Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/faxTWRiB#qOo6HHLiEQUU4G7iSwJAGtIIkTF4K6AzVn_7UV8rtOg was found to be: Known bad.
Malicious Activity Summary
Stormkitty family
StormKitty
Xworm
StormKitty payload
Detect Xworm Payload
Contains code to disable Windows Defender
Xworm family
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Drops startup file
Adds Run key to start application
Looks up external IP address via web service
Enumerates physical storage devices
Browser Information Discovery
Scheduled Task/Job: Scheduled Task
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-01 03:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-01 03:50
Reported
2024-12-01 03:54
Platform
win10v2004-20241007-en
Max time kernel
176s
Max time network
188s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Xworm
Xworm family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe" | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Documents" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.text | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.text\ = "text_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell\edit\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\鰀䆟縀䆁 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\鰀䆟縀䆁\ = "text_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell\edit | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\text_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Windows\explorer.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 542374.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/faxTWRiB#qOo6HHLiEQUU4G7iSwJAGtIIkTF4K6AzVn_7UV8rtOg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa6a746f8,0x7fffa6a74708,0x7fffa6a74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5068 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x308
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe
"C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe
"C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\" -ad -an -ai#7zMap31063:104:7zEvent29812
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe
"C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.text
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.rsrc\version.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.rsrc\MANIFEST\1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.reloc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4841307177364627683,6496796408800301687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa6a746f8,0x7fffa6a74708,0x7fffa6a74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=4184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=4184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2852 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11773099333290099377,11915615878143052542,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2436 /prefetch:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -profile "C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -profile "C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 2220 -prefMapHandle 2232 -prefsLen 21257 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b86daed3-dbf8-4b1f-9a8e-f2ab963263dd} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1816 -parentBuildID 20240401114208 -prefsHandle 2036 -prefMapHandle 2016 -prefsLen 21257 -prefMapSize 243020 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b749670-243a-43cc-bc38-e1bcb033940f} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" socket
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\c01e2c30-b64c-4190-8185-6e935400fa6a.dmp"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -parentBuildID 20240401114208 -prefsHandle 2784 -prefMapHandle 1912 -prefsLen 21867 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abdb7d57-36e8-4ad2-a029-0a63b73515a5} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3408 -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2896 -prefsLen 21373 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49bc6a46-5e11-4e9b-8c58-a239619ffa80} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\ef18c61f-0050-471b-a1f1-0cc0244777cc.dmp"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -parentBuildID 20240401114208 -prefsHandle 3588 -prefMapHandle 2788 -prefsLen 22115 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df547e95-670f-49b7-9e04-97087ec95e6c} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" gpu
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\0b274a76-e7b1-4df8-b15f-92b98a0be217.dmp"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2644 -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 4220 -prefsLen 22115 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b116bb-9743-4e3c-8fa3-df443ea07d8d} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4280 -parentBuildID 20240401114208 -prefsHandle 4368 -prefMapHandle 1812 -prefsLen 28898 -prefMapSize 243020 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2c3b5e2-1976-4c4a-bae2-2a47afd5ad5e} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5380 -prefMapHandle 3896 -prefsLen 30644 -prefMapSize 243020 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aeccb0a-4354-4dc7-933f-53be31b0321b} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5320 -prefsLen 28585 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e8d7bd-325e-4ce6-8fb2-13fed08cb48a} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 5068 -prefsLen 28585 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c44b9335-5d1a-45ce-8307-64fee9b31bf3} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 4908 -prefsLen 28585 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84bf442f-def1-4cad-94df-c075a42d6664} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -childID 6 -isForBrowser -prefsHandle 6272 -prefMapHandle 6268 -prefsLen 28635 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9a3f12-9bc0-4788-b1e0-c29c6c8a8baf} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6488 -childID 7 -isForBrowser -prefsHandle 6396 -prefMapHandle 6400 -prefsLen 28635 -prefMapSize 243020 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5252e4f7-a98a-477b-9a08-c21c21610e27} 5552 "\\.\pipe\gecko-crash-server-pipe.5552" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gfs262n323.userstorage.mega.co.nz | udp |
| DE | 94.24.36.33:443 | gfs262n323.userstorage.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 33.36.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| CA | 174.89.155.190:3389 | tcp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.155.89.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| CA | 174.89.155.190:3389 | tcp | |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| CA | 174.89.155.190:3389 | tcp | |
| CA | 174.89.155.190:3389 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| CA | 174.89.155.190:3389 | tcp | |
| CA | 174.89.155.190:3389 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| N/A | 127.0.0.1:60735 | tcp | |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 164.237.32.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:60759 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | gmail.com | udp |
| GB | 216.58.201.101:80 | gmail.com | tcp |
| US | 8.8.8.8:53 | gmail.com | udp |
| US | 8.8.8.8:53 | gmail.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | 229.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.200.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| CA | 174.89.155.190:3389 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_4992_NAYFKWITFASJMUGV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a62614754df1b59658fecb027891728b |
| SHA1 | 2d0e2f0aeddc9b1af5593a2ae0c5be7ee7e772f8 |
| SHA256 | 99f3e57329e5539952a4102c504f67e4b22b19c3d65230c4d27698a8f1d79b8e |
| SHA512 | 35138e477a8756e4e6f06a332d90b5cf24b6ef8d8d333481c2f0f7b90b720c72d1cb59c093ab907f8e63e5e4263a82c98d53d73831c2658f491783616687b7e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f8ba23adbd11f798d748782d89a4eaf |
| SHA1 | cee8a85abf58ea1a09952a296100b9a51fdbcdb8 |
| SHA256 | 883cf34afeaaa296b77b1bbfb8830980af9de13675b0c6c04d44421a6d77924b |
| SHA512 | f38f7a5955244b21efc18893d195bec3af44a41d3b6cb6fc33717febd0f35ffa21d394b130da38c019ba9ad96fb7fab75142d1e6ffe6b55179f9ba90cf28bc47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94350e44f952019fe746d1dbe927cf4e |
| SHA1 | dd61e3a97a75b6d87b3e8e74bbcdd12c5691e871 |
| SHA256 | 04139227f248c5b5b547fff65cdbeef264271c116607571549510076ee890234 |
| SHA512 | 802de0e95822bea31062a0b5f0f413f53e1faf0753556a2c960d9a9721fe11f2d974b19c67d324fa730e5780154f68388cfc3bc1306240ea6c264b3993ad4eae |
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1.exe
| MD5 | e736db80ab0ee1cdfbef926c920a0e27 |
| SHA1 | 35ef1b709681d02e643029516a0e36e00ceaa542 |
| SHA256 | 7a7c7ea7283beb32746746f2fd1c3822d2a288bc3e6cdc89c7ddcd9273e737b4 |
| SHA512 | fd4c6a5a9d6ad5a46dfe8ff3bab45f150087bbbfc2b1879910b4cb968afa93dff1ffaad8b442d97810f7d743cb84736523b367db3e3ad086fce83e14920677a0 |
memory/836-172-0x0000000000CE0000-0x0000000000CF8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e2f7f99dc46cb825bc211b455b7d644 |
| SHA1 | e9c21cd539d9314108821f5a0c399d26f4888639 |
| SHA256 | 04267c9ebfce1a82e712fb93852c2481a06d6e755d9cdc21e13c05de72a62de9 |
| SHA512 | f9c1e70e81cae50bbf73d028cd4394d88f5b85928c3da248e6147cc4ae59823e16248f9e0455332cf4ce6ced99bbbe4d2940aa86d6f80492d14ee350ab27f091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f7a2e0cb7fb4c59ab3b81fd63778646d |
| SHA1 | 25bcc811ca3a6d432ff7e3fd2b506713a790ebf9 |
| SHA256 | 921d959792aaa1870f156a0d52923fc3133588eb94c8dab49bce0aac8a5263a6 |
| SHA512 | 60dd6b46613c37d5257f3533e3b4e9522a6a99b7a7d89e31ea7a669a3454dcb7ea725eec2b52ef4ff8b7b1f278795f983193573be8511ddb3c9e95a63a44a7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5810d4.TMP
| MD5 | c0e468bb22db08141f39e0f7bc837a85 |
| SHA1 | a18d38558ea93aadec5aed1efc17798a92b208d1 |
| SHA256 | 5537383308d471d298b8c80d3bca772fea4bb4a55b160c0dd3a992156bde96d7 |
| SHA512 | d3274eccaf9a9a9c89ef8b834b3611353214e787fdc96614cd222ba96b4e6d60063aab54a6b2f07bbdd18b5c6b4aca2fdc341f0bfb261748abb2b10ae652a072 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97757de4020e8d0aff9cacb40ea1dcfd |
| SHA1 | 3ee717503cf737a62d0d70e959244482fa95555c |
| SHA256 | 9bd05f25ebba8aba96ecf0756793885a14225d1c4f999b75c94a7037e8e52b4a |
| SHA512 | 96ae972db484036c11f2e8e937e5b857a473364ef1a0522dc71a8ce89f657a37bf90f8d616e3b2032d0c0fd653ef1c6082c8083ee8d1d5b373d00287fb830c14 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nl Hybrid Patcher 3.1.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
memory/836-234-0x00000000014B0000-0x00000000014BC000-memory.dmp
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.text
| MD5 | 06fe314c97d941fe62b0173fcb003c92 |
| SHA1 | 6ee68b8b86b2adbb7fd4c6b96d34d9b410209a3e |
| SHA256 | e9ff5627188fa829884b9bbe36f4a3f2723aafe86b5e14c2a7f7d86cdeafc806 |
| SHA512 | 35ba4b79ba90323c2fa5e753ea4b54b5ac3487cd0fb89c2109d52e6b7376312d01a8fa3d67e81389a1d62ef97b65c028766776d81b643e4e3deee38a930dfac0 |
memory/836-244-0x000000001DED0000-0x000000001DEDA000-memory.dmp
memory/836-248-0x000000001DEE0000-0x000000001DEEE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o1wbg4pf.bie.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/836-258-0x000000001DE00000-0x000000001DE22000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.rsrc\version.txt
| MD5 | 0926403c66413dd3bd56773f517e6a0d |
| SHA1 | 1a2ef943c307f788ae4d90a503295689634d33e9 |
| SHA256 | f406dc8d520f0feddfe642dd8a6335d962a843b5f53235a894d41c462f90a8a4 |
| SHA512 | 9b0a0328f22df88eb656c57e941644bf9b5d83f3d2c13d520c02638a75638c7771be3c592634ea5ac757c8f95229c44852a70f967f4774d8f9f528f72a2143f5 |
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.rsrc\MANIFEST\1
| MD5 | a19a2658ba69030c6ac9d11fd7d7e3c1 |
| SHA1 | 879dcf690e5bf1941b27cf13c8bcf72f8356c650 |
| SHA256 | c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f |
| SHA512 | fa583ba012a80d44e599285eb6a013baf41ffbe72ee8561fc89af0ec5543003ba4165bfe7b1ba79252a1b3b6e5626bf52dc712eacd107c0b093a5a2757284d73 |
memory/836-285-0x000000001DAD0000-0x000000001DADC000-memory.dmp
memory/836-286-0x000000001FCF0000-0x0000000020218000-memory.dmp
C:\Users\Admin\Downloads\Nl Hybrid Patcher 3.1\.reloc
| MD5 | baa7b2f29b759635ad3510e883d642f7 |
| SHA1 | 9e793b5bceb6f4986c3c2e59a7fbd6a0d4066a47 |
| SHA256 | bf1773562b61e5ca8660f10ff8908c98865f26b2ec90bd7cbf9ebbabc6d81c40 |
| SHA512 | 75b00feb9d3a669b9d8c2197b164d34eb7c6bbcd9e49a24d13ae9625b43130ad56688fd850c2710d27c8428f7a1dcdb6ef4c371f1d75e20e47476e3b4bf747f3 |
memory/836-288-0x000000001BD90000-0x000000001BDA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional Data
| MD5 | 47d51beea86408c240b4251384386ab7 |
| SHA1 | 5b858e835e716717946d89d787f3a189ae9c426d |
| SHA256 | 28b7183dcf3ea002187959d15d308f01749257ac84d5265ebfd90f4745ceaf64 |
| SHA512 | e36ca1161a7a225caed4e30c886e95b8a8ec3ba4a73618048a93a6ba4341cac47f97ed103df6e6d33088da5517d1efd42f16386b0b1614dd5208e2d0756f0821 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal
| MD5 | ae7bcdd8f995606d632c31ba89e574f5 |
| SHA1 | 14ea1b0da231294405cbc69923497a5ade450e9e |
| SHA256 | d5548e197014b558ec166e62791e79890af95594817c02bd03478fbd63180467 |
| SHA512 | 1911f86ee7c312c4febc0501ca6af28413eeae6c887041c60d0049dd1f0e3efd92ab9a7af8d4385d62ec623decf455b441652975fc950fcc16f2e9dd3fee28c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c45451dacf1b15dddd2e9d912f1e431 |
| SHA1 | 84e782d085eb5f0564af1fa59aed7645b1e846be |
| SHA256 | 81e430a8f66c0a5c7590f4b0985970fc0d9e485756d649b533794512cf98f7a3 |
| SHA512 | 875e61abea42cb8197be1bd35f7165f96f7180b8843e52ba4595eee83979c83b40d35e4267602d87cf8488037f6fcdfcf5b282b2dd5a3cae3279af097f706c2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional Data-wal
| MD5 | e00b7199c63ba6f2edaedfc9ecafa76b |
| SHA1 | 61a71cf387876a877d91daf29c3ac385a94c7c48 |
| SHA256 | 308893c427ec8f39db2850e8068b94459164f5750fa4ceccda74948c1cabd488 |
| SHA512 | 24dfd263491285b1faec63d5ddb2b5fbaf3927aa696c2d17be278d5cc95981a78de0d16077c11ac9a1cde7d080a8a58f950ab2748abb60265f4035c85be66184 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing Cookies
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 507dddc5dd8676317b5325be435db6dc |
| SHA1 | 4ddf0c4f7438e9a652bf9462c27b575e4a90e8dc |
| SHA256 | e0434e4b5b4478afcc7a18cb4b69a466d5655b49bfd379ae1a2094675afcb267 |
| SHA512 | 24d10a922ef0cd57cc4e1985c189b4cffd929ce99b1ecd7036b68ac9e98ce4a056422b715f83a55d96453369c8bab97104e7d37ffacd1bc5555aeb328a88d4d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 81ca980ee547d29d28d9026521e4154b |
| SHA1 | e1c435edda0f9daaf17711346c591f6baa40948d |
| SHA256 | 71267e1d33d0882a3e7b644b85dafb02fa3a2fd2cc68fed3970e034f1c634493 |
| SHA512 | 088c2136a7c351c6abe11a3ce353e478b337d8bce97c5fca54a59e76641d3f377efaa466bdc134930b8a18f1e6777d7052c85a4378f071e3f05e87f1528a3554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | f5e3e7a9e73786c93ad90485831e3e8e |
| SHA1 | 250a4ac5246c338d9f5a83f72c28ef3ed47de56e |
| SHA256 | eb11c49149428fea5fb673d5a41b955c54bff7f5ce5cec90b4eb57453a6cbe58 |
| SHA512 | 1df47d6955b1d4b144ec5b3162c64629fbc40ac3e49924d6bc2ebe3e35a598272a459500400563d69f1e986a6d8e63a07218c3191a78b1e053c520582d86d109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | b8e60f0ef06bd929c5565854aae3b38a |
| SHA1 | c21847b7519c66b23bc88697538dc7bd797bbe98 |
| SHA256 | 28207347d0dc68689c7cb3c085d310b4707bd47d2b10f5b02fecb9532f11e476 |
| SHA512 | 85ff456a4bea570210e85b73cba358359664428127137dae3bd770249beca653419796724eedb88c85183fd41476b40347a7e35e03d94878b2f760395cf3420e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | c70f795e4193c471e5e4564c3b901cfb |
| SHA1 | 7e6d2c54c952cd8c089e691832b2d2b55c5ef245 |
| SHA256 | d4ad3ce6add977c8bc870394ec2cacca26989791896311ebc4f6f77f7cab7ee7 |
| SHA512 | 2e5cb03821350566351fda8a9b307a280e9916d2ac0c617a3dee58cd1795165aabc9ee6d0fb9656b55ec1eda2d0ece192d3180f6c6e358e538d28ed0eb0b1441 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | ba7a899078876c414f5e9959e1c01b75 |
| SHA1 | ca6b4da5e71e506b619cd273459ce933ecf64fec |
| SHA256 | 3d86bec3d2cab8761afad055921994693550ab293c46cde9560600eb78c2793a |
| SHA512 | dfc0548132b5663645ff0839037f52919f949cd537d25ec6b3f309e32fc7c6d119b81fc012f285443af506cd3107e6062e8e195cda157007e8b8494d9b6b8f43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
| MD5 | 2e805d6121435d5c6cc7b66d68549625 |
| SHA1 | 2a901238769f5a25f988d35a9aa1c055c23ada50 |
| SHA256 | 1a736b6ccfb23f6141f293fd29b454e3b77e0e27f590844e6016d482e1073a6e |
| SHA512 | dfbc2bc0d0e0874a7188749d9ad18be09d0f01354004e3e032466b78894b21170eb07ce9db7f188248ee7610aa60ddf8fcc5f9f639f188bc474270095a8c5742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 1dc6f0feed8d31d065b71659984bf9d9 |
| SHA1 | edaea3879188db665d1335ab3a25803d9b4f03ce |
| SHA256 | a3e0e5e12b2a1fb7241eed87dfc7ea958f2c2c4e3f8a9b47147770dd9858281a |
| SHA512 | 1db7f2853a1084cf371f84b2178f85d508092ef95b3f8a060a4d0594fb9d1104280336d32e552c03835ef6837a04d0a252df891f2aa32c8f5a43d6c0a223cfbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b2b01b5914af779a0d3471844afec0e3 |
| SHA1 | 65c3bf28f87e75cb0b929f1139618a55aee57e2d |
| SHA256 | dbb3872ca57a83bb85c110b2ec718588158a6619cf8dc100992a4a605b8eb700 |
| SHA512 | 086fe40d1cba09fab02511db739dd7b2c545f288f5dff9238084396401905d4dd033979af2a758eea5d3cdf0a8b13603b35130e2507e4d5f767b578407b72e0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
| MD5 | fca621466ede4c2499ecb9f3728e63ab |
| SHA1 | 3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4 |
| SHA256 | c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8 |
| SHA512 | aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager
| MD5 | 1c6e5ca0666f797c76c2cb2ca2e28a5b |
| SHA1 | f814d0d9d3c1bde9d0fdaab7c5e0ef99c9d110ba |
| SHA256 | 248b2e7f2957af83dd0ecd699c447d78b51467ea67a83feca1b653dce52c904d |
| SHA512 | 28f24d58b83395953470f7ccc32d1a964587a74f2d33d224c82228335bd17649795a3edfa40c65f2a11538e588f33c9cfd7281502ba138cb012b86f538d2d49f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a591dbc789f8d18a09299db464eb0502 |
| SHA1 | 24e3e5bc747439674968520f83bdc02ea59ca6e5 |
| SHA256 | 09cc1098ffce3c3f8c0fc7e9b1088c466272e19a66dc1c1c2554d687bb72a015 |
| SHA512 | 6d5f4b1191be87a24ad579d9d0bf74b2ae6ec78fb825997e7d5b68aad59ea6d26f220baaefc6c1e3e54f3ecf2723f147c25d6fcbae13882c2ad0489e508935fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | cf4b0a74bdc68a111bd7ccbd8569daa5 |
| SHA1 | e567e83b8db5476018dfed63802d0f60690c8139 |
| SHA256 | f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d |
| SHA512 | 4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 7e7853ff2d39f31e5353e624dfa81820 |
| SHA1 | f160ba80b84f417e4d9e7b36ec165c3d31a07910 |
| SHA256 | e417dc3048cfdbe7780cb5620c043e524a4f4179e9a4f8c38bcf97c311165ef3 |
| SHA512 | b6bd7583b174fbd77e221bfd2486835cbb9f1a75fe67b0c766700231294261fdb0218abc830dae0ef2f2a1dee62bfa618a67d9b3e7b7cb23c3a11018078487c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 6b25abcf9ca2d244a70f94277bae3890 |
| SHA1 | fd906d5c720c086477101b3513966872b12fe491 |
| SHA256 | 1e3b8e8ce2b6347468cb8135c09dde2f1f845a779f6549a06ff412db5eae77df |
| SHA512 | 25e38c6a1fe2f79a3a9334b92fee55794c7760e558cf84e7f5aa970dd9ab9225dfdda82d47152e421e1171a571914bf6b181c1429c23f5421e504bf4d7a02bd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | d419d226b3247cce267701dfd08ac5a2 |
| SHA1 | adaa079e7d9439677b7146c14ba440af899a9ee8 |
| SHA256 | ec621595e7e883e441028bb4e7b66d550454eaf63c0321441cc5dbe222167dfb |
| SHA512 | adbab38e49e813f4dda48665749429f28787b70ee586e3da08bd31159db4f4db5b33778562d3cf6a738efdf49b4c030fdf73f128f94dd0747422dc46867d71ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 8fdf4c3811e3b271364eae028e832836 |
| SHA1 | 864f26d950d7ddc7d15aef04c9e7aaedb78de2ea |
| SHA256 | dd88f16476f649dbea7a333a937fb1836d4ac3d17f8bf774f7d8d4226127bc31 |
| SHA512 | 90cf6056fc56da4ab14666d07ef00e4e70218daf8355ae7fad90a9f99d178d6b66a8414ddcb67109a0696b37c7f8026271f92401a118b92edff9dd4abf55ff41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 71e4b829c6cea1fad85ea8afc4c2f81b |
| SHA1 | 90cac94547d8851c1b4ca3185e5771cdd33a9ad7 |
| SHA256 | 11dd29313867b0ba33a1d07daa2c28b3e9941d7ccfdf810b46cebeea52a7e758 |
| SHA512 | d3773696fce807e490f49d99ad12e50b411112c2f841b9f48e95640ee535070c69aa6347bce257475af8f5cf65109f2e05a045f3881f54631cadb2e3d820a1f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 8ba6e0068fb025c52ba8e7211062c701 |
| SHA1 | a7dc2e886c39c680bcb958d4210260b0d1d27e37 |
| SHA256 | 0e3e28b369d4cba70c8fe67eb3fe912eda3c5609c02dcd86988b74fd1df84b88 |
| SHA512 | d6ef69bd4f56c06fde94e51960985c6546c25865a37cd954624300552ae1316c20027b891bbf2e70dd731a773dbfb40bae7feaaa0eb585a39a2c2f6d85028d3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 58ffc60f16e2cc5f57693a21a9b6bee2 |
| SHA1 | 1c89779940df6c4fedbb59a99687990c45015266 |
| SHA256 | 2f591b201f1603f3847d9d992c01d3e365ab99fbd4981dd9fc8b019f004a212f |
| SHA512 | ac31dd656373abb4cb59624f1f68808ec02748a64613c82bc5b6eefe9c1b9c70a28b95174c8bed36e479dfe6c66bb7b9fbd8fa2d018645332f79c69d1895f4d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | 96ff3b0db51b7c097504fad5f04d0473 |
| SHA1 | 1e427f5e0d62bc08038e0f579e14c12702d4c556 |
| SHA256 | af0f8899ce53d2753064e86205bd37ae388bc968ff326e050538fcb37ba3917b |
| SHA512 | 7acb37ca272efff6842fb458ea2c21429a4407ebac21923b5d95e4fe3156a524e30eeb568f74170c09a35678fa3e744a6b7a4abe03d13731d186ff0fbc449a7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\247907d8-f716-4ba0-8d0a-b068bd31d461.dmp
| MD5 | 75bf5e0e03f107b236460b80b72212aa |
| SHA1 | 26dbfe472b8a51971f957124d0af5156786a7764 |
| SHA256 | f325414173376ef2f19c81fe3090071504d5d1f4055737c1b8afc4d6dbbd8f54 |
| SHA512 | 1e2a26653f3408a120ad46de1b266837394dc618e502c873b425f8e5fec832b0c5007c7c0abcb579751bf51a3612ce478d25fddd4141358a7cbdedb6e52fea01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 47e49a652f8252255c4f3e04c88ec73c |
| SHA1 | 53f58f16da9542f2cfc087f18d3bc7c16a5c3a3b |
| SHA256 | fa4213bd013ebf61d1b963f319d04334e196ba4ff95d78d1a5d7a113a7e1c89a |
| SHA512 | e5eff1f0b9f256b4931917a95d2cc36947a0995eb4e4c961dc4e82cedf1e33e061859acaaf19d4b8f8e4a8bab24234743f97c673ee2cd03faa86c5a4f7df12cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\8a99744c-71e1-48a0-ba05-385b3c7cd6a6.dmp
| MD5 | 394b6a29496cd7a5954cd4c47e56036c |
| SHA1 | b00b911e8ce5ed1b0e90ea154a2ccdc4d64a2fa2 |
| SHA256 | c42fb625235ac22c17f433525eec38613a9dd41fc773c20fff6c44b899401097 |
| SHA512 | 24a8dcdbe603b247a54a3aebde6e5524f0029f6db8c6975477e90a20997b2fb830fa73925e8938fb7eb7cee93ecc60187c8e5daf9dbee4dd7c10a19ee529360a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | 63c8dcbf6c31faae415245c055d54d78 |
| SHA1 | 5c077aa6ce4f5326b119c392ef4c994f7820f1e4 |
| SHA256 | bd927a92464a1d9199b093cdc2b0a215f4ce63420fecea21ac4ac9605dd86af2 |
| SHA512 | 60e4b718dac850da753fb4a04d3f50810a3cb044d0a461f4fc0ac0bf55b2cf75554d6141393ec9435e50938a760959b003db784a2a7c36a5a15f366ea4e20512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\6bf822ab-9a75-4da3-a7ff-b2a9eaa897b9.dmp
| MD5 | d04460c9c1e443726611abc58d9316ed |
| SHA1 | 4f9003098332a5c1ccae02eacfa4365b8862a3d9 |
| SHA256 | 9062b069fed9c1ba613840fbc84d8c22cdc69b94519570dc0e2e5675ab145bfa |
| SHA512 | b262d5c07498a9188bfab91fc12099b3cd71a8b6ad92086e79029b0359338e27e96d797fc65be9c52d9836fa6dbf5928c49e9ba1986a36c0b5c209b15e003377 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | f42f6d834296dcb33a587eb36786107d |
| SHA1 | 0731f71c882598f7da65cb781edfdad2e4d19abb |
| SHA256 | 7b78a153c46ccad494d619837b6bca6aa7e7801c3a9639b82d6068319c5ce065 |
| SHA512 | 467b2ae25904c87f1bfbcb1e5d954269848e596b9ed8ce3e111c0da8636217e85b130108c63611b437907bd6550a2772385c0e237691207025ef267a428b4e25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\1e134fc3-5c35-4a38-9771-1c48eb104b4e.dmp
| MD5 | e2b94953b2917f16a64979fdbaff1a16 |
| SHA1 | 1fb13cd9cf425699fc7eb994c7c6a4033b9ecacf |
| SHA256 | 67a7e90ab7f614b2be0d8feb0302dc46262c2a861dfe3d983d2fac6be5554ef1 |
| SHA512 | d2c420448ff27ecc385114840c24e80f9861181b83d39405f3f4e39ddc1f2197eedf7606acc6b0a47eede602935e3e57d2ec2c5866a9e108ce75333643584c90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | e058521b0a69e6a2e26cb7644c8720a6 |
| SHA1 | 550aa6de0e2eec341be61635e7ef8e2c476ad910 |
| SHA256 | f1d2157a6b5b0802ad741c671296ab68c4a5373a7370cf9d96ec6c10bd20b0c4 |
| SHA512 | 8b31c6b9df64159050ed206cfb0e54bdebc1aa8b05783f535009d9de325cc394b22fc37a1606c24b886ba3efc134010492cbef60cbca23d10c831a058f0188b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | 9d77a1e7fb7eb88c3053c8f0f0d51b03 |
| SHA1 | 2fcba6699564fd42e220f2891388b4dca3f1e3dd |
| SHA256 | 4f57eaeb3f1e5944529ae032c68cf12aa745058e3770b58409bbda6619d953a3 |
| SHA512 | 34dd82ff475e248edff134500cd9fd3414475e7468a245aa30962783ebc4b45bbf512a79ab36db5ac3605a582a43cee8ee6143fe94a4db914e5e9f94210e424e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\d0ea743c-8e9c-423d-ad32-82c916c1709d.dmp
| MD5 | a0d944c52aac1ae05bbc387023f882bc |
| SHA1 | 493dbbfc21e88f8b31f950bf19e10785fa30d9ab |
| SHA256 | 612f9b16cf96924b3ca1617bc06a075907471e58aa4282b955ab0924e155a6d5 |
| SHA512 | 3361b26f933dcdbb868e4291bdf640d65894bd395af7f608c83211b6511d669620aa3f171bfc115c7891352a4c841f528163b061848b666a57957a51f75cef8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\aec7a5d3-d348-4a57-9bf9-6f67bd0d28ab.dmp
| MD5 | feca1b4492ba70402d1af80ce8ea9021 |
| SHA1 | 6f47b583ea612295b67bb8d7b110c32f8e60c2d1 |
| SHA256 | d9900cf859a95395a9e0d415d65ead4cd324fff15f735c55611557a39d3abc27 |
| SHA512 | 254bd58cb1d3c9c5a7312914ab740db3a4b0fb46ab5c387555a2a565b93b7fc7f2a2bd0f3bd8960c1a4bd85e227c973bcaaa159407731462cae03912754e3f4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata
| MD5 | 743bb504413aebd457ab03fdc3b4c0b8 |
| SHA1 | 0dce191fb886b63b7bcb2aa1c475dc4a9b118c80 |
| SHA256 | 3d698bcc0820b37213e85cb460a41eeab6b2c8652874b1e033e51dfe2768c621 |
| SHA512 | b6a3442e82dd9d7c425ead818fa4a487a605f7b743297493fd802fc2a39c63a1a8763a2dffc9a667f03e26c7b891b393e90bca7c28208b718c6fdf7974c883fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\9e6c2222-66ea-4e48-8574-ab301f107904.dmp
| MD5 | 529bdfffe8b93ad10172b26357f640d5 |
| SHA1 | 47011090f8d6c3d40bde5cbc1ab9211726263be5 |
| SHA256 | 7c37a2dc3e387ba9515794ab0257dd58c4fc697184625dcb1d7359d269671da9 |
| SHA512 | f0c82d31d9c8c9a8530e7979e505fe97b98c64add7081a9336ed49a3fbadf77f32e66fc948df55c860ea14a5d4adcb28843e15d0f155aa1848d511a1a5c687ec |
memory/836-867-0x000000001E1D0000-0x000000001E2F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpE9B2.tmp.dat
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
memory/5128-926-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-925-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-924-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-936-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-934-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-935-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-933-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-932-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-931-0x000001F533B30000-0x000001F533B31000-memory.dmp
memory/5128-930-0x000001F533B30000-0x000001F533B31000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\prefs.js
| MD5 | 82a088d07916ece374d07bdb52c1964d |
| SHA1 | 9aedca6f9f94add419440a33ed9c19ef5ee17893 |
| SHA256 | 59fd22a465d94891cd9d6ff200ad6f3c0c3d96c46ee714d11b973881ef43344f |
| SHA512 | b83509f3187e3ffbea8a0cee0fd8abec3d95335716e27d8c651f7b3c202a4cc1f709cb9a3f8cf32c95ceeef2788bd77132e4ecdab134516f24e2639bd60a4fe5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1f5b02fa5d03973511aa7c45f0171298 |
| SHA1 | 340a180f79b09dadbb37de17004e752cba41f9aa |
| SHA256 | a27b043310851c43f4dd0267d5ad62fa01c1d3b605e50df5512a886b1c935a2c |
| SHA512 | 16e417fed45164e4d31db9ff5500d32ceb7a22c8c82814a30c23a3d403cd4c47bd3bc4ac5236b873ff6e97f470e88648fc1f6fa0aede4f3acf2837aec0c14b72 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
| MD5 | ffa9ded712950bc5406326c312928f25 |
| SHA1 | bb79a9f50efdcae6f103d4e3791223170d6179e3 |
| SHA256 | ecf2603b04169425f5decdd0297c76a3e9be4bb0c83634a0f82efc92c7851a4b |
| SHA512 | 0fdf8176e54bb6a95bc102202d76b4491268a712b5a7fd14c93129f2843dd5eae44cfabd8f918a1ca288001bf774735050228ff3e7471861d858ba41802fef53 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\activity-stream.discovery_stream.json
| MD5 | 590565067246b9ee48bd3f6f2fa16a35 |
| SHA1 | 5db39abd6781f25a959772b51742bb657f363e52 |
| SHA256 | bb119ab1b83729c43042a95f70906b748e4f4d8840c2b49f97ecdbb39d224c3c |
| SHA512 | a03b9d6807e5e7b1267ed0be9246139a4ebd7d99959b69df03d66107dec3ad4248d0545692b616f6434fa7054d2d000c67501d64960c7a259df894e9a9865885 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\prefs.js
| MD5 | eb4299ddf7d17775f80524cacc65223a |
| SHA1 | a8417ce21c15e51e4128ff0a7a5119263193e6cc |
| SHA256 | e33702816cd32215a5a8b85372f7295b45334914d69e73fe85acec4140ca43a9 |
| SHA512 | 3812c9b9120dab430de8c0cf025257b7958a9bb729b8567b4ead4ce212ddaf6142ffb24469f1da8444b6e1228427f71b1540756c89eb8d88fcf3e956dd01a15c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\db\data.safe.tmp
| MD5 | 54f011d9108e42481c6fad69c5db9658 |
| SHA1 | 15c91658c2e87bb1c65d525d09b099415cd48c16 |
| SHA256 | a89e42a0a58d23a494f3b7153777f076590833886b16fa607d1120728ea41b0a |
| SHA512 | d8345b89a1f4d31575e3e354fc677c868f4d797ea1ec34c62f5cc550df34e4a9ca0aa2e301b3bf3124ede4ff059e893d277b43789930b03ba1ed2f06492769d7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\pending_pings\dc7c46bd-8833-4e47-ac00-4a57356c2718
| MD5 | 051998b94d72cfe5c2f992dc29362908 |
| SHA1 | 9f174e7e1bdc07c2a199ee776c661b1fca17904f |
| SHA256 | 3f8a0790fb463887350b6d71286e2f241ca4ba5b58f56cc20f36128c9bf5070d |
| SHA512 | 446cfd7d938c6cabab0d87669feb8c067e4af16dcb197123f5344ff6368b7658b958d4b9f9eb09110a376fa2f7515f61a45e4b6075ddef513d7a4d6d247e1944 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
| MD5 | 7d1d7e1db5d8d862de24415d9ec9aca4 |
| SHA1 | f4cdc5511c299005e775dc602e611b9c67a97c78 |
| SHA256 | ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda |
| SHA512 | 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\db\data.safe.tmp
| MD5 | a1485df27d1cadc94de51e38248ef8f6 |
| SHA1 | 6a74529280c38f9d69af06368a317ddd4501dc38 |
| SHA256 | c3b789775c351c62b9f8f1489f229a147541ae481c86fb50be099092fee387d0 |
| SHA512 | a02e3311d57be8b92da88938796bf405f23c3a0276e7f518f8917961a06f364a5c37c6f530c200f87d1ab44209b212f3f7f9e592c0808c98cf361d3d95f0e0d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\extensions.json
| MD5 | 574d261fc43e84c6ea6af807f33147ae |
| SHA1 | fac86fa38fe9243d9c7dbae679268f5bd78d73b3 |
| SHA256 | d50f632868785ace6a101050facbf84a57cf08b3b39d2f1550381adb4a6c3e92 |
| SHA512 | bce1842171c1999c943e312d965b46366cb1c4c0e6b721cc0447dc1d4c8308654bd003ef2254865144a2c9ba243fdd454bbf60020758f6947326e35a438179a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\db\data.safe.tmp
| MD5 | 3def2da2d977cdd8765b8687ca6dba09 |
| SHA1 | c522490f0e4abc27737d72b30ac547c37099e4e3 |
| SHA256 | 3f2f2f679fc8781217fd2f67a5cc884bc44288a546cd629d0d4c353b1388710d |
| SHA512 | 5c391cc8ae38e40ad3d17a9d2688221ff137492455d92008f97b1f5936c8df8d01fe7d0fe59bf3f64c7d6e443aadde03b3584d6c994e6e2e050847fb192c31f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\pending_pings\4e45c1a2-8c01-4820-a6f6-f3a0c9adeaa5
| MD5 | 5f791f81ddfdaceb982125e1e33fad64 |
| SHA1 | 7ab05f559d56baff9285c2c0085831073749b2e5 |
| SHA256 | e368c7e9742f4fda5cde6941eb56de6f0d47bc0253c10c26c11237841e9f6f31 |
| SHA512 | 9ce5b0ade372f9b0ae70a724554eb17d7875899a761b3a615992c54581cd0740e1b52d62073b6d70c4f948436ef6b5dd639c0085ca649eb1006a2a235b2f40ca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\pending_pings\bff6adf2-4d77-40b4-9ed1-3ab10ca66d1e
| MD5 | 67a90db5e297cfe660742cf026029058 |
| SHA1 | a7e2c67b84f88c79f0a48c28ab94bc0d155a21c0 |
| SHA256 | e094cb65c91145246e8b5f24c5f9ea1a042522c5a7d4169b3273ed398cba7217 |
| SHA512 | bb712eee17927c23496c0ca56e797fe9f586bdae9f413bdee56b65be09db18c8b70e314d9fd04655f0dde7684bb512ab27748093be3a3a9b1483006f2dbadfec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\db\data.safe.tmp
| MD5 | 57aac60884fd287df13ea2616e65959e |
| SHA1 | 67847992130d02de49bc875ea1fee3b3238b6fb5 |
| SHA256 | 515a69a880e41fa1139758a81803ba075ac8f7a156fa7edcc6639e3bee596423 |
| SHA512 | 54559b7d5110f3b45058bb8fc1248bd5023543a94dfee75468aa822a0a26e14704af2d70129f58e980a47be0098c53848bbce44194466709cde1f149529c22fa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\datareporting\glean\pending_pings\4d9deb3e-e228-4f33-89f4-fbebd7bd988e
| MD5 | 08036d64253ff5429ceed25a252bf355 |
| SHA1 | 663d87ddddeba2691577dcf3e22dc8c64b08f166 |
| SHA256 | 2419edf0e1279948180f3762242c780b113dc2a652327b335a50705d2134e404 |
| SHA512 | 84a88f2ff3e38fe5cae2f03673d34626e05ce24db9b10e0c1435e9137a97ea910dd623e2bc5c6a88c755ab985c45ff0210bfea0fea3c27d70976dffb0b575bd1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\key4.db
| MD5 | fd7614377b244178301223cb172d4015 |
| SHA1 | c661200fa58a8fe1910ba0e62bbeda659c851468 |
| SHA256 | 2d085f53835a34055b59f9434da81d0fb617675dab59bef59534a29e8a4ed5ed |
| SHA512 | a656b21e3a5e2b46c4fedfe4b70998f0f676b013315c769c84805d884e22a5b7c5923274f3281b7a65b456dffb3325274934c1981b672141136b0a881ad9aa4f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\AlternateServices.bin
| MD5 | 5065508e31c63aa07ed0a1be5ff21838 |
| SHA1 | cc0c5c56a21086a20438d90b8485d5ebf4d1e984 |
| SHA256 | 1c4e1234d2cb1139bd0dc8397d7492ae22e71a0c0eb09d3a73e810222e55c1ff |
| SHA512 | 23c3bce092a6116bc7cc3c0988e2f9904118a9f68f704ec88d65934875a3f28ef3e305254f6bcbdb32633d26b5fc00d7dc2b40357aa394043962974e4b8b8e10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\FireFox Data\startupCache\webext.sc.lz4.tmp
| MD5 | 14ffcdb01a66dd5ea7dac7b7d5dd024c |
| SHA1 | e4504dc49c7d107005d3a52f7510ed2205e7c5e2 |
| SHA256 | e6ba6d37db4b1c71b5c5bbad92808195570444e3322b054c6f8529d6f3bbf149 |
| SHA512 | 45a7f4b11b595f7805dc24ccfbf047f973656c121e50d861265103b2f5bec26f00c0cd34e028b0c30dffece45d28996507fe0b6745f487e123d6c1ad451de4c4 |