Malware Analysis Report

2024-12-07 02:47

Sample ID 241111-rth5zatlhl
Target rufus-4.6p.exe
SHA256 8279696c1d78b14618500e9135886a3667b9decc65946f3729002e4bfdbb20ab
Tags
upx wannacry defense_evasion discovery evasion execution impact motw persistence phishing ransomware spyware stealer trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8279696c1d78b14618500e9135886a3667b9decc65946f3729002e4bfdbb20ab

Threat Level: Known bad

The file rufus-4.6p.exe was found to be: Known bad.

Malicious Activity Summary

upx wannacry defense_evasion discovery evasion execution impact motw persistence phishing ransomware spyware stealer trojan worm

Wannacry family

Wannacry

Deletes shadow copies

Modifies file permissions

A potential corporate email address has been identified in the URL: [email protected]

Drops startup file

A potential corporate email address has been identified in the URL: [email protected]

Enumerates connected drives

Downloads MZ/PE file

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Legitimate hosting services abused for malware hosting/C2

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Sets desktop wallpaper using registry

YARA rule for Mozi IoT Botnet

Drops file in Program Files directory

Drops file in Windows directory

Executes dropped EXE

Loads dropped DLL

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Checks whether UAC is enabled

Reads user/profile data of web browsers

NTFS ADS

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Modifies registry key

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-11 14:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-11 14:29

Reported

2024-11-11 14:46

Platform

win10ltsc2021-20241023-en

Max time kernel

1049s

Max time network

1051s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe"

Signatures

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDEA1A.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDEA31.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\crprhppmuiqza511 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\@[email protected] N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

YARA rule for Mozi IoT Botnet

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5e8a1874-db19-4786-b10d-8da069a95b46.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241111143034.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\logs\StorGroupPolicy.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\logs\StorGroupPolicy.log C:\Windows\system32\svchost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A

Browser Information Discovery

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A

Enumerates physical storage devices

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0\NodeSlot = "10" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1 = 78003100000000006b59ca741100557365727300640009000400efbe874f77486b59ca742e000000fd0100000000010000000000000000003a00000000000829150155007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000020000000300000001000000ffffffff C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000004000000000000000200000003000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4074627901-37362009-3519777259-1000\{BA6CE0BB-0C50-4104-844F-10EE5CC33389} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 02000000000000000300000001000000ffffffff C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0 = 84003100000000006b59cb741300444f574e4c4f7e3100006c0009000400efbe575938726b59cb742e00000004090400000002000000000000000000420000000000031f9f0044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 840350.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 170087.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4412 wrote to memory of 2276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 1540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2276 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe

"C:\Users\Admin\AppData\Local\Temp\rufus-4.6p.exe"

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a379abb-07a3-4216-acd0-6c65dc62660e} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4cceb2a-6264-4df0-8688-d1150e581dd0} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2728 -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2536 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced5137f-49ef-406d-8820-aec6befac05f} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -childID 2 -isForBrowser -prefsHandle 2704 -prefMapHandle 1524 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66bc6577-6760-445b-ada1-6ce267296598} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4836 -prefMapHandle 4832 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a408db5-646f-45dc-9172-9b82d6abc7fa} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b80f280-67a2-49e9-b9cb-f57e87acb853} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 4 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4531d724-49b2-409e-9213-4f867a7f0c77} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 5 -isForBrowser -prefsHandle 5848 -prefMapHandle 5844 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2605187-990f-46ba-8609-9498048499e1} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 6 -isForBrowser -prefsHandle 5972 -prefMapHandle 5976 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac9b3ab-3e96-4e1d-bac1-91d0e71cc0be} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff8ec7746f8,0x7ff8ec774708,0x7ff8ec774718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff673a35460,0x7ff673a35470,0x7ff673a35480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6728 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 245951731335897.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "crprhppmuiqza511" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "crprhppmuiqza511" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x300 0x408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8140 /prefetch:8

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7868 /prefetch:8

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7804 /prefetch:8

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,7034087329360190534,564570543998073982,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7428 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4644 -childID 7 -isForBrowser -prefsHandle 5200 -prefMapHandle 1252 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a901d067-fd57-43ab-8750-da7a78384f8a} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4976 -childID 8 -isForBrowser -prefsHandle 4048 -prefMapHandle 4740 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a86bcc0-c4ae-49e3-b5ba-c68b9471842a} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 9 -isForBrowser -prefsHandle 5868 -prefMapHandle 5584 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc7874d-9e53-4fc6-8c96-6146cab31df2} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 10 -isForBrowser -prefsHandle 6776 -prefMapHandle 6772 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {763c3522-8a2b-421a-84b9-b7c1f6d2a044} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7084 -parentBuildID 20240401114208 -prefsHandle 6756 -prefMapHandle 7096 -prefsLen 30911 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddf6545e-8e1b-4d0b-877c-a6e0a0518cfc} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7244 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7236 -prefMapHandle 7232 -prefsLen 30911 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bff7db0e-0bc3-4596-97ff-c08433688594} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7472 -childID 11 -isForBrowser -prefsHandle 7448 -prefMapHandle 7392 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b864d23e-e795-440f-8091-aaa56f64ffda} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7400 -childID 12 -isForBrowser -prefsHandle 7704 -prefMapHandle 7632 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de7cab1-5fac-4ef4-a5c3-8ae7f7dea31b} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6980 -childID 13 -isForBrowser -prefsHandle 6672 -prefMapHandle 7580 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb1c3c70-0f2a-4be3-983f-e0c8e35d8946} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7948 -childID 14 -isForBrowser -prefsHandle 7648 -prefMapHandle 6748 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b875acb3-0c83-4aec-9a59-c1a0f55696ba} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6824 -childID 15 -isForBrowser -prefsHandle 5856 -prefMapHandle 6700 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cffc8ad-e80f-439c-bf87-b4b79b5aee6b} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7956 -childID 16 -isForBrowser -prefsHandle 6800 -prefMapHandle 6816 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d704a422-efdd-4b48-971a-2dd05008929f} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8504 -childID 17 -isForBrowser -prefsHandle 8372 -prefMapHandle 8384 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {787dbbd1-7587-4cc9-881f-be0ab0fa4df9} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8120 -childID 18 -isForBrowser -prefsHandle 8132 -prefMapHandle 7976 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8197fb8-f9fd-4df3-b6d8-97f49ee4a699} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8828 -childID 19 -isForBrowser -prefsHandle 8824 -prefMapHandle 7068 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3238929b-a68f-4ff2-9b0d-89aab9462ad6} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8256 -childID 20 -isForBrowser -prefsHandle 7956 -prefMapHandle 5860 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7bbfffc-237b-408c-9a7e-44019594f993} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8784 -childID 21 -isForBrowser -prefsHandle 8084 -prefMapHandle 8112 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ed47b4-ab18-4f04-8ad0-dd2e15b36640} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8056 -childID 22 -isForBrowser -prefsHandle 9020 -prefMapHandle 9028 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2b300d8-41a4-4700-a247-562ff901e3ee} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9212 -childID 23 -isForBrowser -prefsHandle 8056 -prefMapHandle 9028 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3aa5c7e4-3a9a-4fdc-939d-b87c8b26f542} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8652 -childID 24 -isForBrowser -prefsHandle 6836 -prefMapHandle 8708 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fb5f73c-564c-4e63-8279-3039fc63871d} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9072 -childID 25 -isForBrowser -prefsHandle 8292 -prefMapHandle 7092 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ee765d1-94d1-4398-8478-8e976c630c03} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8808 -childID 26 -isForBrowser -prefsHandle 5168 -prefMapHandle 8348 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f316653-bb1a-4201-bc21-b3b71b589dd6} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8844 -childID 27 -isForBrowser -prefsHandle 8112 -prefMapHandle 9452 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dc7d734-260f-40d7-b8ae-b0ead8c742eb} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" tab

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
N/A 127.0.0.1:49856 tcp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 149.234.200.54.in-addr.arpa udp
N/A 127.0.0.1:49867 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 92.123.128.139:443 www.bing.com tcp
GB 92.123.128.139:443 www.bing.com tcp
US 8.8.8.8:53 139.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigl6ned.gvt1.com udp
GB 173.194.183.71:443 r2---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigl6ned.gvt1.com udp
GB 173.194.183.71:443 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 71.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.185:443 th.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 175.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 linuxmint.com udp
US 192.124.249.53:443 linuxmint.com tcp
US 192.124.249.53:443 linuxmint.com tcp
US 8.8.8.8:53 www.linuxmint.com udp
US 8.8.8.8:53 53.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 mirrors.cicku.me udp
US 104.18.130.116:443 mirrors.cicku.me tcp
US 104.18.130.116:443 mirrors.cicku.me tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 116.130.18.104.in-addr.arpa udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
RO 37.221.162.226:9001 tcp
US 154.35.175.225:443 tcp
N/A 127.0.0.1:53531 tcp
SE 171.25.193.9:80 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
FR 78.138.98.42:9001 tcp
US 8.8.8.8:53 42.98.138.78.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.164:443 th.bing.com tcp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 reviewed.app udp
US 50.31.176.119:443 reviewed.app tcp
US 50.31.176.119:443 reviewed.app tcp
US 50.31.176.119:443 reviewed.app udp
US 8.8.8.8:53 unpkg.com udp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 119.176.31.50.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.29.10:443 bat.bing.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 10.29.171.150.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.212.194:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 216.58.212.206:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 172.217.16.226:443 partner.googleadservices.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 216.58.212.206:443 syndicatedsearch.goog udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 216.58.201.110:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 clients1.google.com udp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 afs.googleusercontent.com udp
GB 216.58.213.1:443 afs.googleusercontent.com tcp
GB 216.58.213.1:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 pcappstore.com udp
US 142.93.198.240:443 pcappstore.com tcp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.198.93.142.in-addr.arpa udp
US 142.93.198.240:443 pcappstore.com tcp
US 142.93.198.240:443 pcappstore.com tcp
US 142.93.198.240:443 pcappstore.com tcp
US 142.93.198.240:443 pcappstore.com tcp
US 142.93.198.240:443 pcappstore.com tcp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
US 142.93.198.240:443 pcappstore.com tcp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 181.127.35.161.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
IN 142.250.199.195:443 csi.gstatic.com tcp
IN 142.250.199.195:443 csi.gstatic.com tcp
US 8.8.8.8:53 repcdn.pcapp.store udp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
US 8.8.8.8:53 195.199.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.2.93.185.in-addr.arpa udp
US 50.31.176.119:443 reviewed.app udp
GB 216.58.201.110:443 clients1.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 x.urs.microsoft.com udp
GB 172.165.61.93:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 p4-fq7eh5bgyyytk-kmutmagfsckf6agm-if-v6exp3-v4.metric.gstatic.com udp
GB 142.250.180.3:443 p4-fq7eh5bgyyytk-kmutmagfsckf6agm-if-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.180.3:443 p4-fq7eh5bgyyytk-kmutmagfsckf6agm-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 92.123.128.138:443 r.bing.com tcp
US 8.8.8.8:53 138.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 en.breakflip.net udp
US 104.21.77.72:443 en.breakflip.net tcp
US 104.21.77.72:443 en.breakflip.net tcp
US 8.8.8.8:53 www.flashb.id udp
US 8.8.8.8:53 fastcmp.com udp
US 8.8.8.8:53 cdn.viously.com udp
US 104.18.28.119:443 www.flashb.id tcp
US 104.18.9.229:443 fastcmp.com tcp
US 8.8.8.8:53 assets.respawn.fr udp
US 104.22.43.169:443 cdn.viously.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.pushmaster-cdn.xyz udp
US 104.21.8.192:443 assets.respawn.fr tcp
US 104.26.14.80:443 cdn.pushmaster-cdn.xyz tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 72.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 119.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 229.9.18.104.in-addr.arpa udp
US 8.8.8.8:53 169.43.22.104.in-addr.arpa udp
US 8.8.8.8:53 192.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.14.26.104.in-addr.arpa udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 sonar.viously.com udp
US 8.8.8.8:53 sync.sparteo.com udp
GB 151.101.188.157:443 platform.twitter.com tcp
US 104.18.31.80:443 sync.sparteo.com tcp
FR 185.141.128.150:443 sonar.viously.com tcp
US 8.8.8.8:53 e.viously.com udp
FR 185.141.128.152:443 e.viously.com tcp
FR 185.141.128.152:443 e.viously.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 150.128.141.185.in-addr.arpa udp
US 8.8.8.8:53 80.31.18.104.in-addr.arpa udp
US 8.8.8.8:53 152.128.141.185.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
US 104.21.77.72:443 en.breakflip.net tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
GB 2.23.204.244:443 ads.pubmatic.com tcp
US 104.18.36.155:443 ssum.casalemedia.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 244.204.23.2.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 pbsj.bricks-co.com udp
US 104.18.18.35:443 pbsj.bricks-co.com tcp
US 104.18.18.35:443 pbsj.bricks-co.com tcp
US 104.18.18.35:443 pbsj.bricks-co.com tcp
US 104.18.18.35:443 pbsj.bricks-co.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
DE 148.251.20.73:443 sync.richaudience.com tcp
IE 52.48.27.149:443 ad.360yield.com tcp
NL 89.149.192.197:443 ssbsync-global.smartadserver.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 148.251.20.73:443 sync.richaudience.com tcp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 36.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 35.18.18.104.in-addr.arpa udp
US 8.8.8.8:53 57.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 197.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 149.27.48.52.in-addr.arpa udp
US 8.8.8.8:53 73.20.251.148.in-addr.arpa udp
US 8.8.8.8:53 gum.aidemsrv.com udp
DE 52.85.92.32:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.18.7.198:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 52.44.40.191:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 player.aniview.com udp
DE 51.89.9.251:443 onetag-sys.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 2.19.117.84:443 player.aniview.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 50.17.90.156:443 api-2-0.spot.im tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 sync.aniview.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 64.74.236.95:443 b1sync.zemanta.com tcp
US 64.74.236.95:443 b1sync.zemanta.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 23.192.21.141:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 172.240.45.96:443 sync.aniview.com tcp
NL 35.214.179.225:443 csync.loopme.me tcp
US 54.88.211.52:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 sync-service.net udp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 rtb.bid.com udp
IE 34.243.22.248:443 ap.lijit.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
NL 35.214.179.225:443 csync.loopme.me tcp
US 8.8.8.8:53 id.rlcdn.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
IE 52.31.108.193:443 jadserve.postrelease.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 32.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 198.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 191.40.44.52.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 141.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 156.90.17.50.in-addr.arpa udp
US 8.8.8.8:53 95.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 52.211.88.54.in-addr.arpa udp
US 8.8.8.8:53 248.22.243.34.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 bttrack.com udp
DE 18.155.153.108:80 crt.rootg2.amazontrust.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 193.108.31.52.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 108.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 prebidtest.zemanta.com udp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
DK 37.157.5.141:443 c1.adform.net tcp
GB 2.23.220.28:443 hbx.media.net tcp
US 104.22.30.209:443 csync.smilewanted.com tcp
US 172.67.36.125:443 prebidtest.zemanta.com tcp
US 8.8.8.8:53 ce.lijit.com udp
DE 18.155.145.63:443 s.ad.smaato.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
IE 52.214.230.24:443 ce.lijit.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 125.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 63.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 141.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 24.230.214.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 client.wns.windows.com udp
GB 20.90.153.243:443 client.wns.windows.com tcp
US 8.8.8.8:53 in.pushmaster-in.xyz udp
SE 13.53.155.131:443 in.pushmaster-in.xyz tcp
US 8.8.8.8:53 243.153.90.20.in-addr.arpa udp
US 8.8.8.8:53 131.155.53.13.in-addr.arpa udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 sync.inmobi.com udp
FR 163.5.194.30:443 prebid.a-mo.net tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 20.33.55.12:443 sync.inmobi.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 20.33.55.12:443 sync.inmobi.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 30.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 72.200.67.103.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 12.55.33.20.in-addr.arpa udp
FR 185.141.128.152:443 e.viously.com tcp
US 8.8.8.8:53 girhub.com udp
US 173.239.5.6:80 girhub.com tcp
US 173.239.5.6:80 girhub.com tcp
US 8.8.8.8:53 6.5.239.173.in-addr.arpa udp
US 8.8.8.8:53 srchassist.com udp
US 165.22.38.5:80 srchassist.com tcp
US 165.22.38.5:80 srchassist.com tcp
US 8.8.8.8:53 todolistchecker.com udp
US 64.225.9.194:443 todolistchecker.com tcp
US 64.225.9.194:443 todolistchecker.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 5.38.22.165.in-addr.arpa udp
US 8.8.8.8:53 194.9.225.64.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.17:443 csp.withgoogle.com tcp
US 34.1.233.117:443 csync.loopme.me tcp
US 34.1.233.117:443 csync.loopme.me tcp
US 8.8.8.8:53 17.200.250.142.in-addr.arpa udp
NL 35.214.176.79:443 csync.loopme.me tcp
NL 35.214.176.79:443 csync.loopme.me tcp
US 8.8.8.8:53 microsoftedge.microsoft.com udp
US 13.107.6.203:443 microsoftedge.microsoft.com tcp
US 13.107.6.203:443 microsoftedge.microsoft.com tcp
US 8.8.8.8:53 edgestorewebpme.azureedge.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 13.107.253.65:443 edgestorewebpme.azureedge.net tcp
US 8.8.8.8:53 extensions-loader.azurewebsites.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 statics-marketingsites-eas-ms-com.akamaized.net udp
US 8.8.8.8:53 203.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 93.22.192.23.in-addr.arpa udp
US 8.8.8.8:53 65.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 13.107.253.65:443 mem.gfx.ms tcp
US 13.107.253.65:443 mem.gfx.ms tcp
US 13.107.253.65:443 mem.gfx.ms tcp
US 13.107.253.65:443 mem.gfx.ms tcp
US 13.107.253.65:443 mem.gfx.ms tcp
US 13.107.253.65:443 mem.gfx.ms tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.253.65:443 mem.gfx.ms tcp
US 13.107.246.65:443 js.monitor.azure.com tcp
US 8.8.8.8:53 163.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 ratingsedge.rnr.microsoft.com udp
IE 40.69.197.87:443 ratingsedge.rnr.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 13.107.246.65:443 acctcdn.msauth.net tcp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 49.22.192.23.in-addr.arpa udp
US 8.8.8.8:53 87.197.69.40.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
IE 20.50.80.209:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 104.208.16.91:443 browser.events.data.microsoft.com tcp
US 104.208.16.91:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
US 34.1.239.18:443 csync.loopme.me tcp
US 34.1.239.18:443 csync.loopme.me tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 extensions-loader.azurewebsites.net udp
US 173.239.5.6:80 girhub.com tcp
US 173.239.5.6:80 girhub.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 ww9.girhub.com udp
US 76.223.26.96:80 ww9.girhub.com tcp
US 76.223.26.96:80 ww9.girhub.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 c.parkingcrew.net udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 ifdnzact.com udp
US 8.8.8.8:53 www.afternic.com udp
US 208.91.196.46:80 ifdnzact.com tcp
US 8.8.8.8:53 30.178.53.185.in-addr.arpa udp
US 8.8.8.8:53 96.26.223.76.in-addr.arpa udp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 46.196.91.208.in-addr.arpa udp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 microsoftedge.msiserver.lan udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 microsoftedge.msiserver.lan udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 www.mydomainbuy.com udp
IE 108.129.65.43:80 www.mydomainbuy.com tcp
IE 108.129.65.43:443 www.mydomainbuy.com tcp
US 8.8.8.8:53 43.65.129.108.in-addr.arpa udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 girhub.com udp
US 173.239.5.6:80 girhub.com tcp
US 173.239.5.6:80 girhub.com tcp
US 8.8.8.8:53 girhub.com udp
US 8.8.8.8:53 ww9.girhub.com udp
US 76.223.26.96:80 ww9.girhub.com tcp
US 8.8.8.8:53 888950.parkingcrew.net udp
US 8.8.8.8:53 888950.parkingcrew.net udp
US 8.8.8.8:53 c.parkingcrew.net udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 c.parkingcrew.net udp
US 8.8.8.8:53 ifdnzact.com udp
US 208.91.196.46:80 ifdnzact.com tcp
US 8.8.8.8:53 ifdnzact.com udp
US 8.8.8.8:53 www.afternic.com udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
GB 95.100.104.16:443 e126871.dsca.akamaiedge.net tcp
US 8.8.8.8:53 16.104.100.95.in-addr.arpa udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 c.parkingcrew.net udp
US 208.91.196.46:80 ifdnzact.com tcp
US 173.239.5.6:80 girhub.com tcp
US 173.239.5.6:80 girhub.com tcp
DE 185.53.178.30:80 c.parkingcrew.net tcp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 208.91.196.46:80 ifdnzact.com tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.213.17:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.17:443 csp.withgoogle.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 17.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.65:443 tpc.googlesyndication.com tcp
GB 172.217.169.65:443 tpc.googlesyndication.com tcp
GB 172.217.169.65:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.169.65:443 tpc.googlesyndication.com udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 id.google.com udp
GB 216.58.213.17:443 csp.withgoogle.com udp
US 142.250.72.163:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 163.72.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 142.250.72.163:443 id.google.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.10bestvpn.co.uk udp
US 107.180.118.47:443 www.10bestvpn.co.uk tcp
US 8.8.8.8:53 10bestvpn.co.uk udp
US 8.8.8.8:53 10bestvpn.co.uk udp
US 107.180.118.47:443 10bestvpn.co.uk tcp
US 8.8.8.8:53 47.118.180.107.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 156.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 www.cyberghostvpn.com udp
US 104.20.175.46:443 www.cyberghostvpn.com tcp
US 8.8.8.8:53 www.cyberghostvpn.com udp
US 8.8.8.8:53 www.cyberghostvpn.com udp
US 104.20.175.46:443 www.cyberghostvpn.com udp
US 8.8.8.8:53 46.175.20.104.in-addr.arpa udp
US 8.8.8.8:53 s3.eu-west-1.amazonaws.com udp
IE 52.92.36.200:443 s3.eu-west-1.amazonaws.com tcp
US 8.8.8.8:53 s3.eu-west-1.amazonaws.com udp
US 8.8.8.8:53 lplandmedia.supreme.tools udp
US 104.18.8.46:443 lplandmedia.supreme.tools tcp
US 104.18.8.46:443 lplandmedia.supreme.tools tcp
US 104.18.8.46:443 lplandmedia.supreme.tools tcp
US 104.18.8.46:443 lplandmedia.supreme.tools tcp
US 8.8.8.8:53 lplandmedia.supreme.tools udp
US 8.8.8.8:53 s3.eu-west-1.amazonaws.com udp
US 104.18.8.46:443 lplandmedia.supreme.tools tcp
US 104.18.8.46:443 lplandmedia.supreme.tools tcp
US 8.8.8.8:53 200.36.92.52.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 assets.cyberghostvpn.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 lplandmedia.supreme.tools udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 assets.cyberghostvpn.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.20.1.14:443 assets.cyberghostvpn.com tcp
US 8.8.8.8:53 cdn.mouseflow.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.20.1.14:443 assets.cyberghostvpn.com tcp
US 104.20.1.14:443 assets.cyberghostvpn.com tcp
US 8.8.8.8:53 assets.cyberghostvpn.com udp
US 8.8.8.8:53 cdn.mouseflow.com.cdn.cloudflare.net udp
US 104.18.8.46:443 lplandmedia.supreme.tools udp
US 8.8.8.8:53 cdn.mouseflow.com.cdn.cloudflare.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.20.1.14:443 assets.cyberghostvpn.com udp
US 8.8.8.8:53 kapetracking.com udp
US 45.55.107.35:443 kapetracking.com tcp
US 8.8.8.8:53 kapetracking.com udp
US 8.8.8.8:53 kapetracking.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 104.18.26.50:443 cdn.mouseflow.com.cdn.cloudflare.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api.usercentrics.eu udp
US 8.8.8.8:53 46.8.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 14.1.20.104.in-addr.arpa udp
US 8.8.8.8:53 35.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 50.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 api.usercentrics.eu udp
US 35.241.3.184:443 api.usercentrics.eu tcp
US 35.241.3.184:443 api.usercentrics.eu tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 104.18.26.50:443 cdn.mouseflow.com.cdn.cloudflare.net udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 35.241.3.184:443 api.usercentrics.eu udp
GB 216.58.204.67:443 www.google.co.uk udp
US 35.241.3.184:443 api.usercentrics.eu udp
US 8.8.8.8:53 app.usercentrics.eu udp
US 35.190.14.188:443 app.usercentrics.eu tcp
US 35.190.14.188:443 app.usercentrics.eu tcp
US 8.8.8.8:53 app.usercentrics.eu udp
US 8.8.8.8:53 app.usercentrics.eu udp
US 35.190.14.188:443 app.usercentrics.eu udp
US 8.8.8.8:53 aggregator.service.usercentrics.eu udp
US 34.120.28.121:443 aggregator.service.usercentrics.eu tcp
US 34.120.28.121:443 aggregator.service.usercentrics.eu tcp
US 8.8.8.8:53 aggregator.service.usercentrics.eu udp
US 8.8.8.8:53 aggregator.service.usercentrics.eu udp
US 8.8.8.8:53 184.3.241.35.in-addr.arpa udp
US 8.8.8.8:53 121.28.120.34.in-addr.arpa udp
US 34.120.28.121:443 aggregator.service.usercentrics.eu udp
US 8.8.8.8:53 graphql.usercentrics.eu udp
US 34.120.238.166:443 graphql.usercentrics.eu tcp
US 34.120.238.166:443 graphql.usercentrics.eu tcp
US 8.8.8.8:53 graphql.usercentrics.eu udp
US 8.8.8.8:53 graphql.usercentrics.eu udp
US 34.120.238.166:443 graphql.usercentrics.eu udp
US 8.8.8.8:53 166.238.120.34.in-addr.arpa udp
US 34.120.238.166:443 graphql.usercentrics.eu udp
US 8.8.8.8:53 consents.usercentrics.eu udp
US 34.117.78.32:443 consents.usercentrics.eu tcp
US 8.8.8.8:53 consents.usercentrics.eu udp
US 34.117.78.32:443 consents.usercentrics.eu tcp
US 8.8.8.8:53 consents.usercentrics.eu udp
US 34.117.78.32:443 consents.usercentrics.eu udp
US 34.120.28.121:443 aggregator.service.usercentrics.eu udp
US 8.8.8.8:53 32.78.117.34.in-addr.arpa udp
US 8.8.8.8:53 www.clickcease.com udp
US 8.8.8.8:53 d2no1x7oj2rkdb.cloudfront.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
DE 54.230.206.12:443 d2no1x7oj2rkdb.cloudfront.net tcp
US 8.8.8.8:53 d2no1x7oj2rkdb.cloudfront.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 12.206.230.54.in-addr.arpa udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com tcp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.afternic.com udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
GB 95.100.104.30:443 e126871.dsca.akamaiedge.net tcp
US 8.8.8.8:53 30.104.100.95.in-addr.arpa udp
US 8.8.8.8:53 upera.com udp
US 8.8.8.8:53 www.upera.com udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.213.17:443 csp.withgoogle.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 173.239.5.6:80 girhub.com tcp
US 8.8.8.8:53 girhub.com udp
US 8.8.8.8:53 ww9.girhub.com udp
US 76.223.26.96:80 ww9.girhub.com tcp
US 8.8.8.8:53 888950.parkingcrew.net udp
US 8.8.8.8:53 888950.parkingcrew.net udp
US 8.8.8.8:53 c.parkingcrew.net udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 c.parkingcrew.net udp
US 8.8.8.8:53 c.parkingcrew.net udp
US 208.91.196.46:80 ifdnzact.com tcp
US 8.8.8.8:53 ifdnzact.com udp
US 8.8.8.8:53 www.afternic.com udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
GB 216.58.212.246:443 i.ytimg.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.213.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 otx.alienvault.com udp
DE 52.85.92.126:443 otx.alienvault.com tcp
US 8.8.8.8:53 otx.alienvault.com udp
US 8.8.8.8:53 otx.alienvault.com udp
DE 52.85.92.126:443 otx.alienvault.com tcp
DE 52.85.92.126:443 otx.alienvault.com tcp
DE 52.85.92.126:443 otx.alienvault.com tcp
DE 52.85.92.126:443 otx.alienvault.com tcp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 sjrtp3-cdn.marketo.com udp
US 8.8.8.8:53 cdn.walkme.com udp
US 8.8.8.8:53 cdn.bizible.com udp
US 8.8.8.8:53 cdn5.alienvault.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 23.44.65.252:443 cdn.walkme.com tcp
US 8.8.8.8:53 e12923.a.akamaiedge.net udp
FR 152.195.15.58:443 cdn.bizible.com tcp
US 8.8.8.8:53 fp2c5c.wac.kappacdn.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 104.16.64.67:443 cdn5.alienvault.com tcp
US 8.8.8.8:53 cdn5.alienvault.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 e12923.a.akamaiedge.net udp
US 8.8.8.8:53 fp2c5c.wac.kappacdn.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn5.alienvault.com udp
US 8.8.8.8:53 e8999.b.akamaiedge.net udp
US 8.8.8.8:53 cdn-cybersecurity.att.com udp
DE 18.155.145.20:443 cdn-cybersecurity.att.com tcp
US 8.8.8.8:53 d2tobj9dlmyzd8.cloudfront.net udp
US 8.8.8.8:53 d2tobj9dlmyzd8.cloudfront.net udp
DE 52.85.92.126:443 otx.alienvault.com tcp
US 8.8.8.8:53 252.65.44.23.in-addr.arpa udp
US 8.8.8.8:53 67.64.16.104.in-addr.arpa udp
US 8.8.8.8:53 20.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.bizibly.com udp
FR 152.195.15.58:443 cdn.bizibly.com tcp
GB 2.19.117.135:443 a1916.dscg2.akamai.net tcp
GB 23.43.66.156:443 e8999.b.akamaiedge.net tcp
DE 18.155.153.43:443 cdn.amplitude.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
US 8.8.8.8:53 135.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 156.66.43.23.in-addr.arpa udp
US 8.8.8.8:53 43.153.155.18.in-addr.arpa udp
US 44.237.188.58:443 api.amplitude.com tcp
US 44.237.188.58:443 api.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 58.188.237.44.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 17ebook.com udp
US 208.91.196.152:80 17ebook.com tcp
US 208.91.196.152:80 17ebook.com tcp
US 8.8.8.8:53 17ebook.com udp
US 8.8.8.8:53 17ebook.com udp
US 8.8.8.8:53 152.196.91.208.in-addr.arpa udp
US 208.91.196.152:80 17ebook.com tcp
US 208.91.196.152:80 17ebook.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.213.17:443 csp.withgoogle.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 proxyscrape.com udp
US 104.18.13.254:443 proxyscrape.com tcp
US 8.8.8.8:53 proxyscrape.com udp
US 8.8.8.8:53 proxyscrape.com udp
US 104.18.13.254:443 proxyscrape.com udp
US 8.8.8.8:53 cdn.proxyscrape.com udp
US 104.18.12.233:443 cdn.proxyscrape.com tcp
US 8.8.8.8:53 cdn.proxyscrape.com udp
US 8.8.8.8:53 cdn.proxyscrape.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
DE 52.222.191.16:443 widget.trustpilot.com tcp
US 8.8.8.8:53 embed.typeform.com udp
DE 52.222.191.56:443 embed.typeform.com tcp
US 8.8.8.8:53 d3n2zv395ut2nb.cloudfront.net udp
US 8.8.8.8:53 d3n2zv395ut2nb.cloudfront.net udp
US 8.8.8.8:53 233.12.18.104.in-addr.arpa udp
US 8.8.8.8:53 16.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 56.191.222.52.in-addr.arpa udp
DE 52.222.191.56:443 d3n2zv395ut2nb.cloudfront.net udp
US 8.8.8.8:53 api.proxyscrape.com udp
US 104.18.11.5:443 api.proxyscrape.com tcp
US 8.8.8.8:53 api.proxyscrape.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 consent.cookiebot.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 api.proxyscrape.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 script.tapfiliate.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 cdn-4.convertexperiments.com udp
US 8.8.8.8:53 cdn.userway.org udp
US 8.8.8.8:53 js-eu1.hs-scripts.com udp
US 8.8.8.8:53 assets.apollo.io udp
US 8.8.8.8:53 eu-assets.i.posthog.com udp
GB 95.100.104.20:443 consent.cookiebot.com tcp
US 8.8.8.8:53 e110990.dsca.akamaiedge.net udp
DE 54.230.206.122:443 script.tapfiliate.com tcp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 script.tapfiliate.com udp
FR 185.93.2.11:443 cdn.userway.org tcp
GB 104.78.166.172:443 cdn-4.convertexperiments.com tcp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 172.67.2.155:443 assets.apollo.io tcp
US 104.22.59.181:443 eu-assets.i.posthog.com tcp
US 8.8.8.8:53 1667503734.rsc.cdn77.org udp
US 172.65.208.22:443 js-eu1.hs-scripts.com tcp
US 8.8.8.8:53 cdn.livechatinc.com udp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 e110990.dsca.akamaiedge.net udp
US 8.8.8.8:53 assets.apollo.io udp
US 8.8.8.8:53 eu-assets.i.posthog.com udp
US 8.8.8.8:53 2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 1667503734.rsc.cdn77.org udp
US 8.8.8.8:53 script.tapfiliate.com udp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 eu-assets.i.posthog.com udp
GB 2.16.247.142:443 cdn.livechatinc.com tcp
US 8.8.8.8:53 2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 assets.apollo.io udp
US 8.8.8.8:53 e39296.f.akamaiedge.net udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 e39296.f.akamaiedge.net udp
US 8.8.8.8:53 aplo-evnt.com udp
FR 185.93.2.11:443 cdn.userway.org tcp
US 8.8.8.8:53 js-eu1.hsadspixel.net udp
US 8.8.8.8:53 js-eu1.hscollectedforms.net udp
US 8.8.8.8:53 js-eu1.hs-banner.com udp
US 8.8.8.8:53 js-eu1.hs-analytics.net udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 api.livechatinc.com udp
US 34.107.133.146:443 aplo-evnt.com tcp
US 8.8.8.8:53 aplo-evnt.com udp
US 172.65.219.229:443 js-eu1.hsadspixel.net tcp
US 8.8.8.8:53 c23f1bb1b6d0420a94d3aeebea36c4c1.pacloudflare.com udp
US 172.65.192.122:443 js-eu1.hscollectedforms.net tcp
US 8.8.8.8:53 7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com udp
US 8.8.8.8:53 15e49451d4884c2582b2c780d1077dd0.pacloudflare.com udp
US 8.8.8.8:53 18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com udp
US 95.100.195.45:443 api.livechatinc.com tcp
US 8.8.8.8:53 e39296.b.akamaiedge.net udp
GB 104.78.173.108:443 consentcdn.cookiebot.com tcp
US 8.8.8.8:53 e3849.dsca.akamaiedge.net udp
US 8.8.8.8:53 aplo-evnt.com udp
US 8.8.8.8:53 18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com udp
US 8.8.8.8:53 c23f1bb1b6d0420a94d3aeebea36c4c1.pacloudflare.com udp
US 8.8.8.8:53 15e49451d4884c2582b2c780d1077dd0.pacloudflare.com udp
US 8.8.8.8:53 7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com udp
US 8.8.8.8:53 e39296.b.akamaiedge.net udp
US 8.8.8.8:53 e3849.dsca.akamaiedge.net udp
US 8.8.8.8:53 5.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 122.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 20.104.100.95.in-addr.arpa udp
US 8.8.8.8:53 155.2.67.172.in-addr.arpa udp
US 8.8.8.8:53 172.166.78.104.in-addr.arpa udp
US 8.8.8.8:53 11.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 181.59.22.104.in-addr.arpa udp
US 8.8.8.8:53 22.208.65.172.in-addr.arpa udp
US 8.8.8.8:53 146.133.107.34.in-addr.arpa udp
US 8.8.8.8:53 142.247.16.2.in-addr.arpa udp
US 8.8.8.8:53 229.219.65.172.in-addr.arpa udp
US 8.8.8.8:53 122.192.65.172.in-addr.arpa udp
US 8.8.8.8:53 45.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 108.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 34.107.133.146:443 aplo-evnt.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 api.userway.org udp
US 8.8.8.8:53 forms-eu1.hscollectedforms.net udp
US 8.8.8.8:53 eu.i.posthog.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 54.185.168.114:443 api.userway.org tcp
US 8.8.8.8:53 api.userway.org udp
US 172.65.192.122:443 forms-eu1.hscollectedforms.net tcp
US 8.8.8.8:53 api.userway.org udp
US 8.8.8.8:53 posthog-ingress-prod-eu-1819302861.eu-central-1.elb.amazonaws.com udp
DE 3.76.21.131:443 posthog-ingress-prod-eu-1819302861.eu-central-1.elb.amazonaws.com tcp
DE 3.76.21.131:443 posthog-ingress-prod-eu-1819302861.eu-central-1.elb.amazonaws.com tcp
US 8.8.8.8:53 posthog-ingress-prod-eu-1819302861.eu-central-1.elb.amazonaws.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp

Files

memory/3600-0-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rufus.ini

MD5 88a819435b44a4dc42894cd776bba8c3
SHA1 c38e313ac66000ceaa1d05d3d88e1daf4466f45d
SHA256 e9e016863c0e046bab878996a1fc7f266b88bc3b3e34c58cb222331ba228e9fa
SHA512 910eb9ec4030fd301f5dc0465cb6a723ab0dfc4e04c89c3111ebeb5d78944d114fd479f033b8c2e8895fbdc70096c2255ca74bc8ebfc685659a4c3e7667283c6

memory/3600-24-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rufus.ini

MD5 0f1a741d51a1606b77649c77eb8fd142
SHA1 6e9bf4bc1b87e781685d4d8070208af11836608a
SHA256 6811c5d78510dcd5bc399f227a9a2ac5d2e50eac03b63842a7e3b38a7dd8678e
SHA512 9a1dc710a58f219ee730d2465654daf98cfc7ed4c82922f71d7c59ebea016d76e692481fcbca5fd7ae9a861e7524dd15430fc260664fb79f6be90e00e5cd60cd

memory/3600-40-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-42-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\30b4ac48-9ba0-4f95-b50b-48e0be021da2

MD5 2e2c58ad85cb2d71a5401dfd04d5a0c0
SHA1 94847d052db3106b9f98afc9da23ed32de204622
SHA256 da81e13da671898b10b99846f45e5bded89bb1f75f5c8b602bb0aeb732e9f2b2
SHA512 328432502d836412a689c8b1554a705d8191acc73136bb7e32b875ea69fb9218c3b2ed14836704b285fcf4b3b1b58352a72b352d2643c26585ff6526a564ad1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\8578bcee-64f7-4dfa-8587-20099c6453af

MD5 0a4bbe2b7fdf231251225b18f303e1cd
SHA1 a24d7705f792064febf6af3b0f95a38668ebecdd
SHA256 00bd72be9d512ddb97a327377fecc570cc576220c2a36a5520ca3229fd7e2d15
SHA512 21e0e7c26241552909239bb06a5137b4e6dceae6c8c1625d5f2628a6ceff7888d493fbe8ac524a87aad99871733a34b01066f354633e1b1c03ef66f42a9037b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\2f43cd35-b40c-4e20-b1fd-8dee90e0212c

MD5 67d8545736bfc2c70167b900784a98c5
SHA1 71985a480598cfd6cb50372ab78a1b790115ec94
SHA256 6b1c17a2dd169ca0d7d466c8c6b6c0531e63ca61de122dc9e290c97597b117d2
SHA512 100905688100a7ff4d06c79d4c2c4ae7675e7251a1fc977f53a239f62290cccabe8b13f376c0cc7ffb20acb98f01324bd5ffdc92a8a3a8c33c28b15459d04db6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 e21e8e7d35477f447fc48bb70ba63ec7
SHA1 03c123f37fcd6958e4caa6acd55d34dc726abcb1
SHA256 09ab2cc8770a6b7789df5b24bf158f1085ac1e3c67541cd6ab37224989598be9
SHA512 cbbf40efab1d8a50533a3bd0f0c88bd819fd57c62d49134e446933ca6f1260e652154ed41e5407314efab6596b948658d34c6f3586428883fd6dde024d848c1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json

MD5 768f3380743b33ed6d2aff6523b478eb
SHA1 f89a5603ae9b0d461a1b2a3379f89474064fed7a
SHA256 2da5685f500fb6619505dba888e2be65fb24db90a3e646251ae35fc055b76c03
SHA512 b4c3a99811f4554d967b4605a0a7efa35969a441ba2a425d74ec150c135a2041fdc4d620ca0573307a1c38d794f53cfb9602f6b6746f22bcebc9449621eafc1d

memory/3600-327-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

MD5 d7e51218e347dabe78dbed94dd4433cd
SHA1 2ff5151a4ccb78c45f832f54ea400f746d905739
SHA256 5326de7c88aa3814a61087cdefd048c84b7b38036d312085ea127db0348db07e
SHA512 b593eac9b01680e9dbf015dfcef15962a48e47e3bb93977ed9c086a65ba8b758b4ad338056c882258a3fcd9c9259479f2e92e20ebf619be527faafdb058fae3e

C:\Users\Admin\AppData\Local\Temp\rufus.ini~

MD5 2b503d9e7de8336de89ffbad494b9bde
SHA1 6cc10416b8691b5b909aaa4c80a52d60cf33ef33
SHA256 893d7588bdcc512582840220aa916d88ff6e22bf58e63b24d622fb52e577f40f
SHA512 c99083aa41aee2a72a76fbf6fd8c0d9b5776dab269e0f3c75b83eeb1ae2d55ab8050dbfcee761c439ca565fa7526a05055d49a8158ecc53e1a86b59d3feea2a9

memory/3600-351-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 4106576aaa4f4a7151f39caac669a274
SHA1 55bcb332925d1dfdf09594795381076c093daa92
SHA256 8a76181f0359c28dad4148e7284bd9c398e76852981411c5161fe18c9095b5a5
SHA512 4970309ded2e5ff0f3dd2516ff9d017aed4806037b3cc00dbf0c273d6fd21c4ce571afefb69c8d522e6c0e9b5c1a2b7cd2ff678e687b6b0b92591c13af7e652e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

MD5 123b6be79184db2acec6a770ea2e55d7
SHA1 bdbd4636b550888064534cd22dfe7fab3d5e0657
SHA256 2ce3dd3cd0a654cf259f16d14973352828f1674bf6c32f6e38c0ffa58eb9d0ef
SHA512 913cf7b1a6e251bafdc40da67b366ab3365216467471867c1d053eebd4e4a2a329a7529a689a29cbcadf4da8a03c5aead5355095c80a6cfa0ab1ee539b89e970

memory/3600-421-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fccab8a2a3330ebd702a08d6cc6c1aee
SHA1 2d0ea7fa697cb1723d240ebf3c0781ce56273cf7
SHA256 fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712
SHA512 5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

\??\pipe\LOCAL\crashpad_2936_GLCUKOZVOSMRDTOC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9d533e1f93a61b94eea29bf4313b0a8e
SHA1 96c1f0811d9e2fbf408e1b7186921b855fc891db
SHA256 ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3
SHA512 b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b90247bd2dfb7d69c811140e0812cdd
SHA1 0c83b4063de7bf6b5305aec98dd634dd31d3d084
SHA256 3b0acff2741ba3cb2d1add30261a305811f823280890d05b7dd3b28b371ab766
SHA512 74353c35781100f137214ba7ad786250f4495d4dc6f86d743fb488e05f3326ed7370f8400c1d31b7368105f5435aa64afda97235b2db77eb661fb4321d8c95ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ed659b1d7a51e558246bd24f62fff931
SHA1 84685d6f04379c290e4261ff04e9e1879d54d42c
SHA256 23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690
SHA512 1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 8e6560c6cdaf0a4673697a80311345a9
SHA1 31220ec56a7f879234581db7d7dda788f139b15b
SHA256 38b1ad10ee77896a7dfb9e108b5d4b3321c05173b4953ad08180676523da91b9
SHA512 4b09db24d662eaeecd07ddec8c488d9fc69ae77abf9ebd762f381127d95c406878a901cab29fa10bc3a66d0484cebbecb68115f91dc2ce97734f7d3211568e17

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

MD5 2f811d1cc7d6a2f5e6a8610a1b92353a
SHA1 67562fcdabeb3508b13330ad5552fbdaeeb16eed
SHA256 3535bfccad6f2090dd67ddf6914814706e25b54cdf13c0c3ae3a4c6090da0edb
SHA512 775899e29027902f1627b03472d3f502261e2320fae4640520b16200967b3b7c6c903c127c0732d2d52c70a8840781199fa81a015b9cdbf20806be364710c7da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 1d5ed019e1ae0905bed43470266998e6
SHA1 c7a44c88c282799a4d36910369747f10213d1877
SHA256 9cc4778e7f6d4a915e80804114904dd63cc206bc313ae18929ee101515e4e1eb
SHA512 5bfb960764a1ecce914c736c62dd35d54759f39846591fd3133622c94fa0162782ae2186be4f2b261b8c736c0cbda7171429efae3a817b841d8a649412de8116

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9f6b09611131133869c6670bf6a64a16
SHA1 c3d5b7c71afc764b7f616dba70c0f9edda552304
SHA256 b67770fea2c0d9a292696255a099313a832f035c77f77de0658745f161f1c108
SHA512 3d3723ef84b89360503c2f013d7507b07d5d97a117afc10fbdb21136cce22a709802e439d0adf87e15bc955e4a59647d92e9a6451eace333693ec6dd05d9f27a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 fba3a2cc4c9be82b1c8e06b788b615db
SHA1 1861ad6bc076d545dc77a098c8fee2c17abcbc01
SHA256 81e826acd0cf0ac7be9299c656f87ca0159d6f3f8c37d2876d554a922c91abbf
SHA512 a17b1e0a3db114f866d3c337fea708ddd0e058aa1c72483f8fca853cb77e4cce21dc66ada0d64657582f4f9856e80efa00eafcc81d8967d275fb2364a81d6f25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87b0a2a2815e3ed7251af6094f2193ad
SHA1 d4f768c3437a8298633bca4b72a5a995ce16559e
SHA256 516db0ca5ae06e1940e97ac073d71caeb3e6b992d9fddc0d80d747e092aa6eb1
SHA512 e3dd1ddbabb34a6f4797ddec8818ed6736f8fc2777d8fa27f3b3b54e2b9bde56a070156082018cb94949e0994b5d0a766a772b3cf9841cac339a710ce087abad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ebcfdbb58cd56524129466f3f441fb7
SHA1 602ebe6080e336ca16ec52d04ee8b414b177e4bd
SHA256 7edeb779516fc268337c891f03752ed6c30f1e2e2a0fb341d5f32cad289f15a5
SHA512 df7211263da4f93b630add6ac4c25fb2331a5f0ed4f750e9a021db79ef2a134667f1b904a7fbadb3b86476f52c8611325e89f7636a3cf4235dae6a4c63cfe5c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 7ec09c7cbd7cb0b8a777b3a9e2a1892e
SHA1 3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd
SHA256 a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e
SHA512 5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 09918e65c9c19c10042d6034a13088f8
SHA1 61829cc8c97a2ac74352d0694109aca4693e9cc4
SHA256 bb2d93c1069643070e8256ecbd491613c43f5622c812b36bd61983e0da727fa1
SHA512 484dbc287caf00cb4d2feae5b2a0177a259e67386ae296134947e3e923beb56b75ed2ab7db62f5ba98a9eb38b5476485d7470cd81eca5063ffc728346710010b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b5f1b038693d0730b7847ff6f88bc10
SHA1 423027bdca1ea1a9dff89d41e5a43e55b23de38f
SHA256 db65ea9bb7c31ab96e6d97d507115dfdd2750dd98ad4208616455d1e43df80e6
SHA512 0042b1d0c8b219f483a67a269b7e0b3ef776f5c47881012fa31364c7d5b706645b7424aeb5d165c8cdf5e1582912c306cc0bba4a1be01a62018ffb6bc2b04de9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c2b46ee2a8db2cf79770e9830e1d7167
SHA1 d8cc46a7667a558889abae6a936763ec0d57b81f
SHA256 53a77444df9db1c8630eec924eed92831cf84235e10c506d260e20188c967791
SHA512 40c42dd39e0adb554aed0ca7f945ad3de9137ab6b9b06135d18ffe63c73b0018362dde7afc6bb6f4e72fde389c862829eb986fa7d2c8ae77a5d641db6a908f4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe594dd8.TMP

MD5 c44bdf1f2f6da3067c288861f1abf602
SHA1 de0395439875b5962cc115a6b83ed9d092a07710
SHA256 dec0564dbccc387dff25ea7a13c3463c51d200bf1a52d4ea8772e30d9e970144
SHA512 e96ff9d0ec801a807a88f8e792e5343d442930fcf016ef2de260d3cd5f6135f6a66e423c127ed87d9d38a6ad8f3da9c79fa3239bf34941b9762dd6e686ca112a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70dbf0358c2218d5cb05449722ac33c6
SHA1 2c21f188552a5361685679c71fc92803dbebe578
SHA256 2f00118f6ab3938f3f59f95d246f67a885cc14662a6271204088e26db61894fe
SHA512 e2c896fa8bea0eba28da8e6a21ea2ecd0b84099739f3832b6ca7ca6c5fe62933381b61cd587d77154bd3b42fab14d448a9b23a5e8b5692955cca76e60f85bd43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0a0b698b5d40051e6db6555b1ea3007c
SHA1 9225c480183051eec61b6981d863a500bebdbd77
SHA256 693594a3b94c7b9db2835b51439cfe1bc3a1ce6605f573ddef0f838cdf87ed87
SHA512 68705deb8905a0f439d6a8c4d310e3dec36da71b7553876417aef6f6038c930b030873cf20091bc9edec611fe09eec826593edec7ac3be9051c0250e81276db6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c839823b72a61e4ce3d78f3c9206937d
SHA1 cfc103a858782ce7ed7be53aae2c93a82d8e6ba9
SHA256 bac0bd3500f938c04726d6e33c44c528ad07ca4af433d4a4817a8681db540146
SHA512 03d06531f746f5dad2d15c5672ecf95c7144cf9f871dc8440741f328d4e2f142316f6a293663513165f704023b1f3c98331a920878266968555dda0d08175011

memory/3600-976-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rufus.ini

MD5 833f6829ad0d9bf765f10bd13561c41b
SHA1 cc48aed28fccb8b16403f27e5b581f9d6e78a42d
SHA256 73c47883c4db417022c5c931fe7c64992eea051e4037844ae9eeb77af3cdf316
SHA512 b2f2cab2900a99ebeb043b0c3364cac24ce1dac1d7d783250432f19349d39b66bf2b7feb419c9691cebd1e5fb3c3d39ff33c91a46f19e3a24a072a375a5c3e68

memory/3600-990-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-999-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0991bee524c58f363454362999d9b09a
SHA1 05470181c5eca610057dfdff6691eacb94f2d28f
SHA256 887806a81e27aaf1d6a5bd6a22ecf7f897767ba464761924a23375a2c7c1c649
SHA512 6b0fa0610607a11d7844735c9153a8e1338c9cc5cbf090b3687d23e4e726ad5aa6b24d7dfbd9362544a9b06db7e0e248ee9c2b463d62eba4a9c07ce123baa44a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1WS8MUAXXBD42NMQ5PPG.temp

MD5 08d6de3d63e22a88abe6537f55ac7a87
SHA1 9e800bc5e40eba4c017b6622bac80d6dbf7b0bd3
SHA256 2cf67667ca7cc446b07c145c77a6ab46e8a17b14645ae843da6b29905cba6416
SHA512 9891b5fbc7cd1ec62ea38984c680cba1ddb02aaf47d5b11e81017bcfeb9daefc7b7c7dd96d599afad9a0bddeb52c76826d589518b4f3263e53e8c59b4357d0e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8baeca73e9892ecfa7a45e55a6a83ae
SHA1 2839353449a2cbf8641647d06dcb27aefd717847
SHA256 526991e0870c7d0f8498bc16282e39e4adb3141a06f9334f95d83a2c0a6b8dc5
SHA512 78b5a4a86804df05467c5cecd58b99cd5ba606a95686e33d5a93090d126b733c0cd6c56847f1a470fad5263fee299c3fee104ea7a5be0915d3fb0dfa38694c90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 b48265096e7a333f5034f4dea977b1e2
SHA1 6326c70edf1379edba844a576d80094cf48f1edd
SHA256 2001892b5eb360ea9db033e1c3a78065f86fa338ee89451edcc09397f3455987
SHA512 ded11d233b290fd6c3228973ad319b09a86654998816b6220bc4478d0517c585486c02801ae8bdd8d64a75397313a9434fa6235a7ca361beb272992256468b43

memory/3600-1110-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 a1d1ca303d1522f0d076e20bec1aaed4
SHA1 531d98c9219be90b7f873f913e75c5a2a5821542
SHA256 fea2b17323cd09fe6235eab05f60fddddd27237c063367ad79251a1b4f211f6b
SHA512 5bcd13ea6c1a94a674f4adff7045ffaa61da2f0089e7e032bde3b9edde7ff89849d15679fc5c119107926f6425ea72ccbdbd28a6e4b632d0fa0951ad1b011a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5870b3e051db0ee170e46f6e2583558c
SHA1 5b9824d80252fe444b9f9c62419613a2aa13e1dc
SHA256 e77154e9e5e7a25d16b6ccad59bf241d44b9e73eedd4d4260212fa5a85cd4226
SHA512 357ed34393c365e173a1133d7566b9394641aacd577d2dc9fa9ac3849c43099a0ad97c16a136976b7f782b2976eb622236baf28f60576f4d9097e1a914bacc34

memory/3600-1157-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-1160-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-1161-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-1170-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea5200ddf38d8cadc5038ca9358e9a86
SHA1 3df6e37bdca2262bdc381c259fb489df0d18b747
SHA256 4220ec04bb728a937faf06a8613e64f987fc0178bee46fe301afa6a761840008
SHA512 5342c3fbe121ab77698b3d2c66c2ec27f8cb89cfc64009dbb8702105d98f9e495837fc6c0814d89e39efe3391d9705c885b59cf216e30d081da86e52202a7c18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05b268a2bda485a9b36266e9d6fac107
SHA1 1e829d90647db7e266fd6e265428045d6241ee0e
SHA256 d978472ea86167072e5164d2f99752cc16f1049d1626945ae629f4460615b48a
SHA512 7db3f821b7e47597fbd83beac893c2f19431fd2140dfd2cb9c112256811f9da24fb5962abb3c2edf22f830cda41ae895d572bdb134057f1e31b2b840f23f146f

memory/3600-1210-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-1211-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-1236-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

memory/3600-1256-0x00007FF6A3EA0000-0x00007FF6A430E000-memory.dmp

C:\Windows\logs\StorGroupPolicy.log

MD5 fee6896d0e895e2fe5ef1e23bed60be4
SHA1 dce921d5c4f74de968b4a19c41d8cba84599c6ed
SHA256 b04be1b0949e870c70d1f4b3cc42037a5ef700d68f7eda22bc8301a8ac33e118
SHA512 cdc336bbb3df7649e7b6ec60bc3a779828a90090d62d7e6a7331797ccab4a9b23da7cdc41ff8d55bbeaa9295c19ec8d8b0a3a89bc181b3308efa6b44316fbcc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab37782130b1fa4e8fea0633c90b804e
SHA1 f16b7c24b053a1b04a0defc2839d808e0c5be73f
SHA256 474a0ea035e1e15a17e21bc74dd680fb307fedac7ceb118979a4d38ea5258ec6
SHA512 79ad3681ea073b1a34b6410045c4340aa125918c173f47d8cdd40ce513faf9634fc444d17ff285474583dfb8d475232590e36210dc9312ea8650af11561b3063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0408dbf9730f020bc9852c3a79212ea5
SHA1 adeaf933bb7d0bc15807c19227e8cee89b136b3b
SHA256 c61733b9f96bd253b45f1104aeaeb4bc5941397e25040cc44877931129f26c21
SHA512 570597250cb70c580363a6d05521721f5b7564fe8c53aa727fc7444fc4c2b13ec2621352fce9d9332c02a5812ef2d66270d11840623d5b464f41a9155088dc8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5f654b.TMP

MD5 c1acaae4cd6be8ed92bdd24872448eed
SHA1 384c10948f7aef36a63054fd4ab925df288ef058
SHA256 4271673942b57c30650838987c18be16d0d8cc7610901c7778e88444d7749237
SHA512 6eb2e7e9d51cda427439e1ca48096f5aa9b979d0363c6ef362b3377342f52a4ffbaddc83572811ccecd2770b22b3fd4fbfbcc8ddbd1c1d7e2223de23636ba32b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 06ddbc0d8093f85d9f212ecf1bc1feac
SHA1 1ed81dae2aeb329e151b638810973a84d19da9c8
SHA256 b03ef831ac9287b2d92a2dc84039a21c65169adb4091b8906313a71658639e4b
SHA512 fc476101dbcfd634fcf48d51a421138fa59379acb4981f03e35fd2aaff846bcea9ae79b02dbe8d719fb3edcdb3f4ffbcb0efc634e19d044f0da19091c8b0e515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c9db36ab278b3c9deb78d57e14ea0ed
SHA1 5b3a22201283552c88f5e2ed1cdf7fbfa4afd387
SHA256 444768f64a49839ccffcd2a054c25ca2f1ba999421678ac3ebd5bed21a73964f
SHA512 bfb3b8f3c2864fd9a46d9986936b4ff4b2c30f5338510d39dab69b722f7859e7ecc9d9d1555b33826fb7d45218c250a86896867567498617b1559035b9feb3e0

C:\Users\Admin\Downloads\Unconfirmed 642009.crdownload

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 517db4157c8922b9650ebbbc5ab20309
SHA1 731e91ae82f4110b0aa33180508553937b03177c
SHA256 4a48581f76094a99c9b716f5d2834f88165bc56d4a73a080089162d4538b225c
SHA512 5e944059174108dc6f687b3c8fdc5b531fe4487d1d615b76823179cabd953e5d6f9ba94ab4981a917776f1ca8f60694e77586d32f1844aff8f7af6d5a7eefccc

C:\Users\Admin\Downloads\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\msg\m_swedish.wnry

MD5 c7a19984eb9f37198652eaf2fd1ee25c
SHA1 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

memory/5972-1781-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\msg\m_spanish.wnry

MD5 8d61648d34cba8ae9d1e2a219019add1
SHA1 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

C:\Users\Admin\Downloads\msg\m_slovak.wnry

MD5 c911aba4ab1da6c28cf86338ab2ab6cc
SHA1 fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256 e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

C:\Users\Admin\Downloads\msg\m_russian.wnry

MD5 452615db2336d60af7e2057481e4cab5
SHA1 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\Downloads\msg\m_romanian.wnry

MD5 313e0ececd24f4fa1504118a11bc7986
SHA1 e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512 c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\Downloads\msg\m_portuguese.wnry

MD5 fa948f7d8dfb21ceddd6794f2d56b44f
SHA1 ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256 bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\Downloads\msg\m_polish.wnry

MD5 e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512 e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\Downloads\msg\m_norwegian.wnry

MD5 ff70cc7c00951084175d12128ce02399
SHA1 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256 cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512 f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\Downloads\msg\m_latvian.wnry

MD5 c33afb4ecc04ee1bcc6975bea49abe40
SHA1 fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256 a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\Downloads\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

C:\Users\Admin\Downloads\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Downloads\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\t.wnry

MD5 5dcaac857e695a65f5c3ef1441a73a8f
SHA1 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da6644707bbe86032880b0d377f98678
SHA1 f3989094994513a27cf879305fb89ac00036c081
SHA256 65796aa4e331d437c30cad469fabe291a6a5b2fb20de37238016d3b00678c70a
SHA512 f4d52b4cd2992fa715765ddd25460d2b8134a770d5502b0a1719c6ef08c2a0ca98616e335568360513e0055e15242cd99031e914a827007836cf0d208381f619

C:\Users\Admin\Downloads\r.wnry

MD5 3e0020fc529b1c2a061016dd2469ba96
SHA1 c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

C:\Users\Admin\Downloads\c.wnry

MD5 93f33b83f1f263e2419006d6026e7bc1
SHA1 1a4b36c56430a56af2e0ecabd754bf00067ce488
SHA256 ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4
SHA512 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

C:\Users\Admin\Downloads\u.wnry

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\Users\Admin\Downloads\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\Users\Admin\Downloads\s.wnry

MD5 ad4c9de7c8c40813f200ba1c2fa33083
SHA1 d1af27518d455d432b62d73c6a1497d032f6120e
SHA256 e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
SHA512 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 17a3b62be9665b1d0e411a8d87565ecc
SHA1 be09b90a1a121126dab9689f156c51f77bee1ac9
SHA256 038deabc8e304a2d574cfd4ed4aa515f8f174f7b3f8b80b416a4354d60b4f311
SHA512 6de650c1d46b2d19c14f1b8d21c8589ee276caa2a30654436176295dccea7f619c450ff1cbd01fe94d174cb032eebffed18036fbae4e10dcb17fa228d23850fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 642c3a322ad9c28a980cc12f300fb15e
SHA1 57f6ee767bdf621978b320835cd103762acd256e
SHA256 ba951d966db3041065a6abb149b9f7737fe0fe5c7a67349df4ee0fe8b336a92d
SHA512 9187e5b7ae838f626d95b2b144ebc88072fc34801dd207ad277f1cc4fafd105eee15f93d15c493d6ed3868cf98150823e28ba07d1f46c84cc11f7bc49cee2c79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e0762e602d83cef492a24efc512d285d
SHA1 e0ac3afb54368bf475c50ae0d85b4b9a2d757688
SHA256 075cd33952600532857c0c91b2db28c40c37535bd5fc38340854b3c864c70efb
SHA512 9936b5c85e7cb40fad30a462304e27bd8607492016c8f2a71be13b3ce14e6bc62f87528705cca975bf776746b781074ed933623245e662c552f8008a6179bcbf

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 310f4632ecc5c0eecb4de9f173b5340c
SHA1 31d4098e21cacef9e1da315c0ebdcfc6a37a20ee
SHA256 ed2f9f226f6c2a0768bb7ee03c204f73b804d359a0bc0cad6383b20f67236414
SHA512 9a3d2cff7a3e97a5aa1a29fc103dbc4ac659f186a870a284cbad4d0b00512c8f26150c8d95eb92d178c7ad383899aacc795c46eb57eebc565df1797f96f8f4c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cf50944d36798f8dd46b999c9e1257ba
SHA1 37ce7e5484583dfa6ddabd61b07d75fc7bacec7d
SHA256 4b1c904c40cc014b25874a6c8515718139caf205933bf5cd60aed803f1f5d2ea
SHA512 2b581cff4a3f38be6ca343d03687d00c006fd0fbf4ba03c6491f45ff825dc964eff9b0739b7a796779c5d9cc1d5f083206c5f067ccb40640b1866798d3bf7e4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 55a93dd8c17e1019c87980a74c65cb1b
SHA1 4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d
SHA256 4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009
SHA512 f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 cd74fa4f0944963c0908611fed565d9b
SHA1 c18033d8679d742e2aab1d6c88c28bd8f8a9e10d
SHA256 e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804
SHA512 b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4d446e2a9c4f30ab4d0558fb3a29981
SHA1 fd92b8020836508074cd35577476ad00b0ae7ae1
SHA256 c53fcd8ad13d4fe614a81ff3066f2249417fd7cd17d2e772b9a86dc2116c8258
SHA512 50414cb9aca77adcdc6beb3cc44ffb98ef006bd82447a99993b02577b92624e3b766b7dfd832d06c21c45ac8579c93e087c3b753d3964c6c98891c2b56ed8942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c853d3f7e53586648995c52afa016ed
SHA1 28421cd37620514ededb7d307794509ec11f1dd9
SHA256 f11dc0b35b17dc1d1fc74dffeb9ce92ecb10c0e87ea969c8d4638b5c2e2160dc
SHA512 f5b87d643209bebf9bb980567ddfb092633d0e6594611fd4c5a42db2323c56bad85917fb7aac292d94d3733be9938eb5d7d4e4b9566f0e60f72aac3f71415226

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e376bb6c1ea1ba75dda2bced8ea97ee7
SHA1 d23094e4c3cb06762bb91352a90397cae33f4774
SHA256 c1871515e18b10c49630ff5c1f501207e5902a211892adb456b51842e4505c92
SHA512 43c927461cf49baa5a71915db15a4ec243b2c1eb16e249553c072d2a9adc152dfafc221113eb2aaefc2e7f1dd4c7a7b3d4ed08ff2de06433c402ad9874e82dc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42f943e3c678f4da49289fa5a1fbb1f1
SHA1 8bda65322b014f26209211b7f5c42471fffa05ee
SHA256 7ad0f294c1fc251b6c78361882644d3ead5f8afcb33161fe6c7e9e9c17f7ed7a
SHA512 44c12435f4d36b17087f90b9a4c452c8646fd021b439324e9736dba0d20c32ed207ff99b4a8a7d5ba595d2655df6918d38d958868776f0b66b294470af4becb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d7d602fc50eb62429ca0e53ba97d05b
SHA1 7987befb2c4a4d5603a1b3ba5257ea3ca7512c61
SHA256 edbda8e2c31a002c53098c27f563abee0d0079a7eddb6316ab85ceecb1098c6a
SHA512 d395485c38f2cc2920ea5cb534b11c284bd2f54c4c6c95c73bbf9324581672252b030b143cfff89f3f99a89b661ed0478c9132dafca3e9b79ac8275c8c0c3247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79908dfd-631a-4ec6-9c3b-ecdbe60c91e9.tmp

MD5 9a86aca4787c73d3a2efa45e17fd0683
SHA1 0b6064aa259218ce147d005385048ed2cd593a60
SHA256 1077ec407dc0e35b389a52f9ce2c786177c75d5f54fc451647cf334dcb044016
SHA512 657771bf8b41be4c45c13ff53c0fda49ffd8c33fb657039ca590119e47e9318ac688cd3b80baa70411148b8110012961b007cf7457746df23888919549dc0cdc

C:\Users\Admin\Downloads\Setup.exe

MD5 180563d014f6f8ffe0ebba87201367bd
SHA1 190adf8e6885bea8722d36c2907d0dee91cbcea7
SHA256 5e6f72b4573fcb0ff01a12878201a7625bd6e19b58fad49756cff15109101f94
SHA512 6873430188ea187a168c07e498c3e0e73510e6f0166d15bb2611d150dac7d7173e8a9ab727fcc99dbde128b20fd444b5c70faa54100bd7b3ca18dea3c6295993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 61d80cd26fd173f7cec4fa290da0f221
SHA1 bfa0fbfb2d7bf459ea6aead77ea4de1ab79adbdf
SHA256 be96f7fba1e943214576bebd39f8d2ba1297949473ce80cd5c9400b85f3779e5
SHA512 b9e0e20ef725bd19bdbcc033a140664558481d8b076fdd422356931e941efbf09a0c6b70031b557d7a43582f41c77e075e9f393467817bfefb5746cd7c67b43b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7a7832ab90a3877281812452f9c8dc0
SHA1 91e9a463048724a7e9d65909e122f094dafe4cfd
SHA256 bf7d61f875e50870e4df15de5e07b65578133070310c00c4954ed76444a6c3bf
SHA512 858ac6e30dc3010c2d8bc5b8dad8cb3e0182f310d95a77fef6847c5c7e5097a6b4236dd5b2465d2b07348f3d7dcbd22c71935d16309f2a85d8ba7497634edf63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 dee46781c0389eada0ac9faa177539b6
SHA1 d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA256 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

MD5 54460939adee2ae735d8ac184402558d
SHA1 e9b88020fc803bc449f95cb1221294ce00590367
SHA256 23b04b0b2a9bf4c2146efe04f0614aeb76fc0d62fa72adc436baed7a37cc0312
SHA512 0a994da0fcb85a1b519ce3c783dc3f7da047a7d66f00b377c3a87cc1e5948f6bf2000349b9cb43214363fe3072e78c9e778075db183dc8a1eff829b4cf4bf685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 7820868733f40be1532c203ddef29dac
SHA1 b05284788e05da2048eafe2d32ae82d72cc7bf20
SHA256 697fe36c8e350ba203e98a5b319be12ac8c3c4b1b0c7b0659d32b0d8210f5c12
SHA512 34ea94632c42798d74da4bae84839889bb071a6545e20e6732523f1b1f8357a9db9b5002c897307bcbcfcdacaab3a7939f069d8b8c8ab2d04c5bc39ffdcb795c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1094c25ec107f3d_0

MD5 dcf07c6cd62eadae23690caee6ed0bf7
SHA1 a302f44aa0ee10d8efd76a6353fd5c4e855cd632
SHA256 a9d4434893f354bed8361d5c1456f3c21c77495520cc33a4b7d3aadc0ce2984b
SHA512 e70edba53e5d0ccb0096de398be6d0c5dc841b532f0b753df4394445b0f6e40cc343950aa849abf4c833468611e9d155098c3d3f4c1d3e3d5a5526f89be12330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

MD5 4d8b471a2271ac4e3b5d25b5683964d0
SHA1 67b52c3bfabc09bc4f99d259de43213dfebbb5c8
SHA256 d0947470db9c332a7e6abf959a45cbdaa82e6e032e325c512cc9a3cd32dbae65
SHA512 d734faac61756e2fc07821704a9ebc5c5a0e7a7dec601b3c8ac4ad6b1cec59cd6446f38e4df41f9c51cf5a45bc7c6241801fa945023bec1a735c0bf450a0c0f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ccec4d8b60cbd1d032d829b095f8b21
SHA1 ff07600eb6d40bb224df890e5e748d00dcf9a80a
SHA256 8ae48497542ca33835125c61e74a81dd6d77e7b44cbb9d2a8afffc9ed15090bd
SHA512 2b868a63f2f00b82df3943113e5828ef18fa6116661764d6d72301b1a65d09ad9ce77690fd4737d959e118c21776a8379f77db2e124d73e3709d7af82122e663

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 306ca0454c9f2feff490c35633a35178
SHA1 12ea375354d9a389c255302f8795525dad49c76c
SHA256 5e7b46650368b4e36d9c0a5e3ed8dbcb6bb7d4bda3a38a42fb9b179f588a2fa8
SHA512 60fc2e5e5eef75a39937b6b2b769e4f890049cea8ac863f334bcfcf2167cc3b13da6be9b79bb08f4a365d9f738d581f683a2ad72769a995f72f27e201a7ba5f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 477ef3de7cb1f77cd37ede06bbb310b9
SHA1 cc5cd18d3e09800c218edff241a66883a07df292
SHA256 9bea4fdd24a80e7e7ac9d95676943481f68ff33284bb4638c6528d68ca7c5c2d
SHA512 cdd035a779d413b12e954ebc6739598429005ed1db31dc871707195d1e7126ad16cc7d65eb263f6909014c99407e3eb5ac34c62c8100db8287eae0b8944b1ebb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0

MD5 1e0f08f2946d5f39e71661777781f8c2
SHA1 1abab23d9d086803f51084f321cdff6e795c6f08
SHA256 2f6ed7b69d9bdaf119e67f8e8d5acf25618982e71e6fa03bed56005a1d18811e
SHA512 fa4f59d7610a6fdf033b2a69e2a1488f91237dcced955d20c599e8e09f061f152465fa4da3c6b676dd4d314db9dd9f5cb2848d9b7070246e340b502cbe7d276d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b7644cb858ee390_0

MD5 aef2b19de2e032824edd20d1e41ce219
SHA1 623f6f749d8f8ce02b29e1d17fc3f77b8239dbcb
SHA256 bd3314da51f956d8bd66491154e2375dd33b44204b38ae7b3d6eff9b71c6503b
SHA512 5b0d3557ca74ed315d047cd68ff05e3f2c944963f6ec0d14292d335979ae0f0e6ccd1abd59f6ad558ccfbba000825a89cdc396870c501ed82b814381123475e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 7caf99c2c8533494b3f6e8c9929dc68d
SHA1 214b9e025ad1a4b279f4b5fc821cb3a2534d5be7
SHA256 38357c3063dfc7c88477fcdbfc780252329cb59ecbf07ef7bca96da01f045424
SHA512 207dedf7126757b959e7baffa5a19de2cc49dd12ae54a0f7ceabb41d7a16d418e33d0ae895ffeb02488c597cd61be2c3634b9c6f41a79afb1f562aa2a4744d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

MD5 4672f927758bf41a2103e0fe3caba720
SHA1 25dae916fdc4ec9aad9720e8e7c171f2bf0e8622
SHA256 ec0ca5f54ea34eed675f2e06a569958fa05f87e92a642831c53425eb93fd2927
SHA512 54fc1f390fbdc0c58f2fc95e3f3351cbcc5720b4bfed4197a2f5dddf83dada62d56213be0fd508458fb9a3c46380fa5cc373b4e656f74946acca5424713a8e21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

MD5 043103a2414c22d90948a2bbf19cbfcb
SHA1 e546af32860acb500ac66e8e606a359678091546
SHA256 26455f32f4613d364d0c43e3bf2c6656c632f1ff479a98d1a981078d6d4ca603
SHA512 eccab173ce570a26f3dfc1933f51cf674c74957150dd0a9ff9f985eee343f9e329f6ef954f6498d76a922a43f53558f52e3be9c2831d4fb1161121c1c315afc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 b7d691972cd11264e73623d0b03ddb8f
SHA1 54357e3ab496383885716c62fe8d19c0275a5074
SHA256 f68fad20a02dab50b2c37fc759b0b5ac0adbc3ab316c8dfede32dae64b2e8c1f
SHA512 4ff9b5f47fc4c081e45918792103f0aa0202372862fc5d7fe19e6c74ab776fb8a3a36ca0023b02ab7c9b91d3585aee85a0f9c1c204951854d28637c403bbcebe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f54d7f2e6cf0b1_0

MD5 df7614093c7465632bc382f53c6421ac
SHA1 62b0bc4bf5cb97c46b11b87091534ebdede563b7
SHA256 cf007a9533591c1aaeb00f1efc5d7305ba45e4723a82862824ebcbad1a613b6a
SHA512 7592be2fa6ce6b468d9d5fd5d4c8bdf552c268d9ef8b515d2dcde5b382fbc152643a4a3c13ab80818b69a2010ecbc23fd5ac9bde9c07039798a666b70a36b8e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

MD5 ac14a358b3ed79102e7d1f32d5aee0a6
SHA1 95be9822fc3969bb4c4523420613807183c71402
SHA256 89fc8dec6eeedc96db0d73b17c3ff787dba700774bb0f4f89622f07501f19a94
SHA512 34eed78e47332e3b3438f641ac28dce6caf6c543013ef09fd2ae90b014720841ef196c25132ac01d1ba6d19ebc21a4a405fab40ee777bd53b2a294de7260d285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\605167868572c6c4_0

MD5 ba9ad98d079aa6e835b49a11ad4c66b3
SHA1 7a1ff069067049c99c3e33b7de817c33a2faf4e0
SHA256 aec82085321cbfac17668866eb805f048f80859c786dca20e4d8b755c1e6f20b
SHA512 81b108c17bf005f90ac8a03efccd573e6a0381b7c19c8071ca1167cd996bdea5f605f8a7433a88006361cd5e273ea42952b746b3c05bcf3f9bc01bd423a974d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c63983b10e3c69f_0

MD5 d3d57f01b82851c4924d0922ead72568
SHA1 a17caf9590eaac46536157625cf337dd61ab487a
SHA256 4ddf8cf54f60117cb1b1d8ed9b604480526cb31491ab9f2e26feb2837fb694d7
SHA512 62996825bd410a16726710c8fa95702f3893688d75f00dde307d3994c1c007009f0bd0eb4334da996c90b25a4b3b3f286cd5eca683caed51e4c178f8fb0beb61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 f5e08824ec0a9d824d7fe1d3644e22db
SHA1 c2c60e4e8c7866906013ed0ccea122bf40fadc5b
SHA256 7a225b749a3f74b94bfb871c2e68bbebc6807af4f4e87949ad17a0db666e4075
SHA512 73a43660e83e5b7ce30ae76609031376a4baa93317cb1da6d0e84b59c73be8f833761f8741591b3a6da0eec27f5a212266183a534d4ede79ba840a68f2c76d8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 889507f3166d003de1a8259c81b78dc9
SHA1 8bfe63adf4ffb4c0007c3a358c2b11f3514bbd1a
SHA256 af622d4827079b081846b3b5a5d48a6a80fe0edb95c8a21d480a078f25893d73
SHA512 db78a257df43488ac008db8532e68fc0d59c0d06bc36ea2ecb7d5b73c330f81cbdd1032740bbd6f2fb1e0ed0d6e62cbf6fe16fa7bd6529d40cfb3a3502555880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 26c395e56d7ec74b11b01449b0244144
SHA1 c693497b653999b381bca2dca796e4ce1952b7ad
SHA256 3a6ceb725b94120deb57a0e05eabb3ff146c14f217170d3ed8eca7bf1c6a5808
SHA512 dd957d6962751a2ca76b1ff041edc17eefc9579c73844c62e761c06ee1a031a9a89540dc803b54a0b46106a07dfc318944cae23af1478e4ca64f9e0272a24e66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 65ae44a0f9ab4e366c3be773dedfdfe3
SHA1 65589fe149891f05936d89d8117bd9718d6b11d1
SHA256 af92fe6a630c093fe508a22d80ec136b36f884ae3b4a2f262df89bb036d60cff
SHA512 93a276e4a72d4c0a0bf4c399435a175312b46f85ce209e172d7925c52f90edd302d1b1376e04d817c3729103ff989dc100ae3a1e07ab8ff9633550db9d513211

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 bbc2dcb10678c5fd0382b03614b27190
SHA1 db7f23c1a9146efac6f73306ec4866408b5a54b7
SHA256 fe6b3457b55da863c9793e162e551cf8f49f231c349aaffb8551a53e32841143
SHA512 e0985ba80d43906b50f201f0fe639c04fb7d8b1c9eb98a5c0f2fc98a11facbd8eeec1421b43050cf5e4c064c270b9da1c7ea979797430f09a5865c4f068f7994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 1fd375fe26367289bef6d14885ff7f9e
SHA1 3146e8152e9f430e99909dea8d7099a75f974fcb
SHA256 5297bd62948ed036fa498f7dd6e5c190d78223769f9048eeff751b5df739189f
SHA512 44a132f0b160a928f4ed3a2f152497de66090755714628f33aacf8696d7513839ec134d9c5d479b74f47e2abf222dde6c6c2c7f3047265112b3db5eba6dba2f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 c5f001bab7ffaa69e6d49d99fe5bd80d
SHA1 249556b22af4aae05f86a76aa73679130cd8f27b
SHA256 e7c1b4f9e7193fb77760dc932a1848f7260f39f4ca5c7ac97434cb6986914e8c
SHA512 e3dc1da22400c6786a40ebadd6dcb17b8dec6898f715deeb8a153fb34904afd6bfe93888fb32c664dac910165b9c9f31bf5095959309fae8e1dcec16ed793d75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

MD5 2a0ff41b17b6c299cd158b872c8159ee
SHA1 fc1d1e3a196b97ef314d47818cce410ef924cd2a
SHA256 263ab80b8d8dde3c719275d41f7d4425295f78b5b60305acfdd8f63b28c3db4f
SHA512 7245d9c09053721bb45df5f9a6287c850779ec19d1ef3fc26f2e711f5860a7a1aae5ba7c74595d4176ce09457d806fb9e7cd2d97082a2cd732add2ba9135bd37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

MD5 5bb8c9d7415cdf69058dbb488b8008eb
SHA1 1a6f7586449453dad9dba6bfd3fd444288cb8b34
SHA256 0de12e8061753fe21363f733f1d2c3c120ed19b8cb671a377b2f5f683173891b
SHA512 500061dd41cde707affa7404a925237853f68039755910825b75864e561af2343ddfa529c2f06cc92a1fd97b24ddc40dd4acec60dccfa8649e7c6d32f68e8a85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 cf73d4999a1f883cbe9d75e35b747cc4
SHA1 ea1e05602973a6a77ea1d0d7dd72ea7d4563717a
SHA256 525f6a6fb093319b1f42f626e0482d228780c1ffe207945a51d9fad4e0f27a30
SHA512 e8cdd140a6867d0d25334644d2a6f87b34f5e2815ecf86df20d3d77e828652156c04f7becd5aae0693affe54dea9cb1cbfb5e46d212dc432ffed18803aaf119b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 2d4a6ed777a1aba5247a290ce7d1da93
SHA1 31f11d9938bfe3af8d3bcd619dc4aecbdb33fa59
SHA256 381574582867fe69505fb5bf772cf0260d969afe8913e07b0b7c799c7120804d
SHA512 a0a2907fa4805852f2e2800de95975b27a82d2edbed03630968233f1f827a78ed69f1d7dfd827eb3214483e7e5361edeedfdfd73de787a58954bb675b16f2875

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 4a15244880d4f434f4cf005bb2b3a250
SHA1 4c311eb643b2d2dde044d8be4725cf9c59cddbbe
SHA256 426bff04db1c89072264c34834e43fc6ac215e825d9006562f712dd850685a76
SHA512 fcf4b1eb02eb022c9cfffbe201ebe3ab34a51131774913d075776fc0dee8f6d4930f57cf925b22335cc1933a96a075eb3fd89b3dfd7e3f9f079d9546a7417c52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 3bc61a797cb0495cbbf817091e4626b6
SHA1 7191bea2c8806c9e05992f3c8ab62cfc0cb1f099
SHA256 9b1dda8975284b4c7a340e30621bfb63b48bd4a0b359026ca74046984bcdd90a
SHA512 8361a8f0316acc85eacbf3a68a02e25cade0ee0785d8dfa1702c178c4fc888953fbfb31ea7ef2912e91bdefe90e46e539db39668b157abbc116394a4fa7c27a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d369a64d6dc70a5_0

MD5 bfe6b4fb23574cf6df488d9e6553a589
SHA1 c0e8ab384cc8b34eaeed489ed466052b74eec097
SHA256 ec00aad286e885bf29cc8684316087a1b36528098efd12e3e9d1c9d0f4613ec8
SHA512 00ebd720f7ff32539856a39e0dd81e74ae4f06f0424484fa3ad9062397a24fd0ab03cd86d9a09254b09a092109c4faea63d2105bfd36609fc440789aa9c9d0d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 e876aa5d0459a6cd414a6b44dbd980f4
SHA1 25dbc5e0a4e865eed5cfe6800af2a1f5c0cea920
SHA256 82a2c6f5cc1148b765998915ade3a0451d47e5e1d1af9d14faf2a91d4b0af6fa
SHA512 3f80024587750990cfe87904fb835175d7770980ef9547835796aa495cce375055c4e12db97ef4de167a72fc2ff16cf31878df27c3724c1f4b257d07f500d9ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 319f7580d6f061a47ee945d531534873
SHA1 9e084b41f4da35e95e53050c42c9b4fa6d929a36
SHA256 2df24be6087975d2413ecc79c12a783f0a48195356be5890880f81f712c42e5b
SHA512 0ca0a4f0b2a19dcfc2852581f06f32a09b4fcd68a12e1e5e61a24300e0e2e5aaba403937d911ce12fd9d0159c15d11204bb808502a05898736632443dda36bf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 e019dc03312d518563f20856aac88000
SHA1 91facded212ad71d186fbc2bc8e95d419a725c66
SHA256 18d192b6f4e9162397535e452b1f985ebc145c74af80193fe13beca11b724adb
SHA512 ef516c51b5412bf4dfdef476ee67d4d93bf2e4228f620dd92a9a4df9c29c8f4efb9ed4c3fed82e2922eb342eb7538424abc39c8cd09ae16f96e632070889df84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 c9b94211c5bb97350248e92956a83c3a
SHA1 d6058dbd9551c8766df615c87b1593e5401a99ab
SHA256 83210c2a76c9694f9d3f9bbf30e3f89599f621d32f1ef48f5b3d571ffcb24974
SHA512 b7ff9571115050881c6dbe0fd3e9676d12fa27f65f1656e1bf2ec797c7595be5d9fa3845624768bc7794cf7967e4dcb36b4e17d8d9e3a6ceafbe49fb032fdee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

MD5 ba85291b3acec2175ce432a4aadcad9f
SHA1 22a77a492b4d22f6ff35cda836f0d46b7875a164
SHA256 71e4a830eea9394308c1cd36eaeed83137d078c3c95b72e8f83adce4619c3c77
SHA512 14ef4d526dce618f8d4873d2990aa6715d82311ebbcbcc232f669ac8f9ac6a382cedd8c1b11005073a7511050d28f91a9b684fb53ccc55017f87b7f43b89c1db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

MD5 c1d917dcff2d7c4f0baa969d32c7a98a
SHA1 9b4bc90761ba170c9239125749b05c52eb839fbc
SHA256 56b5a10db6b6085821b2feb8d256f1c56a75cbd3a53fbbc16289fa16b5fc513a
SHA512 5950346ab25e3ec6eb5a2cd30d932297bfe3753bab8302ded1e5c0a9f9acdf3b902b5b217706bac92b7dd4da5a970b6f642346776741b4cca6f38076bec89241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0

MD5 ccd98bd23972923585efcab2a6cbd05d
SHA1 e2821b03fcdd140bb42c0ccc6ab72406ebb8f69e
SHA256 eb5ac96c9dd07142dab707dd60f47aa28f2f5e457bd36216ec7e646095281d43
SHA512 2cd1b7a2186018f0b960f42a931e37f8a89e76220be1b30a5a3a80527cca873fc5911780b705d4d65345429abe292788ded16c79f470aa804074ade94a227063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46d8591239c0d052_0

MD5 1adcb85e7c27dfa7a2f408dff248f160
SHA1 42e88937f251f54fc813772e5b0e2020f90228c3
SHA256 da0ce29095556facdde96e9334c4a4296dc31e4b1d9597916b5f1cd67ec59801
SHA512 a2d8f3771ccc9aa97a596128b48980b0c5ba3af0dafad5ffc16332daac8e97632e91025bfd96e0af682e0b0527d375a7d335777c3291fb1dd9c3d0aebb677f69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 d5992925cd01f865a21b595f96a850c2
SHA1 345e4e2c47a9e2a03fa182a72df8294510fcc5a8
SHA256 8e4ee0d4a26fb4cd0116344f93b6313cf386a390eda4de22f73d6cfde2726c5c
SHA512 4cb6e1c5ae4561109250439d93c571dda11e779f8bb7b6d7394a1f731411dc52fa662699e1457f29801d02af188cbcdbb622470465efa3a49d235ca14d1533f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd241de8b468f4cca35fabc1af69ba80
SHA1 33711b0f1bc7b1a7dede94ac2633fd7687364b69
SHA256 797be8e60cd14ea60e4a12e81766877f030f8cd3fdff89992f74bacad70095c6
SHA512 3beaae9acc13653271299cf2a0ed00c61689f5885f1f492ad4c5aa7450bc59f191a8c3fd50cc8a3a77fe64ba6979b6abb8c4f4b106e74ae154e3608c0e2b598f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11a18f1e92d733f274c6650e99974c0c
SHA1 6b20e5d5aee72d947da7ed902877cbf92ea57868
SHA256 cfdf2aef091747b3e0a6294d5b21e148b7216b6db3e3cab143a1c9c6995d1492
SHA512 26675651bd133aabeda817da09dfd535ef252a362df0a4dfd9b8330ce49cc926c3a0f30e60dc5f3b054c26501dd2e3211ab09b57336e3ca64d3e2232a1ad2ee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3ae4872bcf693178d851032fd01e1df8
SHA1 f8220ffa1aacc7a79b9b9d2a77bd32be95565ea4
SHA256 0217a19991f1be939ab4ad551e00ae0c23768c07b7681122e8d8e73eef806c7b
SHA512 03efec4a6331f871de6bc0dc54465e2cf1586281f54d2e4f3560f31920b89ef4d92163ec54c5f84e920aa5de7d9f34f7eb4c42503c12a6e1e9960290c11849c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 529bb028bb862276caaf3f90c1cb88ba
SHA1 69b93a7a74a688aef26074d7844ae74396155cc0
SHA256 d92f51a05260bec9ebcc43d0daf4dc8f1dcf61784f0b1ee2e167b32b7d593531
SHA512 ccd6e431a9b69c7497197239f78051325d37e2c4c377833256f5d09a657d1afff88a7dece13cb32452bd6e98d46e9ee2c4199c9ba17ed6c294cd8e9dd3c0fb5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4eb39018f895d4230ac9af39c5d57050
SHA1 8f6bc5ee2f5d66cd10d403fa0713435a7d6cb910
SHA256 42b59fd16f5ef21e7376732224a81732ddc50acfae2d5a62531180bb90608ecd
SHA512 e07e2bbd3a1b24d59c0098735c4988d4902fa554e5e55bb0f709af12ff46d3d9a14b7be7446ea9d6637121b78cd90b26a873030398e607ef8bdefc6848484da7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0a799c6f09cb7c591159e08bc6977e7d
SHA1 74c0fa2ca29896bf4e0b0cbdbdea27aa873eadd1
SHA256 12f2c4c780e5c18ae1cd68aee9a8c2da2805315d7b71012177884930bb6d3848
SHA512 34e192225e5b7e2fa82fd63ada478680ccfe6be580042f7c4bc2173d8a9b4ac49105cc2ede976bee52a4f37fdc0418f38e6b9339203afdd51ff313ad2763533d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe623543.TMP

MD5 a6415ae7dde80d1388cd4518a9c3cf15
SHA1 3f4aa00b1202c7edca345851f65347b7fe6f5084
SHA256 671251e295bcc64dd66942e1db98782c0c4fba1c4f6a1c5f45d3b1e726b5bd2f
SHA512 50b170feee92ccbe4530acccbfcbf345377734e7999f4dce25c0a9c423418eb3873cf20d8dad1b0b7a152a2a42b9747cebb688e572b16906a2d776fc2a4077cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a39aa9b57096d8ca412ba7a7b2dcb25
SHA1 253fd3849935d7d790deb2597ef1b86e376b56a3
SHA256 a1b14d107b2a4c0eb8ab08cffd830e035cfd64a37f5aa75d0b8bac6667ed13af
SHA512 9e4f5086cd1197113a10879301c8920b374c3eefe58b529e687265fb54f559ebe48182118723ac4bdca49a5a4f076b06d2c7a98267b3c89249a0a676147b8e26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9829ea89b80086163de9d4102cbc7bb6
SHA1 f6cb5bc37612f08d5638ce81b4f0f243167ea6b3
SHA256 21a3396f7ef4200377f6fa1b0b60613ca3e6bea8f1741c0092dc48c4bec22eda
SHA512 47236ba8f48f4e1c606bfe371e52e12673b5db2ac1f691709f8e6cd09e51786d40bfac689b9ea7e21d32a77de87006cfae9b5c90ed4c6913a31897842651f9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9da6b8f856bc362bee43051ed2aefe5c
SHA1 5f8874e30b01e3200777a9ca2c1d4dccbe9879a8
SHA256 5b042ca3771bd76f23c8fe023b6e183bb83d70751c12f66a0e0bb640581c0756
SHA512 d63db13c7d1be1d44ab1a5aee85296de49cdfade31e23ad8c50325b280d3334a31aecbf1cdb17bf70d76f64997efaf2bf7ee0aa8bb71509e4101925ce1f6d40d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 34a1673c087368786d6155019b0ba552
SHA1 42b6fe8676a1aa9b609ef1bd77cf3058e06f464c
SHA256 6339b686d492acee88abfbe9cce79288e88f1036a3fd869d65c202a3fb5c42e0
SHA512 a2ee09f8fbcc8659f0d48bfbf2567adfca8d66c2199973b56f6c98d529bae95177355806c262f2185c414813fc21d6804726b279829b3ab86bb25e2e8d11e770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c24dcd413921a9ced76467bb8f4130e
SHA1 273231ea4aaf9d864b5dd4e9804c3f4a4c72ed9f
SHA256 e6c6d403b4a0b8e56e14115fa9406b36e2be62047ed2c480f0b9438d5fff02b6
SHA512 a26df1a51f83f295e3f933ef70bf300c9142d868ca9541ab8e6a6c59d5054f82c333003b02aa282a58756493607b5b7c23903324d8d03f91eebb5c3e57ff128b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3b6c13d6a6a55a7a00633e6f3d2ad495
SHA1 47e8b775ed78f25c57d43cf22ae7b0467aed5710
SHA256 a56ca72207906d72b6952dfee5d7fbeb6e4adbb64592be364bc00e9510e269ec
SHA512 2dc868e67c4f74b1e5ba5a6dbf65df5f191ca876cedde56b8b975f2d53d869e1f725d956839e7e8f9f7574856ef60fae6df5aaacacac645fd32438f42233e95f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c66148f545bcf9a885d8ba8b38b830b7
SHA1 9c03475211f1b34ffc821ed0b099990c786dcb00
SHA256 0a1018d27cfc4558a7931b39c76d1218c93e268ee21f573f511d147259e84022
SHA512 197cd0103dab94419816379ae836445b09f2a3c1846a044765f6929afe264996993a9d9e8c305fab71a8f9de20569a8fa6f8998dbf645b9dde63c08a1de446e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7cf72b6620934ce2591a8aaffff31745
SHA1 3ec2ff40ee2ccfb8d47726040a41f5944f9a2b97
SHA256 08dbed3e3c23ed695bae2ccb7b1971baf24d4458be6c6df517171d241a320a16
SHA512 cfeba16908ce586b6d273d0ef96dd222455e7d9e3bbab3c11dd316b7095773e17b6265f09b7629c51503c5650c548a94dd9dbb3b46e9d3cc6d9fea09a4d5ca02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd3a2a0bd70cb9f2e5c36de813c574f0
SHA1 77c88bffdea712b727851b3bfcadc54237f955e4
SHA256 c9b8d8a2505b207c5ea1640d20bd7323344155aeac31135d01b4d159b68c3fc2
SHA512 0e7ab5830bf5e877d3963b2f9f9cc182be2d7c87032d6cb5a046b829a61ed49bae720036a3b50824d25292644eb28ae3642a90101f360b4a249c6e6d51ed6ab4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 868f665d4c50ba1f5f85fb4afaa791f4
SHA1 9120a6cde6e54c4262a37d9bf66b358d1fa66077
SHA256 9558374b5f695e9f17c95bac9b9142af8e44af37a3a48510ca6dc747976669e4
SHA512 0931ec2a09b96c93717d728243d6f035cf8cdaec3de40d34c7d802c1e395c2495bb3da0adae04bee30778ead3af0e84b6ff005ad630ddc4f17919c944e007337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6154d974f85cd30f1c789c119414a64b
SHA1 e371e85af5128afa3684efd83e2a161eea924be9
SHA256 86b2387aa68a616639222e1f3c06f7e49482f5c0f3575682fa1781900f53f62e
SHA512 0e2a2dfc565137acb8f5821b6d040f1769f179df22aad344c789ce3e75ad65db3f9e4e89baa9adfbdd1e871d4d8b82c1918ced0550fd3b8b13d949b9b12935a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 673a559ee4f46d4d960d8d0dccbb2bae
SHA1 6b385e31c9a4a23578ce754f964291fd87f2bb61
SHA256 a6cdf186f8c79a8b5d254362b0d4afcf1f5abf82260e38307ddae1879327e11e
SHA512 5e8702216100b5c12968f643cc6d2a3db6a47fefb528398978617904d2b7222c3e2704b69d93609e6dfd5b3bd0683010c8606f96d9b3d46835457aed5e1ef50b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16c4fd912d336fd4d89f886ee6f9fc8e
SHA1 c7d754d02ff6be3b03180e5e612ed22691b0f7d9
SHA256 9c39638800b51e92dc643bcee5dd55155519e60949adb548863c04ad0f7a8183
SHA512 bc6024abcecabb250df4ed6a628598ef6ec04bd3c2c83df157eb51727f091f4e921971df8cae442332efb4700ac9a9bb96e15d128209cda5717f1bb78ed454b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dcd4501d92e40f2e281dafb24241d0d9
SHA1 56efa7246bc10eb9a8054699e5c908202281da70
SHA256 1c951bb1b8efafb858dfc1bfea44f562058a5df5bfdb08f4be1229e730e18147
SHA512 a1a925004634e1fd51d075cef388a980c229b578d83c5380b4afd495144881b9c74fed06fe675ff688688216e4b7752500f5ccf0e3ea174d5f5e6f98dff98e4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 002dc2562346a18aa4772d393c2e02d5
SHA1 f045c288d542137cc04bf292432f3cad29bc6812
SHA256 f1de6504ae3bb5f841a4ae716009306dec3a891fec4a409d9696d71c34be2628
SHA512 51b15220a6a820a48fe2547cecbc9b06a05b0fb396327a04d38359a57f2c224a045a815c83d28c6d5fdaf4dc085b35f77aa529bd18bd9e89f97f9588db6f8697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ecf6162ef9a58ddbaa2be7d39f357f9f
SHA1 45f689e51082494345bb07be638c49ca8db6d9eb
SHA256 3c1f9b83379772b6e427eee7af3d9ffd83b6696837b20a1182b107ed2f5ce30e
SHA512 9d0b6607dc0dbe99bbc7e937b7b1ead7087fa75b9fb25295b11604946d2d7a933633aa6961800ea41a72aac515105786fa43cf588545d52822b241ac8517eed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd5491967efc6f20bfab05031c2641ef
SHA1 48158093a6b9a2e2a27718f5c28228601f46f43f
SHA256 5993bcb7a0cf81453740ca8aa90549608af50cb7c3067febd1157704eef08fde
SHA512 70a719f1793da2f50e0da2ba34bc7bf504d9c8de7d6a6c9e549c82c88ae10e2992d66d375bfb723a957b25300626e94905a2b5e50729e56944f590c02b501c71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 5f370f974bb63170b475485938c8bd81
SHA1 21be94373e9d7fff8ca2c9f56095a86d4cb043e2
SHA256 a509ecc387854b4b6fc73932f62a1f22b667b9c11036aecfd90c9d72016517b3
SHA512 119e5b7c4811eb32a64e38af27aee756f3a3afda27f393e16d51fc5c56ef5c7a6a31b4388ccfafb5532243fe06ae659ced3febd3b71a9cba9017f966960f4526

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e69160343beb28a8b05ee99bacd6ac73
SHA1 9fceee9a48faccfcef6204510d5a0f89b176830a
SHA256 2f04c9e48b481545c058dd821849f3eb53f990667029c5c481f4406793878703
SHA512 fce5f70c964d37e646e93dc9f611c3ff65e28f1e1ff24886d54afa0f25dd14190a3b74c9e1501761f4db4166b5daaa32defd9cd38a180c3943ada9ecea703bbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 290d699eef42dc55bba1e5224b7f44b4
SHA1 551d7509bff11b069f1fd0b87cdad83f320936c1
SHA256 d67494b6c9bf6cd98a7976c99d6e4ca4d4f71a630c3e4c75783f5f366cacc669
SHA512 127bc4201cf2228e986a84e965b6fec89b4f745f7953645717a3e3413d90c465ca83636715701c7905b4c16148e97ab5f194c2c201544edbb0856b2922fa6130

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 47c589d7daecdb2e254fcf64197b3f1c
SHA1 2ec521c1e8e4649d9ea98fce195b772c596b39ed
SHA256 9b9ebab7ce4443fae7329fa1faca5c327d653c7c9c4dc8c91528f8b0419ee2ef
SHA512 0c4500750b0d7d4dffcca4b0d128d1609e670435ccc57e187a18d3c64eb0804765f35afd797dec2f6d9457924a23c49ec7c0aa83182f14d221a4e885b06fc5d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 99dff956bc50b3e8fe0a30072aecf7f2
SHA1 800ecc2d02ab72f7c451b71ae0adff212a9f921d
SHA256 177dda91df2243c37358aa5ffb80b6ec6a4ffc7947ea9f4b9e4d02fb2e61e6a6
SHA512 7f2af68f2ec8a1bcbd5d4939910e4fb996ce8937a7453b1d997c5e0cfafe50235c8baed0562eed888b6b157c8f01f421b773a72c220bf6896ddf0fff5565e9b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 643285e04458e609d7829db399b41062
SHA1 1caa20473a439db646fbf310f770d1329e55ca99
SHA256 b4d26d0892fbb16934accf75331053a670a4366790aa9ff8f691272e37dc64af
SHA512 308663794e80ee0501970959c13228135f0e3121eae4c03f5fe2d0453c4dee7ab71949c6c77a4b70e90c7e0350222ebf2c7bd7dc47129119721c3dfb966591a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 aafc6afdc489638d02ed4cfee527c392
SHA1 f68b01839c7cf5e393f6d8303d4fcfeed6970194
SHA256 e9e05e119db9ae1a145f2c85bc2528bfb776d855e28af31e86797f4931a640f1
SHA512 3fa449aa407b137041949a387431f8cee1d66d81414c7426a6a4bafd8815d4342d8ede7cf3b935e12de846b1e376233dc61bfefd9f9c9f87c2b14597f979b990

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\7D55F73D961C78D9EF6CAC8E40765073A3BDD7CF

MD5 89c46eb72030f2263720b06320a51ead
SHA1 fd8c553e7e124c9e48de4808bf0ccf7165160514
SHA256 6e809eb937c2e6e2c8641c6e4e4460f2e8c55bade28b82e2928d70f55b5afc5a
SHA512 95ec4b977bfa421c552d158c1238360aa64ec7bb4b130eab67a8078881dd827da2a8dc7517a0ad43d9e1abfd98ee1b505a41e039f16e6e646903170f5a054606

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\A28956283C96A06AB1F311D446882AA1B37CFEA8

MD5 035e1b7a608a27053594ab92bc509cae
SHA1 84db74de96910cc9c7b63e1c42328420fbdd9049
SHA256 cd21c9d1c3a0213bf26877ffd31318292af6bc23d88df6917a34b7b5fe492444
SHA512 6b6f64cdded860430537c7996ee0113e84ae36a40a403097824c5fc5d8794e1088833d0095281b25075d3f92f50727827a541ee27e567c6d30a48ae4211cd2d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\BE38EBDE0378FEA6189CD0DFD705EA972C71130D

MD5 2484498eb9092e06ad695d9ec04dad3d
SHA1 1ae04f68f2de825084a7b1a8b99221373cf74d90
SHA256 198d53c51ee23851da046f5635978dd2e6ae5b3ee84db9c2d3a4abfa486187a9
SHA512 4a84ff4586bcd67db49bc78fb785daccc0de1396f921796027181a0804380cee7dba22fbe0fd4847c0f5800e12881a8aedbd3578b808c02466f3508cd49f67bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\events\events

MD5 b199fa4033fd0a6e74d1752b1fad8896
SHA1 5c598e38af5cf9b631ff1531b74ba17be6b2ff90
SHA256 8c3814f185fa785b7be431faf957d5b5278a7a9f55e12accdb3c3fc88f33b233
SHA512 fc5b1005c111352c592c1ab91c0302e88949176458e583d38b2b01801fb95642f1655177497f1f2ba25977566b7f340a0a35a0a4560c72e16133e8fc94c1eb6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite

MD5 daa230cf0db44b71718a1a4fb2dc2673
SHA1 18f080757796f511c6962a4d6766b3e2e3e7a007
SHA256 3bf22c38c9d28bc58a353192fb7484c0e08090fe8467d76cb652e845edd2b82f
SHA512 3d2d4a2a6d6b1513d94567eb0d8e27cdc448c2fa198aa1a7945e99767f11f52b017057474703df6803007d5092e377405e32defdd1d409a4a4c8671a5daeb985

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\16FA58E424A93B65E58D276BFFF84962DE8018E8

MD5 f5b1f406143d7af2e94f8475fc037744
SHA1 01a9b14c85cf3541cc3ba0b0829e297f1f550f33
SHA256 0522a00686a937e4f877284cb42f1abd31fb52870ff889471ffff6a9f867c4bd
SHA512 6e9efc1d565fee8a5510ca0b7f6a6eb928e261dc69227f6db09fa4714efa6fcc3d9593ae8974738795a8f74988c41c20a889a1e1366416d31170608ddf280c20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\EDA553ADCC2D82F30977EF3868FCE6A29F703BEA

MD5 1fee28a03a5a42304ee2f47be4095fbd
SHA1 4c1fc8f7109c3f63c93c37e11d4003894ef24b03
SHA256 7ba9ddbfaad57fec4d2a01ee923675a3fccb5aa1a4bfb6330ad02c041120720c
SHA512 1b9cd9249ca72bf74fd390ee5ab6725c4cf13db455590eaea4fa948843a9f3870ad0253f4c6b72ad9eaa47b6c1f3f69c75caaed42e62ee104f3a2a3c3fb8ffbb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\34DE216029C2895FBF7D96F785A5EF8B07BDDAAC

MD5 971ad408aafda16934344be8e36c0883
SHA1 bc48eac8ba066ce0c1239af0f5f933dd8ad04f83
SHA256 f6afb43a9e5a13d6bb611c17d256628014072670ba892a6d8e1ca79f40dbc603
SHA512 c334dc9933d614b4525ad7030571be95afe7969a4fe931fbdf2faf648435f3a2ab1325d7313aee639e5b0452b9a3ca3838636913d10384cc73c17d2aec3a670b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\9AE79A927D2CF934BB19752D6BE9D1AB125BC167

MD5 1efa0b1e5ab863d5777985ff30b2c9b4
SHA1 123ee8285ac222eeefb93366da4c0b3e45a9d47f
SHA256 78460da398cf2d23c804edfbd870c9814f4630ebcf8da833b97b07be6242d967
SHA512 c90cfb368a31458e27dc2c03fd04edce8be1c044f8b4519e79d6fef7ab2a4d6e19b0f0c24066af528843eea8e3a95787d5fdf7f9f049729ecc0b9c71720b03c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\86AF72651CF6A9FBC3EC3B6DFED5C3C14853AE3B

MD5 4e9dc7a1837257806dc31be3605bb915
SHA1 36d1214cef0cd9d5100c620dbcee3854fdaebca8
SHA256 b250277d060dc51479b96fd0f140cd06b8c1789cf3f491c0585f70b7a30e497e
SHA512 96f717755e277237cb1cd8e745c00efdbcb9c68de7af3ee025297bda2943b0d619608f1c0279ef3a750c3627730776e68d47d63455a977afb0df6b86b223ea52

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\D50A322C173FDD039A1C99247CDCF0FE9B80972B

MD5 9a506194363a6ddc2c883a37292a3050
SHA1 18feb2b91d488e1fa2e32a25af1646d29cbe3f62
SHA256 01d192c8131b3f95d194c36103a392f70f358afb5f640882a497cf40ed5b3c00
SHA512 1e42bcaeab242edccbafd5be374ed31d64a4d9aa5b6f7a3ed51e1ab285d12954f84b64bb3c35a3b82fd76e96130ab1c4fa8a9940716dae383e8540b563134af7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 afe902764d6d4f575a938ca36946b513
SHA1 0628fb127e8c242fb8ff08f5469eb0e2a7f48659
SHA256 2190bbd51c608927beace3fdefa03a4a185e77f0c186f020a8f9efa249aeac50
SHA512 9612fb9432e6d8646e25e05262674ff3b60e156a49d96038bb324635eca265847cccb6dfee314b86fc756ca731875859469b86bcab1633e5dd983ab2dc3d0e1e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2C10bestvpn.co.uk%29\cache\morgue\38\{00d4d310-eec7-4782-b1fd-9e90627e1426}.final

MD5 7fd116230491d5754c0b8b21d8aac3a4
SHA1 505c970507e1ee607f55221d72dd3c8d5c34a006
SHA256 c7e87cc66882a9f33a088046f6bccf88d71b3c746c737cd922845e4f964ddc3a
SHA512 2d782cac56b3691bb4189b85a4f2882ab30a5d23eb71e5db4aa04f27d19956cedc246213fcf66c333ce86cdd57a808a1cbebba54f885bc2e85b601d02a9c943c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 9b4cc157ec3b483b390089d404e39494
SHA1 05a1a99b0f91b86e877e9a8cc5ed49ee5b60e18d
SHA256 8da734c3370dbb241d3755fc200fbadde9c40443ebce5eb7c82d8ddea30ac8b7
SHA512 9963629c666d4c8716ab74b137bc72e1d8434725eda4a0e81c2c4d3fba39b86d6353c10d182a994b7e15f2b0849176d7ad1a3637d2447d32d1c4c0929cc961e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\serviceworker-1.txt

MD5 35d7acff38d4178cdcfdedc34824bdc0
SHA1 ce2ac7903dc4ec9e5ccf98afc0385a25d6b868ab
SHA256 07e277863344073db580a719125b275773d5d686733a6580e0481f394f4cd12c
SHA512 4b863d4104f4eb9b2d4cbc4416cf22dd07e7471807c9fe60f97b24d9c983b4dd864e7c7935490ce3fa87ec2238ee57b3c0c908928b9442b35b139d1668007488

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\serviceworker.txt

MD5 6adebbac14e6b06f6227082f9136d064
SHA1 9b4c128e548e01465a38a40870b5f020696348ea
SHA256 b7d9f9a5867a93d02033975a2b7c2925bf000c14cbc72c7e7eae5253e24d665d
SHA512 b170912a90a07f521c24eb00a74aae2f954801ccdce9816a70daa49ac1d58fa4cb4263892b78a738babd0e5518b872049fdf1079683e524bc808c9465d89db19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\747F839A5D55C74E4C03BF3302EF9B7E15115DCD

MD5 d733042f49e649407a5b8488146d3d25
SHA1 8f26de5ca8f85ac2d15d0675ca88680987a5f932
SHA256 36ad525d77bddac643478a69ff3e9c32ec52e752e316fac87ca178b75053bbbd
SHA512 8c4e8b5d8a480a49b899f1297e0d75ca7e0d0b08661d417a7e02a356d282ea1c66f8eae063399a9514128848916766c8165c7ef0066d4175d36bb7a60af1111a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ab946987ee553d1ddd9285945bd5b987
SHA1 eee441a5638465cbc2513c04e429afcb164da2d7
SHA256 46e84faf0a3d21ff8d5a020c7fd6fb8229c9a373cab7b8a5bd44c0f255459992
SHA512 9fce0f3ed0ced4d4ecfa42896a2fa5894be984aea578238cabde7a866b9899c7eca6d8bc847c0be7fe95bbb9f62dbf363f3f3263a77f95d93b26162ca2f8cdf1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 793d0e4c255f50b2c91c976855c5a346
SHA1 d0a9e0fd3875bab87a2c2d77cb5fe10dbde16583
SHA256 1dd605dc1269fe6fd86d44e512c16f0128d88004ef37cad04732e65ee87c5537
SHA512 5291b66d3836ec0f07ff91ca8d2bd81699bc93bc837df390442f2499952d4d5c4896e693af8fdc703e652f453209decc535c5a1c0dbf147f54d5d33ebb7bdde2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 bb7984daeb0b7ae1e1f51d603abb3fb3
SHA1 545171fddfbd9ae1de60cf4b4f9615e2366ae209
SHA256 dd9401e2e4ede941b51a8edb1d4a3146cecd2422e265f5501705912ae15d7bdd
SHA512 2ca5354e47bd6128c0ad496ab70749daa988b4bb13dd04d674516da0ad4adadc5e3e97e076298bfaa98f02cdf7b622acc931dba2c2a1f4419f796989564d5943

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\4A2DAC658D0F319F388A52E8C7495E3D4D3D4658

MD5 e75999965d5a50afa4e3b20317065fa1
SHA1 fda734646c20a00abfbde443990f90ce56fd84f1
SHA256 6035debf1d191a135a6b78fcfe825d7218df26a26fb9e317873a91d6d3e6bb2c
SHA512 397f32a16bc8977e2f1040bfbd3bfdfbd0e3100bfcd02a08b87b0f7d35cae88a31dd0c3fbff1109deadfa0ca4815652e51013ff182e3360abe79c8149ea7a639

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 c70fcd6ff67e2225a87bdecd155578e2
SHA1 d283ebbaa73244ce07abd1668adab18b085d4bab
SHA256 e17c173c819c901a26dcdc73aaec695e16ae1a78316e96d6438f887275d25fe0
SHA512 fb6d955627f8f785e3d4050abf903c1da600105d6fffcc427708861e2cb6bb5269422ca1b90af2a75ce85a0c86fa0b188765d4a0d648aebdf668a2450d105214

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\B7D6AF82AE33A55604CB025A40133A452D20340D

MD5 a445352cf2978e9742060d880859b0c2
SHA1 1fe1c900d1774e2b758aecfd4a70e7d89e023e54
SHA256 0d99e4c1befe2430c563190b8b2196e439c7a4c39e6464ca59fb1fb8ceb4faa2
SHA512 37a030acce2bac271b14f9267c548d2343fbf61cd1c6f5d719018ae2bab98a17dfa1204e53b765cdbce3789155a6be6046ffbbe741676683d875b1f5004f8149

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 f373141a450c1b89fb6e6dff0b6f9634
SHA1 29fced93122ab06c73ba85556f95b9ed937ca579
SHA256 8165e984a4c317d64fc134aefde6d46c90f83fb85f1e9c0c9efa24f157814c3c
SHA512 9c96de115067414061beff4744d8b1a378cd5154aa01a142da6c4a33eedc86ebaa195a9c118f56b11ee4133007d8916e7c4817d8b25b1d6443b0197f315be5d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 a4b10cc9aaed13c03a5bcdbdd82cdded
SHA1 0d4f2bbe3fc0f1a5d572710e53f5c56cc0a20b0b
SHA256 384d0ed8698356450dcfcce50c7971494bf17d89f869857acd972b7f97707c70
SHA512 73345b16b67f9c78d1b57b0c18278ef955788f16ca0f3da133412cae8a24392c4fef8439e5c9f2d8d61a52b608225b9a1e4b7f9e5fa3a17972a248b84c82bffc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 2a148387f93bd0e664998c09c857ca50
SHA1 e74b28791df7f3e4b0ea467f1566001f17acf4f3
SHA256 89f309e3cd4d3baf15c070edd8c83a04c2d0601fcf15556730b56973df682e3f
SHA512 899f748fe5d460a0bad9cc625ce0bf3d59502e6b6e29c552d98c58d820a44a1d0e3bcb701228b0eaf5bcda98ad3c5d40f4e6a1c66fee437ac78d78e9b052572c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\ls\usage

MD5 a4b57866747aa8bc0828ccb259689903
SHA1 b77c045f5580c81a6cd07a5e5d2271064aa52233
SHA256 395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88
SHA512 f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 0a4f13b77e7cdd207b2cb90f0d4ef458
SHA1 92e7a445966139398b102bd0985f5fa1e5617aef
SHA256 b5a823fe3c57fcc82e514610fc6657bbedccfb5976056c1119d7cc621f2abedf
SHA512 9c3a7205474b6f26ffb3eb470f8702955832db9ba8f613f0887fda46e850fbdcc9b5c7fcb71764e079e68f04491e26dc637993607662e9d8401195becb60b40e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 2ee59533a741048a2e0f05c39819e12b
SHA1 906ceb76129808453d3873250ecd4decf2d2b4c7
SHA256 6de930434312a2c38552a2613fd1bb2f1e05ca91ed21f4dc451a35873103499b
SHA512 808110896b904833a1a98a3ad5311191dd9d035a16b16a22c0a9f01dc48cf9eb65140365c40a3aff98eb49191cf81560490bad7006575dd978f41921be73355d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\045F8290E9E820840827E8E9979195453B327749

MD5 c03ab75fdb979bd1412ee5691a00cab2
SHA1 d850a256891bebad239b7fd53b2002e8b3025624
SHA256 dbae24190f2736cda17d4e861170ec7392f214cfaab99e51f9ded664f2a6a179
SHA512 f8a32c40e5d6e461d459553206610ac8b3b5d7b52e5b60c8b430bba547dfcf921819a848b70cb6d923c1a7f10b00dd87740e2c3fad4b05f34473bd0b5f3f0e68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 130c8a0ec4e0dd3e6e75c4f9e48b88ff
SHA1 b92abf3ae103dd0e243f9afdc5c7ba1f4f29b264
SHA256 64fe74fb867bcbb8bb4439ec313d8bcf0222e6d8041c8271583bb4648d13900d
SHA512 06cd7afa87d3c7463647f7aa6feaa90038bc1674b20600d75e057402af2e51e0d3aa9370e3a44d4600fa1c256a685246510b10e560d44b956e6d4e61dd1a181c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9958104d7433e729312ca6b2ad688572
SHA1 5f5d4452e06239c260d69321df781772ffa02fc2
SHA256 3df0d70a0b36b3aa2c8b7a99b727aa84e0c6d47bb8de702cab7066cb16fa8ee9
SHA512 a635f3d8ab80ff87efb860bd2b797212bcea34d3a077b60e65e3565abf2eab01ef41bf3cd1ba783f625fc73320f6cc13fcd8bbd914d6880b913b295bd911ac63

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\jumpListCache\W3RP57mc4MNcrNSjVqdn4Vixha_S5ey2HOfNiGkHC5A=.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 1361f0a20c1d8b29aee7bbb4cca04fc5
SHA1 37918ce5b673ed8eb6ab37d9ca367658d525eb2e
SHA256 07e9a6206ea87168f652121e497b964da4b81818ac13ae9fa3e973de03af05bf
SHA512 c8dc39573fe3bcadac507517f048c8f562cfce80bd55ef47cd10e4a948dfe4396444889800751788c570adbd800bec9ee7f2cb2a722197d1531033ae4e6ecf35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 43a2fdedc6d13bddceb189db37d8fb5a
SHA1 292cc39f1a540ead15d3ab2dc874bdae91958885
SHA256 bfb1b974fd4695da1431e2c8332de5e3f137feb6a3b4a816acbd367c6dc8972e
SHA512 04fbf819a159559cc801fec13670fa86e325e0b67692986d51d03fa4115647fa9c0ee0a33c0d3abb79a17fbab3f56f48f538571a563850214ed2fb1588b9088e