eb4b977ccd9e7ab52f6f4d9ef85e98149909b5

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\RecLib.dll

MD5 d5f29700bb1c0a3757d32bbaaa215efb
SHA1 21552baabe443fceadfcf642e6c23453e313026e
SHA256 a5fefad13b72c8b9534881d62eece47b24ca512378c810055a61232d39fa7419
SHA512 309bc9cd75974d1903ef2175061e5ece117728af42c12882e30c108920d2ad98ffcf2877d9fc166d2412dbe617e508b05667988f95f9125b86a93597acb715dd

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-F5FV7.tmp

MD5 745891b48573bfc03c6f5f9c9c8fbe6d
SHA1 a15620401d87e461ecbb27d1dfa34abf89ef4ecc
SHA256 3086023e0a84f6eba93db25699b2105a1dec0ad399236fec7979582f2258512c
SHA512 3de77fdd14287913fd6d7e3d2a176541fd0a1fcfcb4ff6479ea1a661a81d2cbbe24faf30856d4e3861a778b4b3ade8ab1f476f53c98d12c3f34a4f5e0ec47359

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 b382ee8a6a0652d11e1ce56c3909de38
SHA1 ef0a948c54c4d492efdbb59e5440c36e5a12ab43
SHA256 d53a2f9ea191f1121b184f15e7a667d388afb771383816ba08b5cc4d18a1da76
SHA512 a2ee4515ffda67c8da561d619fa5f494e83aaa375bb3b20cd49360988e97a83bc82c621a61bb04fdb674c488f9d6505e111c294f200c2e34387658388d8cae2e

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\UserRes.dll

MD5 098e1a87229cd911324a0468f53df622
SHA1 fb19eb2d63efb8b266cc8018129d1bd03f33e7ef
SHA256 3bf17bdb26844b63022a70249efa647e8282d6f574ca6ddc823157c2c7273be7
SHA512 4c0b8a2bcb0057d1fc3e88920e5764432ade500aa34e85b06b7cedfca555c3df4098118a4c5e2e3acefff87b053df71a5d26af6f0d557e52d9a931efcd51e037

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-THS62.tmp

MD5 b7ba206767d9c79b5e75d75332711b6c
SHA1 7f8aa32004d480902905d1a0f457be242a3342a0
SHA256 277b8d048e71e1f0fecbffc3acfff281b4316691c3a379f563731de85394846d
SHA512 6e021f3d6f64e2416f4603d995df9e80f750e0ccd9439bad9ab8dfbb1a2d579fd13a04b188e95bfab34d1bc3aa7daf8272e132ac12006573cf93114cb69d374e

C:\Program Files (x86)\EaseUS\Todo Backup\BUILDPE\EaseUS-x64\tb\bin\is-6G253.tmp

MD5 2b8b6494d704afe8776214c367e586b0
SHA1 dd0ebb499afc6ada6ed076a61a737a12f3a289ec
SHA256 6f1967b5bcef21da98a9e809de788ff40118fdaa69de16827efaaaee8ff220e9
SHA512 d2882aa995b01301e6cd25d624f9ada72f438dce4a37dc022b9c84af5126b55c85137608c7f531366f747af99e95e3d866c75e894b622583be8248057fd5b298

C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_ko_KR\bin\is-8IK3S.tmp

MD5 cdda247180a1ec0237f81338accd0562
SHA1 d7ca48e62112d02cc7b562157d90657893e97411
SHA256 3e54fef56a2311e9c0f9c302834d3fdc7f22e218ee3b182608b03e549dfe67ec
SHA512 10e4c8d8c1e23beff1fa376c95548f70da5cf52f8d90ff8e1cb6857cfa6e10a9e46c07e27dedb112d1da94de61776b860c0b7d5d274aadfd61710e6a523466c0

C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_portugal\bin\is-Q049T.tmp

MD5 7c01e08a831e589b0c7cc9ddfec96fbe
SHA1 ad8ca513c3f0e1f46666bbb1768aa25d4e78b63a
SHA256 6121763719cdd62922a661b9380321ef3eff47f76224d332f884beae28ce9b01
SHA512 efc8d821f75ad217d503bb17fa7fe897aacf6865219c939247c85d9f8f3641e2651879ba81c6b981567c6bb6c03de4bf34e9cb42b9d5f605e2525463316e927d

C:\Program Files (x86)\EaseUS\Todo Backup\res\is-JU91U.tmp

MD5 00e9c74c3c0e58ead786c1e88d675792
SHA1 0305dd77f36baa866c2130114ee52c0fe2d20c22
SHA256 3cfbf30ddad304ba247c26533fb3ceaa71e87b62b05bec11fdfaae4c59f3d662
SHA512 47b995b9abfca9cde69e74349c7613a4cf6d1dd68b398278362124d6a036e5dc7446b62d5d98134c1da255785c7a3c12bb49659d2504369aed4d77d950845da2

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-FAD2A.tmp

MD5 4f2c029d5787e8e083db185a51c753a2
SHA1 abf3b31af19a162d78ac65541d097b4e635a6f67
SHA256 28a6a58838756ad63b60e8b58de8f0894bcd13c013d24fc160eeea8499089201
SHA512 9ef092a43612c00c30b6352771619813a0ac77212796c842a87279dccd0f817e5fa4fe091b77552148a45a37d02f968ba34350da202fe381f324b76b101ebe7d

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-NQNS6.tmp

MD5 984084dfefcd61b173f1423b71ce9596
SHA1 ac44506d15c51459ee9c1c1abb278a12b10417d5
SHA256 4ae8433e6d233f86a904a6bec3d3daa07522903e180380d1b2717c2c42fdfac4
SHA512 cc17ce82061ea13e0a5d29e0f3e5fbe0b4c000e2eb780ff0393f786bd4035c956e01ce72903cbc9bd8793299e4132b0fd09de4d7f66798f55dd71cbae040f783

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-ACSBB.tmp

MD5 79e4d5a792c6c6add5327c53f8b771b5
SHA1 7271def4a6b3166e30886615628cfefbbc6d073e
SHA256 96d800ab49fb94573b92074b23af76266beabe7c4f08f84dd4e657237356e8d6
SHA512 2d87b27fa79b4cc8a1c00ffc85e5b5fe1004cc1610e1d6caf10ffe48fd0d32a76ed53231b940a43aba31ad69a7c60ab66306b343743ca00f1ede902631a4296b

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-5H12D.tmp

MD5 0f7660a3001c01c15bb283e86a69edc3
SHA1 caa26ee59adc0b3c621b467a3dae4c681aef1c62
SHA256 c54b6bd9561d8b6320bd7c69021b6ea4e24a903d110c2de22baa5a85e15e9dfe
SHA512 4733d17a2ec712cfe2bffda4345f31398b128ff7862a20b224fb4baa5ba6a61ab516fbe5fdf6c0b2c7e541ca735a166d701bf88823df9d390d08b86b33089875

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-4S1O2.tmp

MD5 c56d1d569054dd0086c38dc5373a5a8f
SHA1 c338d54a1f047364abb295d0d61304fb6a402cc2
SHA256 bc10255d92adc99b5f1b3c58b94fc52643626efd390ad5711e48c66bc925e883
SHA512 e79e47fa5e414957b0af38f7faa2bd3dbf418e7b0be43f0ca01eec31e442c07449ba715a85d36637694cf2a1de679fbd3608bd5b41cb914d6b1aa3192bc18543

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-GNIR5.tmp

MD5 b977e6fd2766cce3cb003308edcc7dbc
SHA1 226256b690992620ccafa200ea01acc6616393d3
SHA256 e53ab2c052fcb8351333e2254ec8bff23b5bff3d1627d59d5e1113b96e5dd308
SHA512 a0ad3ec57c0c101212715a0bab4ff0d7d1f5a422460dec45bca9bb5771efeb9e8447d769ff45d4b50c54a5ec84cd1b923d083ed91abfe5032acbb1abbb4a72f0

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-V7I6K.tmp

MD5 a8b910e5c1aa8da812879025da3fcef9
SHA1 ae942e36c70656ced33527472619673da8cdb55b
SHA256 713c14383d4165f4a2c7fb9a474cd1528c8248c85447cc48e8f59083aebaf324
SHA512 13a64b2b684fdcddd78baa87fc86610bf234a665aecf89c90fdfc6d360e61605ba1120a53c81c6046e8a7d1eb50ea7f73929a6b9e366ec1d40a5933b2397761a

C:\Program Files (x86)\EaseUS\Todo Backup\res\icon\is-H0SON.tmp

MD5 3a6901c097c00b32970b2ff5b0e588fc
SHA1 7084ddf4a2012f0b27807fcd9c86c9f25c7824df
SHA256 bf01979ff40272136e85c401119925474a4e83418a438e92958fdcee805cc2c2
SHA512 f6e09d1f1a49ca0a1cd6951cbcc4f4c03da0f9e00b9819a658c73ab8a135e64c39a8d393262d141231e8f6a6f66fd4564dde418aa196b3f64c4f7c5d4ff08860

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-JUK0Q.tmp

MD5 640ab9d2305025c5f354e00b63ef83a9
SHA1 5d946453afa50e4fa5ec07e1f25f46c60aa077ed
SHA256 b1a36ceb4bb4e256d944115574dbf110c146b046dab01e918f9c3c8808ed0874
SHA512 450d928910b3f9eb65a0f54eca9ace97c614f8056fb8ccaad3d914fdf416da657ccb539362fb10af6be96779e7c86179ed0ae5bf43de3c2d533ae4fc485830d5

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-7FUCH.tmp

MD5 809d8ac4c99d2481f269778d7ea15e62
SHA1 bad7eda07ed740f048c648d3f3a4e854ff90bfa1
SHA256 570787d874b80e9d56ce8a507174f00db281ed68b7718d5e2a1db1752c6d4d18
SHA512 932ec1c86bbc0bdc1377988ec0668e2ff55c154a9982284b27620e0ebb7b60e3dea89d67ce5c812632ca2753576fa6dde910059f5824c7af87b03789dd24eb10

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-S80T2.tmp

MD5 24331a2305b8c414942af50330956fe0
SHA1 4b627d12c38bebca6019276178beefc04cde4cf2
SHA256 f2c9d9257cfedf76ec18ba702d2e44c34038d89baabae8d37cfbb0df4724c69f
SHA512 21bb16dadb59a646c84fdd2d9f362c55f6e3de8e30a97da44b4a2349eea38c1e7f6a98fe70f7f3d80ba1572ff87c69c3e9d22a77aef8f80e71a26ea2bf2c55a3

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-J4I5I.tmp

MD5 a86c2c361c04cf4d8aeb4b7a76ee197c
SHA1 d076eda2e47d23dcb7774f87c678928f14cb1d0c
SHA256 56d91ffe081d40317953cce68bfeeecbff2fc7b19e47b51809ccf59757ea1fc3
SHA512 e2e65cd7c945f820f01e9b1fb5a8eaaba91abf6cec1d4a245c32544ea66222ac9ecf00f8734a7884be6591d789370fa0674c3ee1551175627ea6351ad25d865d

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-QF1CC.tmp

MD5 f5eb8755d315f3177a26146af6ad7091
SHA1 2cf46576f56b1eea970d6551f39599348ccce8a4
SHA256 34eaa9e48511a8cb8c69830f39922124f4873ab12d572ab08cc0170b73972c32
SHA512 449f3d5a5c19c2bc34d802dde3b9563ded19b47f775988fb6f64e6c5503937f2a72cba869481a9dfb7ddc685ada50decac22ae8d6427fc05d4ee5e5c529c5471

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-PQQN6.tmp

MD5 16b4c93a5e8570a53754d1160a733899
SHA1 33187adfb8073654ba1104e1c24e6af4b0d1080c
SHA256 94daa553922d55a43a55bf33c0ad3770324ffd7d0e054c9f189063e53740f25e
SHA512 8a39964d967721fa105c627d390c5229ecd47a6f0dc5f615f06a9572c38a1059b3fc16956b32ce6ca97f1a69b500b740b63df7c9cdeefefd20f7522e28200842

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-V0ROC.tmp

MD5 a5c8b9a5ae875ea9897101c004926197
SHA1 ddf84d2fc28002ad19fb3e711255a0be6da3c5c0
SHA256 cc534797d8d69948acfa879ba8f56a114bb4529e2b3ba1c114e402ddc6d44ac5
SHA512 82e9f20ddc6c25d39d93949bcf65555667fe377b9f99f30bbe035e55682fe2ad9cd10382a6b5d4bcaaf4fd82038293e1c130ad6faf86192953064d88c767b5d6

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-8OTUN.tmp

MD5 b4f18e42ebb4049a02ed310c912e228a
SHA1 2b5c17821935ef3b0a2ba03f6b64860c343c1c27
SHA256 fe3c5848ebfd58791da0eba0a15237a7c2be8e7049a449c498915aa7e3085a5a
SHA512 fd829947f6a10a35b0a4792f8a1603a524494a9da8575a3a975190c488b8131801cb38e182c70909dfb4242f2e9e79f7972214af87bba7ee25e5607247dfa012

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-HEF9E.tmp

MD5 e6bcfdd786c72baee34467c8b00fb99a
SHA1 deecba9ca813323731c7b36a80baf512f88f1b45
SHA256 39636252a0fc0359e597272373a2e6f1a5043aeff8ad6cea9c67b4aa8f0fa516
SHA512 b4cb6e06b7473954376f322f5e3d9b23f1a2225fd0597ff7e2b70be03e6a4ef350c0aaaf561c17f50dc304c32ff163c2d8d9e0de2580e0f39e6ef32b44c103cc

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-25GRG.tmp

MD5 912cb00485f82c43ed17c9d7fbd2254a
SHA1 b828a1d0a4868cf8f847ba58e82ad9f4614b6052
SHA256 da531e7beede8a94ef093e3ba9a93ce6ad1ef08c738100b8ced034f6be381c4a
SHA512 ae0962d1e36be12aa2928da66fbe4f2280e03eddea5ed03097fd8041643801bcb301ed4caa1d455c8d54250c8a6bc9daad51a723ae75b336cad8d47476fcbad9

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-RQ7QU.tmp

MD5 8c7d1111e81c2d67db6443ccee15f99b
SHA1 0cbf58df6c23780d98e993cd09b443e6b00dade2
SHA256 1a21c4e6a1afd9be4ad70fa51d5f3a4a32a65cc44f29b30a68b09231433b1343
SHA512 3bbb8f0d08f25660e4a06ab492d10dcdfbf590b48fa6995a8ceb548aba2e1e1395f41d308b6f82ab9f78ba53651418eed5d56bb0bd0694e507b8e8e4ef14306d

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-TFACB.tmp

MD5 1329bd238839101b5ceb87f1b288d6e1
SHA1 d951410172ebf959ea49a0e40d6a3b2b942cc162
SHA256 5ecb202e7c49da254ffb4d9ceada7bd5606e873d71367a0c1399e63036fca90d
SHA512 61893eca22bfb2283c5c41fd6bb3d412a0fd0ec4976aa48f99303a9cda8f471e0b477ed9bf0019b7bb955ebb5f11f6a60dbea524f11337e1f0f5d5df27b48267

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-MIANR.tmp

MD5 5320ae9cb26d72e4023a173a960264bb
SHA1 208be2cfeb6b187c708b98a48b1c6d9d8efbc540
SHA256 f77f9a40a7aadc3c01cf0c4ab98e09dedd3248383f4c3e7982359f73300501c1
SHA512 c06e38106a7dca4e935ccbf62749ebd48a0978f5a184efc7af13af7f283d83a5c505e735faba004ca7b3119b8f64823fdafc22ce874f7d707fef0b581796ede3

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-9L2DD.tmp

MD5 34022369ebe1895f9a58205131209c90
SHA1 023780ce350c880e2a6182ffad8d99761d40c7da
SHA256 95f8df41fdcb322ddae0dc210d3ff345544ff0851e47e9416765bb47c91fc71a
SHA512 51c2fd34fa6b8b3c263682e389984377ecfbb5ded170ef019507644946c106b0d530f1e887238156f7840b300c62a353cd5dd4876f8972bdefb21283705943b0

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-OHBQK.tmp

MD5 08b79a5c95b85af1135e0662c3d2d54a
SHA1 45819b3017e559183cc866b816558c6f5f432dcb
SHA256 0024516ed1f427f917d1b15d5400cfa3a758ace223cda9688eb81063241ead92
SHA512 29a940e7c7f5c9216fe3f1a2bdf445856b0c0a4585fd507ca6e97694e7d873889fae5324a24f9248354a4ec88128bbbf9100f84f7a56609b59d23acf7c9b47f2

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-KCS28.tmp

MD5 de8ca4b5e21616a4ff9e68e04eef55a0
SHA1 c3410d22afd466e6b98d943cc95f2de60d47b782
SHA256 129b014a35486452ac7176fab91054d9315fd2f29b4abe1db52abb78738fc520
SHA512 bd47ca1e571b323295409f7c25de33fd6b3207198fb6942b4e92d6693d276058c8a14445ddd12bf1e1bf927c12fbb74a366f1b3170c5d3705a124afea8457bcc

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-GQKQH.tmp

MD5 b558c6f1a1924abcee3d66e5e6255d15
SHA1 87037625f5f0163fff2a9a4947d1e7706bba2a3d
SHA256 ef8b21c2d978a0ea9e52e4a9c906573ec9c1b045b43f43abb044947b7accb594
SHA512 f02f8b7501138df6bcff3d674e7cb3567c836d0e237508c937834739efc6ba4d3b7b1ca28ee7be2a5fb79685e4bebdb60c04d01ee6c699868a6a2aa2b42132ea

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-U78U6.tmp

MD5 eac67c5f127bcdde3890faaae414ba96
SHA1 1440a709ee1d4d19d9a672a53eadf1ba35817314
SHA256 1e3f0e4ea13b7b96f045b5a426539c1bfd696c3e186cd87a0e7820bb7df8e194
SHA512 e83bde89c444a9d0befd7b7cacfb916aa82064e9304b4dcabdd9fdc988451b0faa961a583da060bf3e635063190859469536f751d3fd7788859f067bea907a86

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-ASQLU.tmp

MD5 5fde1ab832e0ab40da9f39bfffa4598d
SHA1 e6ecb4636c1a080ce27cb3dc3c943726767c1d13
SHA256 499f78a099ccbf3e5d4ae8bea9c950ee4dd11470545edce6546e43e7cb24da8f
SHA512 66d53bf745fa27116f2f0583392c38e9288955acd8d3458fc2475e3e43a71efa3fe6c76c48c6faed7db7cd2edbdb786910bef67133a5847297b399daa7b95877

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-O44HP.tmp

MD5 e6b6d03b796fdf378a4c434f2cb22869
SHA1 5f13fdfb9ec79da7eaa5e89dd0cb9cf5c3f8e913
SHA256 4203c97b67a4fe5e39205e9aae128a644b7313a0f1c5930c30d33306012dbed6
SHA512 8491220283e1a6fbd03746eb6a5dd82ed8f5421c81fd1ee427b0692d2d2825685c4bd009e968751e18d140f0798d9571d0e0f2c4ea44766844940298a7b7eef4

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-6GQFB.tmp

MD5 7ee73406cc0de2741083756320c6d0ae
SHA1 c267eb2f62587d15cf897ace548b48bcfff1715a
SHA256 7ad7451d3b9f2c5fc0432b549e289be702c5520181a5f53cccd17cb95516585f
SHA512 853d12c8d1ee35612487016cd9a04bde7b94fa0d1fd3d7435511a6c942b5c2cb75ef0f236d3c7781487463f437d6f2d34a4385a808c2131a6b5490133c4edf32

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-LIK8P.tmp

MD5 941bdfddf4d2cab06593d8d4edf1cc48
SHA1 bac663ee7dd86123ab97201254e29147759cfb95
SHA256 1b96b5804d260a98124df826dccfe0f4b20e0163a452c619a489235706367f3e
SHA512 9cbfa72697a91fdf6f36b3126436d2e90f3a6314b83c2f69483587f838d991d42630f3973951209d6562b75a0cec9cd7acd3ef41658e460dc24e0f87192aa8fe

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-0TGHH.tmp

MD5 617e01b599993499f030907a4e103643
SHA1 aff2e3df7aa50495115c27bf9585576df3f2f6bf
SHA256 732235b588bc58d867932759ba8d984abdde0561df1129c54b818a87d88faa93
SHA512 0fcc71fe32aba491ef2390b58d0d75cc55065e1b86699fa2387c2e18b4b636ad0c407dbe31bbd2246598c8eea06a88bff5b00305db74b75f9e68fa18cbd2230a

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-9HEK1.tmp

MD5 304ddfb7c5dc9d5b0f174aeab1b1c1fb
SHA1 a1e3e64d7086ea8f38a58a3e9085d70597e1f6d2
SHA256 4eabd08d672cf1dc44192211bb1358eff7c74bf45907e4240f314f5e15900617
SHA512 c1ee3ce6b52f4afdcb418db6105fec0cd44af5265e1d62ee528ed0d3e2470684e87088c102fd9628b2686a3ee4c0f65351ac9b1bfe028ce05af41bc28db4c3b0

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-GCIN8.tmp

MD5 8a49146ed397d24407fcffd1d725030f
SHA1 63a77b868aa21fec71f7411dc7ee8f4e2c8e4fa2
SHA256 38f9cd5ee9997bc03e341b446bc52322ac895a631dc30c02ba79cf4518f4b7cd
SHA512 2d6efcab6eb9f943cc0aea16d6c64df9a73ec71d1673771b1bade5064bfb92d233ed06e4563b6c8a0b63904e5ad092576ad90d8781f794530234d16189e44789

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-RLFA9.tmp

MD5 add876f201782e83c5dc113735b0b528
SHA1 4ab0530b5b82acffce6a50eb310cdac923e4fc28
SHA256 42177e39f957bbdf779469ba8a815ac689a045db67e362823fdb119a09f04e0b
SHA512 d0f70c049ee4c33bae4592632d84eae24d14a4193005330019d69048ae8fd35deba4547d960cbbfe1c0cc015c7d41d00834cea50410ac9c4cb6f17d45698a79e

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-CSJLH.tmp

MD5 87a818a3004d748c86be5c98d37111b0
SHA1 69a6d859d598ba3fd6dc63dd98aae8b5baa2a8a5
SHA256 cbe939ab20b8de5cb6a6791cdcb000e0137c3fe2bce350744958235d024a95c9
SHA512 dc9721beb5de051ddc464f8992438ce4381411c766f2726f7e6a1d0b69197a977fca5cdc84d51dd83e153650598b1ef56882501f7069d6b6498c2f215ce91a78

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-5MPLG.tmp

MD5 89ade203f027a647fad075b20e618c56
SHA1 5bae7cf2e6f955fc0a5f088006a8c398864b24ad
SHA256 13339bd1bd64bf641479e7668d5301232bb655ba037b60e5b95502a582c8d2cf
SHA512 ab097b42a6413552d60bf8a1b757b6b3cf5a8be301912a8a2deb3d53a085eb0891b87b452e1a3f1fd703c5230af49fefbec4c68dfbd2c6e0345910169ea03662

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-0610H.tmp

MD5 24571d09e037d63473aef027c56dd38a
SHA1 7d20889fd727450046a388527dc0b965c2b17bd2
SHA256 264d0592c1b19be8885fa0d85d703857db075a3f37ab0dad73821b61da799765
SHA512 c89b133b1f7804e3a4919456f276e26d34fd584580fa9810707c129c16cc9c6ca217f2d1b5df2629419c97b2284968dec076f226f55b12032d268caf26215654

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\OGG.png

MD5 194c0674578b83323a5ab019d1487689
SHA1 9ee0142bfc4d23478743e7f9225b83ad096729bd
SHA256 ad373f2b63d6090ee1a5612c7af752e33009ab514a20513e2c33d634ded51d01
SHA512 43be32b9ad8786ba04a57c18b734a22bf76ac405d76f46a93e119ee21c59f62b8faf0a6a1fc4b7de2e6c952bab62dd93d8b554934dd2a538ac14cf9c4ab8a6be

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-GKFC1.tmp

MD5 285c60787fce3f399daf38700d33b901
SHA1 93124d0c3dfd33e5fc39d90f3ab4839849fcf00d
SHA256 60dee0cba1c2b8af84d9d46bad9c19e7485638c3a7fe45af5d4ecd8f3114cf48
SHA512 35f41f117ca843f3593108cc02f84f45b2e2950a8e9ee3e3f41b8c08a3f29a6f968de4ccedfadfe59c38967352e151d9d437b962a35d60a9946d851919f49b1d

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-LEF6Q.tmp

MD5 4324734748ba151bcc66e44ad71b8491
SHA1 a1eae445496b82edf7239616422e886cb0e3f7e4
SHA256 8f6a22fe9cc6598b2a26268d5f29ce23a18d6982aa6688ab034198de87e5d52c
SHA512 72a09070ca0e4d1e6bf9f4a167fdab459de4af2f347845397a55f60c2809077485b4465406d8dae318be1d64abaff9bda5253c3d3493fc5214d3f00e018a5efe

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-T020Q.tmp

MD5 1f1d62a0314439912f4dccc7e1516518
SHA1 1ff5fc4ea4d7e92c0b94a874faa67debaed0cfa3
SHA256 7048f2e5b5dc202bc0bb3dcd4403f83030aae0db7971828ca801ce5061b7ec80
SHA512 a9faaa8686d72b9278419228b134aeeca3fce64f12ed4b630a67f06f831fddccfe1608488457bcce611bfcbc6c85a0489b786b1ce48c2d091364019f5c2fea48

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-QM4RD.tmp

MD5 1f2f4bf83f562801fc02d16c6d5df4b3
SHA1 e1afd34acb15ae893d2dbc326199336d6c1f962d
SHA256 f8cc209287b31364f61b2aa69627236a71de8f4f88691ae24e53996d9b9a494e
SHA512 5e43195bdfa8ff906fc352bfec2fabc8e579bb8463d3b119d46c493211c380aab0e993cc7c41baaea478e518888f62fb0986313ee94b8db60ed49ec3aa4b1989

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-1HN2H.tmp

MD5 b7d051173e2bd9260193a3347c7e43d3
SHA1 680f331c0029a033b2a49b710f0af5366d419680
SHA256 34756c0230b598b1744e677f9cfffa3fdd4bcd87bb2943838eb9d6a8ff9ab296
SHA512 43a93b3299041bcf47a0f2b6cf61da52909c37ea66d745c725c1dc0d5560628388e9d8d55071e95f0cb1737d507d681791dd2e864ca9d3d1ba257896d562e356

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-O46L0.tmp

MD5 55b2dc0bf7cd9380aff72824e9545a61
SHA1 d29c627b99c7b2dfe87dbe00b6679d84e3d4412e
SHA256 19c9a8db69aa96ae0ec354e1f6f9da4706f24e2c424fcc2c1a2c65709598dfb7
SHA512 9d9af012c3f10792c8360180eafb6a3e74ad5a9e2f627449283f3eed82ecb4c7505310a17cf7ded09156a3ac31dc255602c36bf69d608408d1f8ce3641074142

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-OVS75.tmp

MD5 278a3f5687d43bc2b0ba94e31a049834
SHA1 e0ec7c1a9207965e59afac4bd0ef061c65945225
SHA256 d51592fa7809634f1f0aec76cb6b18a0662f0e051e3a664a1cb15bbbce8cf77c
SHA512 b02bc8d28d525d3850c9abc754c24bab241f30c730540b3f921d7ad0bb4cca5057ad97b65e5c2ab142cb88f0b71ad10da5552f8905c4b2696a887fb85616a90f

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-65UBE.tmp

MD5 a264982006abc4787448d49c3c89560e
SHA1 ce4c2674de9bbb4f1a710ce44cbfe4087d3206d2
SHA256 51e4eca9cecf8396bf610fce4d436673a208bf90fc955154b54234120d6336ad
SHA512 fea16f8cfb9e7a0d64b5e39528e6e086b39593e80f94d773225e7df871e8892fc1422f93f9b8ed25d8ac18f2f426be2bf339e83c037baccba006371178b5655f

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-MPF67.tmp

MD5 3c26b082f69eeffb24573d8c2bd36a9a
SHA1 9adaf2e7b0b7cca9502aea45451443506db67229
SHA256 fc7ae3a8cc1e1f6c66eac7d3214b8f1d2896b39767ad5675cab6e98c4bed0c6f
SHA512 167db3808fdfa291f3b6939e45db2337b4770606daf7968e10248f92200c50c7a336f927d726a61402210aacba642798ed060a4a7e05a65813b50ce6c713a217

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-EQ91C.tmp

MD5 0d1a54372c17f72c2ec769d89b569313
SHA1 aa2d52de2f6a56dd09bba1a06a66ef65c03955d4
SHA256 58c3c0bc8bc30f326ee968eec403e77c7f6cdda2a58dc27fdf747f5cfa09bcda
SHA512 8329c253bf9b65a6a74879ddbbfd12ec7cb799ef97ed8fc0138bfae745237a3c306573ee7ad0700aab57239fbbece313a150b5f105e986e948b0dbfd5545f5bc

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-LTR7G.tmp

MD5 18b70db13e91b988aec00d34ff082b5a
SHA1 cd3986ddee39b6839418492ab7f0ec54289f7e4a
SHA256 1579e1c94ef4c583413cdac31ffd40013fca8e17faccee23e4d2579523abd79a
SHA512 63117b75c1bcc3cb65c67639662ef83e89dd4e00572f3efebbd0918437977bd897225866da0fb09313bd75bc8aef5bb419026e84b46b62cdbce74f8bb8ae1748

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-4RJFJ.tmp

MD5 0eb5bb6d345503f5b8c24afa5692423a
SHA1 2a7e833b1ef9a0f0abae3cc086e10327aa9a479c
SHA256 929e769e8714be4f082aed3d307a4a5095c749e5a164823a93cbb2dd2df971ea
SHA512 5b50aae584acd7973cdd32b6a046a4b186f54598721d4d1f5e0243c2f9fe84642f95bb3348d516f121cab15f914098e709d5b3d6a0e4f3190e95421b0bd001f0

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-BOPHR.tmp

MD5 a0282c40595cda474d13538d6ca3fe79
SHA1 3f4cbb1af1cc61e659f02ad69da7e2ed5e21b264
SHA256 f2b3cbf98be5818f023416eb32fe0f44cc158adcaa89cd9a59c900974f5731ef
SHA512 31bea84c374af625e8541f7708696c9322fe5940b918076dead749829c067da83a48f135ba4fd26be14216262a2d0893d478fc17658b81a286435e1c3d2241e6

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-1ROGN.tmp

MD5 3d7663371edfbbf9bc8081c7bb8dba23
SHA1 3d1b75639901b6b3081151aa9fe304e8d81af77a
SHA256 921b3d1fd7b6904f8cb33de82719c72a6df966c99b6464e77258b30658b3d68e
SHA512 81aafc2e9b0d712e7246392e258827ebc5b2dee4b3c868fa7cbf186040b99b4eb5250bf8986429cbbcf5944f24698bed87c4ee6364bbddbb498eac961cf31072

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-FLPUO.tmp

MD5 b4bfe6830daf57b35fc52dbd1c8d25e9
SHA1 5c9a3193a50410132edefb62194273f20c4ca677
SHA256 c413f1e28e90282193ab867682a833531c9d9c2074927099df3a22d209506d32
SHA512 67e32a02eed78eaf7cd33d6e686d56858d19c8730161051c89efba803633ea05f0e64b2deef416bf6b3178e3449ad05632387beda4264f7bbc22f48dc405cfe2

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-E9QOA.tmp

MD5 a49154d59e580e15c53ffd3aa5a06c40
SHA1 6ff306d31d2c1d08cdbedd896a393c08969c5bea
SHA256 15d12b87de819c8acecdfafb47affa872e940b0d7a99b22f392a0f0e66ee2bf7
SHA512 89d1f50d679b016b4ac699883042268cfb173d398115566a8ae1493d3ebc42434ded651c52bff6810de8d9879ee6d7fb677ab76234089b4c3ea3dcdfb2b7d7f3

C:\Program Files (x86)\EaseUS\Todo Backup\res\iconView\is-R5D8P.tmp

MD5 69633c06e55eb89f8b5275c176d1b186
SHA1 7a12c64b10faa5d8323683f1c585595cd7cd94cf
SHA256 7086185025773ec011c224be5c34317cfd3d7c82ca7da5fb1330b5d103e8f4f0
SHA512 7e9d0f69a1e63be7a967d786618dbb63fc05a976548bf613e86f9a253fec28091d33379d5af8233cb80dfe23eab4b4df5acf67a93877050465d0594fab9b78e6

C:\Program Files (x86)\EaseUS\Todo Backup\res\scene\is-FSQ85.tmp

MD5 12b019e6fab1464e910917dea26f042d
SHA1 a43e4e5a4964df889cd61a9a4417c87a7b75581e
SHA256 4a56a595783c9c4748930cf3102bbaec25078aad4468a9aef6090267b6cb8d26
SHA512 abae673f23ec7a19770298f744755a6d724735d56d7a7f446f099c8da181a1b6f6d3e9a10305cc7324f8ee7c955652bb9db07f69d0aa20bb58e3baf33c84a4e3

C:\Program Files (x86)\EaseUS\Todo Backup\res\waiting\page\is-ESFKD.tmp

MD5 2d288ed6256c92a30b486a0db2296611
SHA1 6825d7cec607e2e7bce9ec7c4c8756a9dbfa3c7c
SHA256 f3599c19758fddedc23f907487c9bc0b411afc9b17ef5fed9faadc0122de9679
SHA512 7385faa3ec49c9cc0dd45880958f72a726cdacef04ec886b1f5c988a9fb334015bbbfb643164f9ea8924706b68d669b59dbbc76eae67c4b0b6970f8d09cf7676

C:\Program Files (x86)\EaseUS\Todo Backup\res\waiting\page\is-84LE9.tmp

MD5 65ffd05178792a609917708996f384ee
SHA1 b71e5e874ade50a371c8531e2e56c110926d512a
SHA256 a2ebef6f44f1fb3db06136a4ac84573550c741e6ba3a87b99b66a4d4bc77a4a6
SHA512 5df26e7c7dbd5f035f0b9b84e7dfc5f74d667841dea8bb846183ac15dcea1d6ed8a3419c3c534735a3f8c4ffa7c2153a3573674d93bea8d6d582e2f2a74aff96

C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_en_US\bin\cloudlang.ini

MD5 de69dd10ce4a988b4ad1adc0154324d6
SHA1 1e38280eb7d747384a4bae12e18f82411ce2adbd
SHA256 0fec3d27eaeb0525f63ecd18ffb9d2d5bb37ca2f3141c448c663af509adbd0c5
SHA512 06516e75e5a3f566afa4c815c6bec8fb56ff53643015cf74a2a76ef5cdb0dc4d7ca144daa8c91749bfb8a4565e0f411c0195e68437f2229503e9153d0b838b52

C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_en_US\bin\DsBackupConfig.ini

MD5 bb29c529a2fafdbf7b68030ca86f1472
SHA1 04120b957479e69ff6502b7c4cc75fc7e8987613
SHA256 afc4da9b88cc6d6ab6a693468b46223dd4d27a13b49a7ea1a7c757463f3080d7
SHA512 9cee3069a56bb76aa1074700c2a4eb4203e5eea187af26fd38d696b168c335429c64b3cc6d63b33952db68c34ca108309301b1563ebd32aab9c4afc672007401

C:\Program Files (x86)\EaseUS\Todo Backup\multi\res_en_US\bin\SqlBackup.ini

MD5 e0395dcb73063d1abaebe6d6fa7fefb7
SHA1 61d8e63dc09c6f5dafe93ec1205bba22ef645b27
SHA256 91f0ffbf2587a8b4a9d55f48d2bc766c5d86674fd76b7b50b54b35de0b707a63
SHA512 287e31bc33d7d325168b39b74eb2c0a14ce409639d613f9183fbcd749e81c26d74fe19d1a53819f1e9ef2e5ea755726105a4c11f3d77d47bdccd7e7c91268d65

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Loader.exe

MD5 b615a54127ca048420dd68840b6f2abe
SHA1 52fa072b3a143495e0ce335f82326d09ca6692fc
SHA256 232f1241695c62f4e18e87ae2a211e6b0964174a9e44e979fe5d57a28eadb088
SHA512 13709997cf76910ca34957cdd957fa44fa8fa0d09a3296ca255596842d02d880c5fdcdf4fcda8888b13077a7dcf735a324252f122a59bfdb335a2149712d898f

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 c97f1a279d22c1e953becfcb27a12930
SHA1 d603a87835d1e1d3d1e005727a877ca1139bfab1
SHA256 84d4ac9e756fbc328f380ccae7609fc369934d92dbbd8c99894637404f3d427c
SHA512 8254eb453f5a642aa96f46022a9744aa8f450a197dccf29856dfad2f2d5660906a4787ece53d5fbb2b43186d0e8b1867e5086cd574874757fd276f69041074f9

C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\easeusdrv.log

MD5 9df591eff741fcfc2f541a513fa16954
SHA1 42206acb8338f5688ea73e6ea531ccbd86f10099
SHA256 81b7be46f7ed6d754e135d798fc46c530ccf374bd0abb666d5df837785f8f9b4
SHA512 694dfaad91a337a7880253c3c95bb7e19e59e54939c7be599ac32686e0d852186315a81a44d8c88ab35813424174470d44c9e1b385a8819bda71911a4d1460fd

C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\easeusdrv.log

MD5 523e1b22ab5975ef913fdbaab79e224b
SHA1 38b53423fcca3a29273f080f3b66b76ada8555c2
SHA256 cadb11d90d265bdad15e86f0f2515ce79e656707ac1f97275e607e51d98d813a
SHA512 550637eb42530fb8f267b906a640debe508d1594def113252a31e885f09f0825cc76751c0aee28fb8e170aeb8de3d24ae06abd8a0bcf07269e2e698265308c1a

C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\easeusdrv.log

MD5 814bd6f2ce4f0a6ad37e4756ee280192
SHA1 f8d231ec3c576b66db0347314d9bcbb6789b38a0
SHA256 f78da0194370334bd1e8befda75ee192c0cda1f829fc7c86117cff444d32f8aa
SHA512 7728ee92c7b5ab9933106baf4535a40ecc4a30e2f4217ef86eac639086aab21a7ee443466f47f3c3e582674aff9e535777fa5fc983e363f658e7c97276148884

C:\Program Files (x86)\EaseUS\Todo Backup\drv\euimgprt.inf

MD5 d479620907d07c0051906c48abc88f37
SHA1 4d03604958dda1ac63be65239e71ecee384f1870
SHA256 3667132e03e0172fff75d6de245cc04d35b56d0ecd81b6bcfa9e8b225b75f230
SHA512 db8618d674e7c15cf46c0f10f7fa2b3a0c7f1ef53d53ddfc2184feadd27c0c351f5728bba7693dfb0b2fd14c2cf5fc575a67fac684b8b4ab41825781a3ececb2

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\tmp_log.log

MD5 07f99708e1f618669c1c4b860629fa67
SHA1 469e2825f31cf05a3f1d2900c50475e8f57d9d7c
SHA256 191ea5962570cd431380dc5217f0d31a043116fa9f0d6aa465028f126a809108
SHA512 fd883ff38fc7eb15f3a96fb830abccbcec5ac26c6250d3a7ef3ee9acc30334bab2d9672f4a67fc532579fab43b7dffa009ee277afd6d0a576941bb40e789c37d

C:\Windows\System32\drivers\SET8EF7.tmp

MD5 3e593d4a279673803993a8584d8c85cd
SHA1 f6d0b384bf6197db78445f57668e3b36b1c73ce3
SHA256 d3a7a5f02c492e64442dcd5e2945633263c11ecec83e6c22fe5005e5d22e7e0d
SHA512 78a7d267761988cce41d018ffdee2c4b6e0ecce998775a02e64d2edd5192a9d5ae408a9364678192971e9abfd1bc6267e1d7d50a04434e129acf477679a29c06

C:\Program Files (x86)\EaseUS\Todo Backup\bin\EUinApp.exe

MD5 221b7e46ebbbca5ecaabf2b3d02bdb7d
SHA1 0b5dbe78a80bbb5d8793aac1e52daa2a31228348
SHA256 3deb0c0ebd6a66ab0e053e62125756e32f3755b7d69ac8f91ddafce8d4854ea9
SHA512 d7019f3e18c5cd121087db24a3b1fbedb50fd81f9d281c0e23c37b6789657e4663280d9ca900b53161cbc4a18290d92ddee540901e6dbd62d506ea18cc27b0a7

C:\Program Files (x86)\EaseUS\Todo Backup\bin\default.ini

MD5 8b981350e8d66091f30fb8eebb71308c
SHA1 518303aa570192c90012861c6a5627e1edf4d36d
SHA256 4344a47c6c9efb4447a738b2c5f9a06a16577d918cdd546f6e3f9afd1f83af66
SHA512 cf3bc8a89a09c84b73d9f2572b949c5da5089849cc71ace67d1846e9f2bfba8954fd79a2168ffd68d3b4bfcb7efcb240b5a9401c81145ce2599b4dd80761e951

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DataFile.ini

MD5 fdc2cf68be67b03404d81c4c51aefb49
SHA1 8ef1d07ac7f1eb2b95e80be03df7a542d7ffefc7
SHA256 1c767882252759e3fd6e1dbf5de132fadf43190d1039364d854127c141fef8d2
SHA512 1d4e8c8404349722af68955ec0d8ad75709bd0459923dc0e18332684b39e4c6cabebbcd7f910e7e31ea12d05811cb245bf40ab16d1719bf4ae89c36ef3e02858

C:\Program Files (x86)\EaseUS\Todo Backup\bin\InfoForSetup.exe

MD5 21ce1adf741319a85e646dc47860c2e9
SHA1 9790cfd09e9c7147364e7340ee1246ff9f6b46c4
SHA256 74eb4703e4004a9bc75ed0799dbe33faadd60a4aa7fd9432cadfa622eb53079a
SHA512 3fe2cd385efba9309c8b0426c425dd87fd9ff8742094ecd8fb04347077cc5288ac78e3261e254daba46fa0c2f0dbe2df5829040ec76b6e1e0fd5bc30cb3d488f

C:\Program Files (x86)\EaseUS\Todo Backup\bin\AliyunConfig.ini

MD5 eef5dc70c919ab5efd9d9ddef0e70c2e
SHA1 f2da964e46cceeb92b291a4f231002b4dae94364
SHA256 7d915840b3a2218145aa0a849311eb283f550d541b4b9dcd80f0906efd15d95b
SHA512 97fcca1033e57e27f940fe99826e9495822a4e5ee134bcf3dd830014cea6a9247adf19b08de8f2764c9f71754a3d2dad7ed671552865f30b20121faab17423aa

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DataFile.ini

MD5 a58a5d6b3b0bcb9621e2c9fd11e07f53
SHA1 2726c592a108df21249808d4367c4cef8395f98c
SHA256 99fb7b8e2f519e4171a3c6e33541f7c9832f2b60e0801eae81831f3184e245bd
SHA512 2c7abf612639402fd567de8883326d9d7a9d0b3f23eff106e2b20d344be722788755444b31787c9634ea8468283088b3889084b61efb3275c86ffd08ec38a1a5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 69d07c4755a7f58973bf3b5e223477f4
SHA1 461a8030f4a7f31c1d032bfda17042702e6c732e
SHA256 2eefcd41b5116b41570c723cfa8fbd45879273ebf07482184545d07f7b33a755
SHA512 649fa89a1cada541fb074b997350c6251c90094d6903b252da142d52be3193c63d2197d8f5013e59c94114efcaa0ddfadd2d4c7c58bfb09db014404bf8f0b4b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\S2JIM16M\www.easeus[1].xml

MD5 a6af0ad5ca378b84e16a42630b4124a2
SHA1 4f095410b0244d456e36a024faec8e29ecd6ac14
SHA256 2de389264367eeb5a34cebb8d45a6a8104e5bd4876d50fba04aab4cf5ba07c05
SHA512 f9cc3a1ba8f07ace1ab1265d658ca65fa5f1f1ff7b37263481d2ef8fda9c4abdb018cd1b33fbea0ec80c8b2d34a8bd5b2143eacf27510d1c5c549450a8ba04c5

C:\Program Files (x86)\EaseUS\Todo Backup\bin\DataFile.ini

MD5 bb702c118f7d62afe79d442a4027a192
SHA1 150ced8e382ffc934df81140a7865ef5c737dbcd
SHA256 f2fb1477ad8d0f37a7fd2f3cc506809290a633037db0097f9fe0e0201de75084
SHA512 1dc05c0ecd369669a367b0022679f9b7f013a02967d933408e65630e30d5c1b6ba99812d34a8ce0a444d4ddf580e31e1faec04a8914d0aa1313042abb4a91bf3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ALY1BV4Z\update.easeus[1].xml

MD5 cb8aa7aa79ec0917e4337b9f278ce567
SHA1 9b126c48b2f79fa052eab0f3f501f362cabc97bb
SHA256 ff5ae0649f8e69973b43e5bb70db395956f929000fe71f8b8cd86676ff5d030e
SHA512 e8cc788a1dbdee8c8ff103c38f9a79134c9158ffde4127bb1bfed4b78b32e1044fbd29de1e1914f3650254e1f0ac79c17530b5fe7ce2bf64b97af55a1f7af50e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QNE5G42Q\auc_easeus[1].js

MD5 f862478dab963aba87a2d6b17e1c643a
SHA1 1a5bc05fa269a263de2742f5c81059c774a8f3a8
SHA256 448d305ad6e8d6b57c5e4d37afbf26c77bcf2c2548e1fe462772757ee6ccbbe1
SHA512 3fbeaf08578218e0df95cfd85bd9976d60d8b2333ef7d970744bd456717808555ef86bf078b5e9b55cfdcc1b5e81fa04490a9e064146edfc769dde4f2083848d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QNE5G42Q\firebase[1].js

MD5 5c7c77b92a17d16b230842e51aea5b24
SHA1 ef3ab26e73a8634103be51dc1f04544a3ebcae8f
SHA256 54b72ffa6f1231308e4597eaa9124bae6bea356daee51f7e3a3e41fd61f1a21f
SHA512 cc310d77ce4854d8357c26f94e320c049a274766aadf5e7b9750815ebc223c952122b937af5a96b41ec4de0f738d7f4bbd6dc862d80af312e80f0749df1af330

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ALY1BV4Z\update.easeus[1].xml

MD5 e6996dd1e030d7dd521b4bb99246c789
SHA1 628b7cb7231cad3aa241e7d7549c4987d9c923eb
SHA256 9cfe73d04762a019c9bccf3bb3e194485eebaa52dc124a1d393db4135a94e09b
SHA512 bb35a653605f1b342a1c944612bf1e6fbc89b34ba175792ae514a593178ecd01fc0004fc68060810cee39791ee61f71a758560083e0da724cc1044f85b9e1665

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Schedule\euimgprt.ini

MD5 6dc557e140ff4a8d900383caf7b79104
SHA1 0498f97b3edee3b9cbfa49dda6ab955399f3b8d9
SHA256 63e40a611ab4ca26cdab0385e73a4ee1a6ce69664778d6214049519a312a79ad
SHA512 c93c753531eda77047ef2ed26ea7d9ae0343359b6eb1a2b3f43c6d59ce50df0b51e1096d87c1754453936774bd6abd21cf4459384a611da8cd32d3d2dc8bf100

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Schedule\TbLogsysClient.tblog

MD5 1982d70461c6978205501e709e7b9ba8
SHA1 4d59b91feef029e2042efc7d192edeec5ace018b
SHA256 c0e5ef303f03d4346647a4ac11303b6eb7fb00309b96c802d0572c014b6669e5
SHA512 0f586c27c6041037b1be4feca349bfaccab518b7d08b7ce51483f8ec70b4390361db256fa3e9943914eeb7e47472ba8a95077eb5cc4c4fe650b67ad8ac9dd40f

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Schedule\euimgprt.ini

MD5 967caba4b4d7b8a5e3533e6724aed799
SHA1 69291c2ec1a800520ebea7592f32dc9b9a679b9b
SHA256 cd0dee919ca003fb9a8d64484e38560b998729bde92a60c02d446d1c3c3dfd33
SHA512 c78adb8a772284536756292d3f1d5a69951e83756d86f876d8d7c181712a211811f293fad73c039574fcd913c0f9d8a0fb13868e9ddb2e8464048e8cc3c45ccd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ALY1BV4Z\update.easeus[1].xml

MD5 76d245b6fc13acc413a4680cf6465437
SHA1 c7e0a9a3abbc3da6f0d24a08b0f18ec496d0ae33
SHA256 e8765c71f872aa6ee38f964337e12df2f7dfdfb78105357409437a6e341da9d4
SHA512 4f2cb80a04dd42d1c5488372679f441f940cb6f31b586173e44e0dc0dc05a9f7b42cae60dae4a8104e506153c03f77dd13fb28c466992966903e038077985df4

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 4a1cb4ed89c4661bbe9ca54dcbbaa406
SHA1 f82e52a9e2270a723359339fab8592a507aaafa2
SHA256 e22b27def1c2d6fe73960f78ba7037d5347038c2ddcc1297c6c3bc223ce78703
SHA512 3fc99666f667352e0eaf3c0c66546c3b290da9d562e5529516bb3f46b7b61bcc5034fa1dc9878df5ce6ffb5f0c0b64c7e26bfeaa6d3a7f0a3c5524e5541e8437

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 88ebb56fbaf39c9b54d3d1e4db54b94c
SHA1 e0c84e6055f15ef971613e477c437e8e17fbd48b
SHA256 8ecdf9ced3fff2694fa5aadceb9206f6ba9504e372c459bcc3c9c40529c31d5a
SHA512 e6b4bd781f7c863023400d8337680aea36c42eb7284d5e69974b22cfd3fa7a407e21e65af127471c7cf40e6bb933e75ea7726d80eef9035c7b91d87ca0aecacd

C:\Program Files (x86)\EaseUS\Todo Backup\res\UIConfig.ini

MD5 fff71b18160e497d4b3b7c15bd4f8207
SHA1 08260af7e808efb33868a7b4c6cd705639289e01
SHA256 08d2d42a46a5974d84e50be4f8b06f7f6fe6d6344b2071799f28b7843e7655bd
SHA512 4bf0646d36d16f2268de7b419e150771fe3d7acca98de1e490ef70358fdb9a739e9ec27b8a8b6a132dc3f62ab494c2c9aa81f90152284e9c7b11056ee907f98b

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\res\UIConfig.ini

MD5 11ac3f2aeb512bb6884489436d0aff02
SHA1 5ed061c3e6f439315b6549e0f40649493d679d04
SHA256 92e138168b355aa49b3a18226d5b3698d5a82c722cc1ad7b24b81cf9cb04d72d
SHA512 0619d70aa4853d9fc7ef83f209fdd8a468554c796a4c75925a1853a86ffd212bb47e60ed4984410780da5d064ad1c0f0dc3462c09b82d81d336d190adb8c9ed4

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\DataFile.ini

MD5 88c14d8a5d294394bda40b95d5cddd89
SHA1 ec30616ce8e615626d76bad1f1660b613ee029a4
SHA256 5407e93de1bc778bd8ba391513a2a93f7898a19ee0efc47fdcdc2c371f9f73d8
SHA512 84e52f0f4dec624649bb2879103cccbf191b12f920cd3d04abe03abc187948584412d6012f3c9966ca2b3e38c3d5ee7038594946bd852f8b51e0409e00e4ecba

C:\Users\Admin\AppData\Roaming\EaseUSDiskCopy6.0.2\Trial\bin\tmp_log.log

MD5 3f4eff3b80c17800285e9cea0600dba9
SHA1 391ca132d55660766f5a17ab41bdb66dacbfe35f
SHA256 0d67b43feeaf1f222728d0679835167097368ed8a8fd1deb5ec14d95fa6c0949
SHA512 620960e517560191294ff7492ca18cb4f1a57345c957b798ec4b136705e6c726b72325050344b09abef9b34dba21b2c6859307860063d1348b6530a25b5f1678

C:\ProgramData\EaseUS\TrayNotify\trayConfig.ini

MD5 5eb0753be84d470be0248f5d14350b41
SHA1 aa16523286a8f2d0f9962a3a4369129cd138bc3b
SHA256 d1d06a3652741bc7202dd2222ddce32b9274e48ae457bbdc950d8bf63243f2e0
SHA512 25e233811c3f47b755db5e349512219409e5e5ebcc46e81da45b362a07bac5d882bbd310babb4973ab52c8f6be60d214f0abf42889b29c1fea6fd2c79cc4f926

C:\Program Files (x86)\EaseUS\Todo Backup\bin\default.ini.lock

MD5 343cd26910772c3fca154093e47e5d57
SHA1 a1ea99d9ed8d2f8381a31d0bdc74c0c2c3199339
SHA256 337f1e979ce64d65ba8206d2287dafc28c49fe7644e49ccf7192a310b1c26aad
SHA512 4a931cfdf70a68a440c77257a828f443ab4877f681deefb4883f40ccb50f788c296d613113fee01b0842525de25c5398ad88df3ef04b034615c89f319535f63b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB7FCB2E0B758DC47.TMP

MD5 d3cdb7663712ddb6ef5056c72fe69e86
SHA1 f08bf69934fb2b9ca0aba287c96abe145a69366c
SHA256 3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15
SHA512 c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 162400e019b592f04d690261bd11ab3d
SHA1 235043e9b4810178d194e6c8b26efcc43466b043
SHA256 f64852e441f73490e9db157089394e558a23463b65679ae6458b25fc2ffd3dd5
SHA512 9a039ec6474a95c79503d552e88a89b793f1024f415c7743281be5f8dc2e2b8d5d855f9bd7f60112df4acb9defe85287a1ad1320d364e0c6337893cccebd5e6d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

MD5 65e6beba1443276357471a585f507244
SHA1 3a7f1dea622d4f15870cde9959575ed44bec4458
SHA256 607cf3f42672a4ccb49b52d2a6469ad675adc39d3a3036b0b6638f1aa9ed0aa8
SHA512 2fc4935e4a8d1dac406a58d4d60c5840ff1275cab5d5eff8372a7989b9ab1382babdced4a54e267a56b859359130b31219dfe35a3554c2fe516070b868163f5a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MOQY2KJ2\microsoft.windows[1].xml

MD5 84b7c4690f63511549fcd09051686efb
SHA1 fe3af98a7c3ec1df582e49c5068ac693c5fab153
SHA256 b27285d3ba18f60ed462a22a42ad437f0902b9af242019978bd9708dd20dc41c
SHA512 8787a0411eca8a8aec6a7341ff306e8ef1031e63d40ee41c8f2cba39f845ff123b9cc3862016b254e880c31d347aa56d6deb9b62137c9958a002bacd58310ccf

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-09 12:48

Reported

2024-08-09 13:19

Platform

win10v2004-20240802-en

Max time kernel

1799s

Max time network

1140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.fcofix.org udp
US 172.67.202.35:443 api.fcofix.org tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 35.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 96.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-09 12:48

Reported

2024-08-09 13:19

Platform

win11-20240802-en

Max time kernel

1799s

Max time network

1488s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe

"C:\Users\Admin\AppData\Local\Temp\MSEdgeRedirect.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.fcofix.org udp
US 104.21.69.4:443 api.fcofix.org tcp
US 8.8.8.8:53 4.69.21.104.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A