Malware Analysis Report

2025-06-15 20:18

Sample ID 241222-16ccma1lgp
Target source_prepared.exe
SHA256 7aebd8303daca5d96c4704b8ec51d829ee0fe09f9e86838ddb6a8b2d29cca291
Tags
pyinstaller pysilon discovery evasion execution persistence upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7aebd8303daca5d96c4704b8ec51d829ee0fe09f9e86838ddb6a8b2d29cca291

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon discovery evasion execution persistence upx

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Drops file in Program Files directory

Detects Pyinstaller

Browser Information Discovery

Unsigned PE

Views/modifies file attributes

Kills process with taskkill

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies registry class

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-22 22:15

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-22 22:15

Reported

2024-12-22 22:33

Platform

win10ltsc2021-20241211-en

Max time kernel

1043s

Max time network

832s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A
N/A N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sgmaboy = "C:\\Users\\Admin\\azsumzarko\\PrudnahTeshko.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6601526c-9c12-41f3-a7d4-b3b020dd13ef.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241222221743.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4084745894-3294430273-2212167662-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3508 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 3508 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 3748 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3748 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3748 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3748 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3748 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3748 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3184 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3184 wrote to memory of 2216 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3184 wrote to memory of 4008 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\azsumzarko\PrudnahTeshko.exe
PID 3184 wrote to memory of 4008 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\azsumzarko\PrudnahTeshko.exe
PID 3184 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3184 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4008 wrote to memory of 4752 N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe C:\Users\Admin\azsumzarko\PrudnahTeshko.exe
PID 4008 wrote to memory of 4752 N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe C:\Users\Admin\azsumzarko\PrudnahTeshko.exe
PID 4752 wrote to memory of 5024 N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe C:\Windows\system32\cmd.exe
PID 4752 wrote to memory of 5024 N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe C:\Windows\system32\cmd.exe
PID 4752 wrote to memory of 3996 N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4752 wrote to memory of 3996 N/A C:\Users\Admin\azsumzarko\PrudnahTeshko.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1192 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1192 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x294 0xbc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\azsumzarko\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\azsumzarko\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\azsumzarko\PrudnahTeshko.exe

"PrudnahTeshko.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\azsumzarko\PrudnahTeshko.exe

"PrudnahTeshko.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\azsumzarko\""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnpublishOut.mhtml

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffbd34a46f8,0x7ffbd34a4708,0x7ffbd34a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x16c,0x270,0x7ff6e4f75460,0x7ff6e4f75470,0x7ff6e4f75480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\UnprotectSubmit.xlsx"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {159fa456-1a39-4c92-8ece-eeb358242400} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8a1861-ae2f-4011-918b-98e7449dabc2} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2576 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3040 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1fe1100-475a-4677-9420-87ba9e73fcbe} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4116 -childID 2 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9412fe1-0678-4ada-a26e-55bd57572888} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67133cc8-a14e-4e2b-b6c2-df57b9abce30} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5160 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {285a3daf-0dab-4ce9-b338-4000715c7b05} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5376 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff52097-29b5-4250-b490-69579879ca0f} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aaaed97-a401-40b7-acee-8f913ae5e722} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5824 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b77ad138-5db5-4f15-9f1d-7cca76e7fd09} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 7 -isForBrowser -prefsHandle 6360 -prefMapHandle 6356 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f035f97f-1a15-459d-a89c-f0f5d86c2efa} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6644 -childID 8 -isForBrowser -prefsHandle 4672 -prefMapHandle 4300 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad8985f2-51c0-4193-b17b-a209bb4d4e19} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7044 -childID 9 -isForBrowser -prefsHandle 7012 -prefMapHandle 6992 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ebb6fb-3fc3-478e-9f85-df62ef8df548} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7252 -childID 10 -isForBrowser -prefsHandle 7288 -prefMapHandle 7296 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a79aebfa-16af-4a72-9b05-eacb7f0a5ccb} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6512 -childID 11 -isForBrowser -prefsHandle 7316 -prefMapHandle 7312 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9474a2ec-7394-4027-9924-1d31fc4ca077} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7664 -childID 12 -isForBrowser -prefsHandle 7656 -prefMapHandle 7652 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac0aebc-c688-42d1-8ae1-0537fe61bc1b} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7796 -childID 13 -isForBrowser -prefsHandle 7784 -prefMapHandle 7780 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57177794-a7bc-44df-8706-113a72126de2} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 14 -isForBrowser -prefsHandle 6444 -prefMapHandle 7776 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85f2c0fd-762c-4c36-a9d7-cc4b0e47a9b0} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7812 -childID 15 -isForBrowser -prefsHandle 6356 -prefMapHandle 5976 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cacb747e-0781-4591-a6fc-dde61c6bd982} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.136.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:52785 tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.103.156.88:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
IE 52.109.76.243:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 243.76.109.52.in-addr.arpa udp
US 8.8.8.8:53 240.76.109.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.189.79.40.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 2.16.153.203:443 www.bing.com tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 203.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 195.195.62.23.in-addr.arpa udp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
N/A 127.0.0.1:60593 tcp
US 8.8.8.8:53 www.mozilla.org udp
US 151.101.131.19:443 www.mozilla.org tcp
US 151.101.131.19:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 19.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 150.225.228.44.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:60600 tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 34.149.128.2:443 us-west1.prod.sumo.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 2.128.149.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 172.217.20.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
FR 172.217.20.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
FR 216.58.215.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
FR 142.250.179.74:443 ogads-pa.googleapis.com tcp
FR 142.250.179.74:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
FR 216.58.215.49:443 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
FR 142.250.179.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 49.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.75.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.75.238:443 consent.google.com udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 locate.measurementlab.net udp
FR 142.250.201.179:443 locate.measurementlab.net tcp
US 8.8.8.8:53 ghs.googlehosted.com udp
US 8.8.8.8:53 ghs.googlehosted.com udp
US 8.8.8.8:53 179.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.speedtest.net udp
US 104.17.148.22:443 www.speedtest.net tcp
US 8.8.8.8:53 www.speedtest.net.cdn.cloudflare.net udp
US 8.8.8.8:53 www.speedtest.net.cdn.cloudflare.net udp
US 8.8.8.8:53 cdn.ziffstatic.com udp
US 8.8.8.8:53 b.cdnst.net udp
US 8.8.8.8:53 b-code.liadm.com udp
GB 2.16.153.135:443 cdn.ziffstatic.com tcp
US 8.8.8.8:53 e96286.dsci.akamaiedge.net udp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
US 8.8.8.8:53 detgh1asa1dg4.cloudfront.net udp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
US 8.8.8.8:53 detgh1asa1dg4.cloudfront.net udp
US 8.8.8.8:53 e96286.dsci.akamaiedge.net udp
GB 2.16.153.135:443 e96286.dsci.akamaiedge.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 104.17.31.174:443 diffuser-cdn.app-us1.com tcp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 22.148.17.104.in-addr.arpa udp
US 8.8.8.8:53 219.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.31.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 prism.app-us1.com udp
US 8.8.8.8:53 135.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 cdn.static.zdbb.net udp
US 8.8.8.8:53 prism.app-us1.com udp
US 104.17.31.174:443 prism.app-us1.com tcp
GB 104.77.161.165:443 cdn.static.zdbb.net tcp
US 8.8.8.8:53 e96286.g.akamaiedge.net udp
US 8.8.8.8:53 prism.app-us1.com udp
US 8.8.8.8:53 e96286.g.akamaiedge.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 zdbb.net udp
US 8.8.8.8:53 gurgle.speedtest.net udp
US 8.8.8.8:53 trackcmp.net udp
IE 108.128.122.18:443 zdbb.net tcp
US 8.8.8.8:53 zdbb.net udp
US 35.170.46.96:443 gurgle.speedtest.net tcp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 104.18.34.214:443 trackcmp.net tcp
US 8.8.8.8:53 trackcmp.net udp
US 8.8.8.8:53 trackcmp.net udp
US 8.8.8.8:53 zdbb.net udp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
FR 13.32.145.94:443 detgh1asa1dg4.cloudfront.net tcp
FR 18.245.202.34:443 d1ykf07e75w7ss.cloudfront.net tcp
FR 216.58.213.66:443 securepubads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 8.8.8.8:53 165.161.77.104.in-addr.arpa udp
US 8.8.8.8:53 214.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 18.122.128.108.in-addr.arpa udp
US 8.8.8.8:53 96.46.170.35.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 94.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 34.202.245.18.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
FR 216.58.213.66:443 securepubads.g.doubleclick.net udp
US 35.170.46.96:443 gurgle.zdbb.net tcp
FR 18.245.202.34:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 i.liadm.com udp
US 8.8.8.8:53 rp.liadm.com udp
US 3.218.55.33:443 i.liadm.com tcp
US 8.8.8.8:53 idaas-ext.cph.liveintent.com udp
US 44.221.168.224:443 rp.liadm.com tcp
US 8.8.8.8:53 livepixel-production.bln.liveintent.com udp
US 8.8.8.8:53 st-6.fibrenest.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 idaas-ext.cph.liveintent.com udp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 livepixel-production.bln.liveintent.com udp
US 8.8.8.8:53 speedtest.swishfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 st-6.fibrenest.com udp
GB 154.62.164.139:8080 st-6.fibrenest.com tcp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
US 8.8.8.8:53 speedtest.swishfibre.com udp
GB 45.92.46.45:8080 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com udp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk udp
US 8.8.8.8:53 st-6.fibrenest.com udp
GB 31.22.12.17:8080 speedtest.swishfibre.com tcp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com udp
US 8.8.8.8:53 speedtest.swishfibre.com udp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk udp
US 8.8.8.8:53 lon.host.speedtest.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk udp
US 8.8.8.8:53 speedtest-lon.retn.net udp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk tcp
US 8.8.8.8:53 lon.host.speedtest.net udp
GB 95.87.111.74:8080 lon.host.speedtest.net tcp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtestlon.orbital.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest-lon.retn.net udp
US 8.8.8.8:53 live.rezync.com udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk udp
US 8.8.8.8:53 lon.host.speedtest.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao udp
US 8.8.8.8:53 speedtestlon.orbital.net udp
US 8.8.8.8:53 live.rezync.com udp
GB 185.82.8.1:8080 speedtest-lon.retn.net tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 mid.rkdms.com udp
FR 52.84.174.30:443 live.rezync.com tcp
IE 54.155.137.139:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 139.164.62.154.in-addr.arpa udp
US 8.8.8.8:53 6.112.37.152.in-addr.arpa udp
US 8.8.8.8:53 33.55.218.3.in-addr.arpa udp
US 8.8.8.8:53 224.168.221.44.in-addr.arpa udp
US 8.8.8.8:53 252.101.10.45.in-addr.arpa udp
US 8.8.8.8:53 17.12.22.31.in-addr.arpa udp
US 8.8.8.8:53 45.46.92.45.in-addr.arpa udp
US 8.8.8.8:53 21.82.148.51.in-addr.arpa udp
US 8.8.8.8:53 74.111.87.95.in-addr.arpa udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao udp
US 35.153.85.19:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 speedtestlon.orbital.net udp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 live.rezync.com udp
US 70.42.32.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 nydc1.outbrain.org udp
US 54.198.45.212:443 mid.rkdms.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 mid.rkdms.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 nydc1.outbrain.org udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 mid.rkdms.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 rtb.openx.net udp
GB 185.148.112.227:8080 londres.speedtest.angolacables.co.ao tcp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
GB 94.101.144.102:8080 speedtestlon.orbital.net tcp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud udp
US 8.8.8.8:53 in-ftd-65.nl3.vip.prod.criteo.com udp
IE 54.155.189.248:443 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud tcp
IE 54.155.189.248:443 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud tcp
IE 54.155.189.248:443 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud tcp
IE 54.155.189.248:443 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
IE 54.155.189.248:443 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud tcp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 in-ftd-65.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 a-emea.rfihub.com.akadns.net udp
US 8.8.8.8:53 b1sync.outbrain.com udp
US 8.8.8.8:53 a-emea.rfihub.com.akadns.net udp
NL 185.89.210.141:443 ams3-ib.adnxs.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 70.42.32.95:443 b1sync.outbrain.com tcp
US 104.18.26.193:443 htlb.casalemedia.com tcp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 qvdt3feo.com udp
US 34.196.82.111:443 qvdt3feo.com tcp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 1.8.82.185.in-addr.arpa udp
US 8.8.8.8:53 30.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 139.137.155.54.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 19.85.153.35.in-addr.arpa udp
US 8.8.8.8:53 223.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 227.112.148.185.in-addr.arpa udp
US 8.8.8.8:53 212.45.198.54.in-addr.arpa udp
US 8.8.8.8:53 248.189.155.54.in-addr.arpa udp
US 8.8.8.8:53 102.144.101.94.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 234.78.72.3.in-addr.arpa udp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 95.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 104.18.26.193:443 htlb.casalemedia.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.227.252.103:443 rtb.openx.net udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 111.82.196.34.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 jogger.zdbb.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 0e72c3fd38dda75b0d34599f8443a02f.safeframe.googlesyndication.com udp
US 54.204.6.47:443 jogger.zdbb.net tcp
US 8.8.8.8:53 jogger.zdbb.net udp
FR 142.250.179.66:443 ep1.adtrafficquality.google tcp
FR 216.58.214.65:443 0e72c3fd38dda75b0d34599f8443a02f.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 jogger.zdbb.net udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
FR 216.58.214.65:443 pagead-googlehosted.l.google.com udp
FR 142.250.179.66:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.178.129:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.178.129:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 47.6.204.54.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 216.58.214.161:443 tpc.googlesyndication.com tcp
FR 216.58.214.161:443 tpc.googlesyndication.com tcp
FR 216.58.214.161:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 idx.liadm.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ookla-d.openx.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 18.210.235.203:443 idx.liadm.com tcp
US 8.8.8.8:53 idx.cph.liveintent.com udp
US 104.18.24.18:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 34.98.64.218:443 ookla-d.openx.net tcp
US 8.8.8.8:53 ookla-d.openx.net udp
GB 23.36.168.202:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
GB 23.46.73.76:443 e8960.b.akamaiedge.net tcp
US 8.8.8.8:53 idx.cph.liveintent.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ookla-d.openx.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 34.98.64.218:443 ookla-d.openx.net udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 172.217.20.194:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 172.217.20.194:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 18.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 202.168.36.23.in-addr.arpa udp
US 8.8.8.8:53 76.73.46.23.in-addr.arpa udp
US 8.8.8.8:53 203.235.210.18.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 aa.agkn.com udp
DE 52.29.40.142:443 aa.agkn.com tcp
US 8.8.8.8:53 ActivationEdge-activation-1631408035.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 ActivationEdge-activation-1631408035.eu-central-1.elb.amazonaws.com udp
GB 95.87.111.74:8080 lon.host.speedtest.net tcp
US 8.8.8.8:53 lon.host.speedtest.net udp
US 8.8.8.8:53 stags.bluekai.com udp
US 8.8.8.8:53 142.40.29.52.in-addr.arpa udp
GB 95.87.111.74:8080 lon.host.speedtest.net tcp
GB 185.148.112.227:8080 londres.speedtest.angolacables.co.ao tcp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
US 8.8.8.8:53 lon.host.speedtest.net.prod.hosts.ooklaserver.net udp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 185.148.112.227:8080 londres.speedtest.angolacables.co.ao tcp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 lon.host.speedtest.net udp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.74:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.speedtest.net udp
US 8.8.8.8:53 www.speedtest.net.cdn.cloudflare.net udp
US 104.17.147.22:443 www.speedtest.net tcp
US 8.8.8.8:53 22.147.17.104.in-addr.arpa udp
IE 108.128.122.18:443 zdbb.net tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 b.cdnst.net udp
US 151.101.2.219:443 b.cdnst.net tcp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
IE 54.155.189.248:443 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud tcp
US 104.18.26.193:443 htlb.casalemedia.com udp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 35.227.252.103:443 rtb.openx.net udp
NL 185.89.210.141:443 ams3-ib.adnxs.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 fra1-ib.adnxs.com udp
US 8.8.8.8:53 fra1-ib.adnxs.com udp
FR 216.58.214.161:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI35082\python311.dll

MD5 87b5d21226d74f069b5ae8fb74743236
SHA1 153651a542db095d0f9088a97351b90d02b307ac
SHA256 3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194
SHA512 788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

memory/3748-1268-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\base_library.zip

MD5 2a138e2ee499d3ba2fc4afaef93b7caa
SHA1 508c733341845e94fce7c24b901fc683108df2a8
SHA256 130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c
SHA512 1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ctypes.pyd

MD5 e7ec734581f37a065e54b55515222897
SHA1 9205e3030ea43027cba202b4c968447927d3dc0d
SHA256 9e619adf436228c1c87e7909ca58575a02ef069d71045785b102e2a0f833b6a3
SHA512 281a16075a10ab4465ff1ab49c5639e982961b5029dc36f4b9657f32b9c29ff1bd39c2d6a3f793d7f93fd10802f5d1356bee9e54fa6eb67780a6275094e4fef3

C:\Users\Admin\AppData\Local\Temp\_MEI35082\python3.DLL

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

memory/3748-1276-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libffi-8.dll

MD5 77199701fe2d585080e44c70ea5aed4c
SHA1 34c8b0ce03a945351e30fb704a00d5257e2a6132
SHA256 4eb41bcf5e54017c4d8c6a7184f4633d9e6c10ca8f52ad21e3b752edd745d4ee
SHA512 d325f517a3eb831f3f5853c5471295244716a666507aa4e4b262e0842f1bfad0c9648a6711fbce514193e411cfcdbb9afe86764e740355cd06895dfcc623fe34

memory/3748-1278-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_bz2.pyd

MD5 c33370fc6631725aec3102b955b5e4bf
SHA1 0fce43642e54cd9db1eb48bbfd7661b8a4613e0d
SHA256 6c41a618b4dec812f5cd434375f33052daada9f49c6d472e82bdec27c407cfc5
SHA512 1de939ccb2b6349eaefcf12f37fb00b2b5dafff07930d52bfededcdfe6a234c0da75030596f544adfea09c786dc576fc5a88056ec614d2059a1a9e182925a021

memory/3748-1282-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_lzma.pyd

MD5 49a6a6127ad0a70a2d60f193254ba710
SHA1 eb9f1f5a0b264d6c2c477562b9331a798b9a1909
SHA256 4ad51dac78f9192831ee9c6959ad3d67e0f66869bded3a91688b08c4ff2103f7
SHA512 e5064d0536361fd193b1855fcb4173cace51094d8c8827dfca893d49734200156847987124ded14d75aa0c61f1204cc00eaf4ee81d84406e17ad216bf17003ca

memory/3748-1284-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_uuid.pyd

MD5 4c8ffc5c3b8bb6e969e8c80a132a1cf7
SHA1 fef1d1a9b17571fb885aa7f224cc9473b0b9adfe
SHA256 b73fd8206c709f352dd26850d181a8ba8b14bad3b3494f61038f45044a3a2d85
SHA512 6eca26f968f124f0bac60dd2a184be56cee4f8e74e4fef20c5f3e920d50651f7772d49ed43d4024da6aed11b25be0018ccdb87506ac96e3346ce2d72c4cb223e

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_hashlib.pyd

MD5 d27d3f54914b9b3b4dbf947a216b0e11
SHA1 36a4905e2ca457f241d6f2fc61d11c2a7986e802
SHA256 ed5433134675839cf0ac3d55006e87c3e8b74bb622168d83fa7e00c9dec1b844
SHA512 e3bf3df3c0202eb19830985ae5e9f6d4d03bedbc0b8371dcefa6d08bf2ce47dce211957c9c36bee8c57889d29084a08ff3d3fe2cd643e3420ca0c030585adef9

memory/3748-1325-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libcrypto-1_1.dll

MD5 8e7025186c1c6f3f61198c027ff38627
SHA1 79c6f11358c38bda0c12ee1e3ab90a21f4651fa1
SHA256 f393f54886674e42bb7667087c92af67bd46e542c44ddff11c5061481261c90e
SHA512 4bbbf7d0a51aec361779d7735c6a91f1bdd468da0aaa3626c3cb52128c998d6454be8c473c8743172ffcea9dc66403a5a81ff5535d9baf87fa6ab990a35add41

memory/3748-1327-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_tkinter.pyd

MD5 a7d7c6f515f5b49b1204d1376f7621cc
SHA1 42000eee9d23ac678103ad3067edfccd5043219f
SHA256 3b816042f0c47279b39a2d04347e115404fffbb01de35134fd7db279f55296bc
SHA512 f54a3d79ac6a1f0bf88562c7cd004055d29f6bc05beb408e856fc5305f59f061b7a17556e008a549dd12aa9399c99e7fe2321cd5ec7324ab7ce3151b0454e9b8

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ssl.pyd

MD5 e77ee0cd7cab90dabbaea0f8abd7e1c8
SHA1 8b7f712eac536e9932c2bfde828624c34870e4d5
SHA256 c8359a4e0991f6604666004bac39b9c290195d64af47b263a85f663d89822b11
SHA512 4f0461b803d214e798be061829103fe20d12a14d88e365c186b3081b695138ae68b64083626431c9105d5609f36193fd8891f6e8968392b42709e6c198bd9c2f

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_sqlite3.pyd

MD5 0b71fb4c0dba8beca2b950b5d0df24e9
SHA1 af710f7604da0777b35fde62115214f029e0db26
SHA256 8ecf7eabe204218b672660e52b539040183cf346ca630ff3de552a22111ecb3d
SHA512 784ff22dd62b398378bba276b386280d7e0930bf5611a5ca7fcdf894c352be5aaeabec2f419092cfa17791f61b725f37b44bb6e861dba2e5322b87078952c660

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_socket.pyd

MD5 38c567e91d5bd0ea66f57528319e6487
SHA1 98029c6c35886b9ab94c5bbaa4fbb54de9f45dc2
SHA256 502212dbed204b73f8b18b9b13c0ea158c9dd2cfffae2d7cafedf7b042264fbb
SHA512 d2f03faf7faaa1b82dd14130a85b203e86de96777209d47ec459c5a1efbbbd0ac6754d53ff9618744ad57c3b800b6fa6f8850c716dacce3828264eef265543b0

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_queue.pyd

MD5 3b901ff0137dc2460d2f90b0a43a9482
SHA1 bd89b85b8ca525b9370fc105b5009e45ab95131a
SHA256 9982fad71df27eaeaac9521e25a300dfe5810aa723fafd56667b09a9bef26594
SHA512 c1fa7d0b4af3421f288cb2773fa35bbe6efe86160de48787da998f155f6880df535f075bbec531a5c5a9c210c239d4e926d86b486bc68f41a7e1ef97ac095dcd

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_overlapped.pyd

MD5 96d75944d280f39eb0f8e435511f3222
SHA1 0d74eefaf62c80c969bfe2f5e32fc269073527f3
SHA256 bfac2d1b1c5b948f6cd70de2e2edbe85f535ace879dbbaa04a71065ea11ef280
SHA512 724be702596604d173a542526b2049f268f611c204f03ef642ccf5e946441973704dca6e601bc5fd6dc3cc9a35b8cfd392571fe3228c59e277259097f53b2bf3

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_multiprocessing.pyd

MD5 b5979368da73ffe9213dd49c0e5d6270
SHA1 5cf6ab2e801899cde24f3b356f8c1bff9d935528
SHA256 020602164b9891cb1c304d9f70dd8083c7e1a9a42caa9cfd67a5bbc0728029b9
SHA512 191823e56c4a3ea8bd211745111861d140899263ebed9b1988d2be37e1ba073195b55548266d6c536793edf49ef82b19064be96992b7bea9171424e789c83352

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_elementtree.pyd

MD5 dda8f0cc660c5e8170e37f37394f53ad
SHA1 6fea7006e44d0ee320499034e61f0cd99247abda
SHA256 58fc4868d87f7e05a387fb39646110307b993757b3e23e52d4489e7cea653dcc
SHA512 13cda3936c3b7eace74aed66282a13aa3d63e9da9b761a7fc8d6d0f215b61fc44ef4c4d60bbb0cb8d52689ed1ac05993965f5498da41ee95d6299d4f9a4bf4f5

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_decimal.pyd

MD5 c21d61753b2a62fe70311aaa50e75a64
SHA1 39cc382ae3fbcb6b80974ece0e020cdcbec8f57a
SHA256 0ef0b881c15d88a443a1bfc898d0011dab50500ee4a86e0f35c3076ed70cce49
SHA512 059c7c7f35c939ab615b4dc1d3e9da69a66b0ed4a30931115971898c63f24ff960bb544f2ff9db7ce990c36a4d1e6307864d0f1ec5fbf354983473268c9500e4

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_cffi_backend.cp311-win_amd64.pyd

MD5 c4a0ceacd79d2c06956d24bf1c028a35
SHA1 1dfc5c777435a46a69c984411d4dfb717b47c537
SHA256 1ec4cd20853191e91e36556c6fe1a8bb14d162ee9904acc897cd8f694089f0e7
SHA512 da57381043a500a5bc826215d9c253e22139dd3e9e28a870b03d2d7d486aa8eb1a78a45ba45ee9c86b3a9bb264f20a9a776e5e3ab1e921ea6d0747275410746d

C:\Users\Admin\AppData\Local\Temp\_MEI35082\_asyncio.pyd

MD5 e6307d02076151c6fc9b78b1f346068f
SHA1 336cb5b3fc88ff4d9cc021f858ff33b0eb96c881
SHA256 fdb2a227d646b420de9877bb569b96369b6175e322f6ef81bc3f372eed08c10b
SHA512 7a22e2c293a067502a0d1e4ccc9fcb81dd7bd7faf56a1fd4a6cebc56c5ce4e8bf6c7157e19fe779ed70722d559da61ab5ca1f9b1e1b3df8a2b83728fbac2564c

C:\Users\Admin\AppData\Local\Temp\_MEI35082\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140_1.dll

MD5 75e78e4bf561031d39f86143753400ff
SHA1 324c2a99e39f8992459495182677e91656a05206
SHA256 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
SHA512 ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

C:\Users\Admin\AppData\Local\Temp\_MEI35082\unicodedata.pyd

MD5 5c05df2afd90a54d6378ff869d774b33
SHA1 38e2d685cd131ef1fff235ed180016c083bf2965
SHA256 0f631b1f12c8b0aded13ee5a50ff11eb2bcf9c47b535270a8a88fdfee4709ac6
SHA512 7d4712cdf0d27f66f33070ec4d1b4e6c51d3857edf01c4db94ce71eb8ed5b7780f5e3e05593e53d1dd51bc00d14dacdb234f02d391569b5e7ec136c00c10b145

C:\Users\Admin\AppData\Local\Temp\_MEI35082\tk86t.dll

MD5 7d85f7480f2d8389f562723090be1370
SHA1 edfa05dc669a8486977e983173ec61cc5097bbb0
SHA256 aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5
SHA512 a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

C:\Users\Admin\AppData\Local\Temp\_MEI35082\tcl86t.dll

MD5 755bec8838059147b46f8e297d05fba2
SHA1 9ff0665cddcf1eb7ff8de015b10cc9fcceb49753
SHA256 744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130
SHA512 e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

C:\Users\Admin\AppData\Local\Temp\_MEI35082\sqlite3.dll

MD5 aa2a7bd0e84498719405008b996a38ec
SHA1 0cb0962b02324067a715559c64fcbe3c1e798d03
SHA256 cacbebf5a19a14d3aaf59fd71a79ed38638c61f80994a292f16193d52d91832a
SHA512 d39f093eb5ad7ed489e10f6db405eaf0d0844a5e3eed1deff4202f1cf316293535e46d87d5aff1d210bacf53a65a08c397eacc919787da8133614951d77d85e6

C:\Users\Admin\AppData\Local\Temp\_MEI35082\select.pyd

MD5 5159aab3342e8e811454849c5543d0fe
SHA1 992b1aa55aa3a9ddc12857ec576c3d85ba5176d8
SHA256 2051c44e5704b8800145905058425b9fd829c1be6106ef632ef78fd574f513c1
SHA512 36437f1f4b6431c35074c13f9c791be5e041a8c4861878c254115398f5f3249afef1548a554eb7b06fc9de5271d6a98a0c026b951fa04ad312aa3f56b20774d0

C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI35082\pyexpat.pyd

MD5 a655fa42e31e30cf60f452b70c01a1a4
SHA1 e38b435347a65d39dd2ff8518b75070e6038fb47
SHA256 83feb05e74d002110bf8d032c3ad2ffb636ae0ba4300e1ba84ce4add8f0554ec
SHA512 e54b38011ea94565ddf88120b8a3718b9cfcb79ca4b4900da1f9338b59795162534dbd2d5bfd67a81d9a29a6675ffdb2dc8772f583ee5bf2de547136334c8831

C:\Users\Admin\AppData\Local\Temp\_MEI35082\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libssl-1_1.dll

MD5 0bfdc638fbe4135514de3aebf59fa410
SHA1 963addfdadf918339dfcab33e07bb6c48c86099e
SHA256 77affb7e88ab70fa04e382e29bf04a94ddf36c5cbd88b29ff33e15912d83ed01
SHA512 768abcc391eea4a3b34b0aade99932cd9befb922dcf9e720edf4c4719938214236e8668eca67026bd07567fbd10bbba98d63f47d63a81c7be1adce3bdd1973e4

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI35082\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI35082\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

memory/3748-1333-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35082\charset_normalizer\md.cp311-win_amd64.pyd

MD5 ecfbd9b49ae51f8e3374e17aff3aec1e
SHA1 3e66e0f757d0f18afd546d158a96fd1707b35a5f
SHA256 1237b21174cd4aee97aa4d80ee953dd4ce91b2e1beb4788a55cb25a0213521aa
SHA512 9c9f682b55a589f1c10c99b89cc2620ce3d89d96c17096feb7e0ddfd6ac2f2b279885084b131080a57a6a324a9bce928e618348545c2b0af06c0ec4c267362c8

memory/3748-1355-0x00007FFBD8F70000-0x00007FFBD8F7C000-memory.dmp

memory/3748-1359-0x00007FFBE1250000-0x00007FFBE125C000-memory.dmp

memory/3748-1358-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp

memory/3748-1357-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

memory/3748-1356-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp

memory/3748-1354-0x00007FFBD8F80000-0x00007FFBD8F8B000-memory.dmp

memory/3748-1353-0x00007FFBD8F90000-0x00007FFBD8F9B000-memory.dmp

memory/3748-1352-0x00007FFBD95E0000-0x00007FFBD95EC000-memory.dmp

memory/3748-1351-0x00007FFBDB5F0000-0x00007FFBDB5FE000-memory.dmp

memory/3748-1350-0x00007FFBDDAF0000-0x00007FFBDDAFD000-memory.dmp

memory/3748-1349-0x00007FFBE05B0000-0x00007FFBE05BC000-memory.dmp

memory/3748-1348-0x00007FFBE05C0000-0x00007FFBE05CB000-memory.dmp

memory/3748-1347-0x00007FFBE1260000-0x00007FFBE126B000-memory.dmp

memory/3748-1346-0x00007FFBE1370000-0x00007FFBE137C000-memory.dmp

memory/3748-1345-0x00007FFBE1640000-0x00007FFBE164B000-memory.dmp

memory/3748-1344-0x00007FFBE1A30000-0x00007FFBE1A3B000-memory.dmp

memory/3748-1343-0x00007FFBD8FA0000-0x00007FFBD8FD7000-memory.dmp

memory/3748-1342-0x00007FFBD2460000-0x00007FFBD257C000-memory.dmp

memory/3748-1341-0x00007FFBDDB00000-0x00007FFBDDB27000-memory.dmp

memory/3748-1340-0x00007FFBE1BA0000-0x00007FFBE1BAB000-memory.dmp

memory/3748-1339-0x00007FFBD35D0000-0x00007FFBD3688000-memory.dmp

memory/3748-1335-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

memory/3748-1331-0x00007FFBE7020000-0x00007FFBE702D000-memory.dmp

memory/3748-1329-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

memory/3748-1364-0x00007FFBD3560000-0x00007FFBD3572000-memory.dmp

memory/3748-1363-0x00007FFBD3580000-0x00007FFBD3595000-memory.dmp

memory/3748-1362-0x00007FFBD35A0000-0x00007FFBD35AC000-memory.dmp

memory/3748-1361-0x00007FFBD35B0000-0x00007FFBD35C2000-memory.dmp

memory/3748-1360-0x00007FFBD8A10000-0x00007FFBD8A1D000-memory.dmp

memory/3748-1370-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

memory/3748-1369-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

memory/3748-1368-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

memory/3748-1367-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

memory/3748-1366-0x00007FFBD3540000-0x00007FFBD3554000-memory.dmp

memory/3748-1365-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

memory/3748-1372-0x00007FFBD34C0000-0x00007FFBD34D9000-memory.dmp

memory/3748-1371-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

memory/3748-1373-0x00007FFBD1DE0000-0x00007FFBD1E2D000-memory.dmp

memory/3748-1375-0x00007FFBD1DC0000-0x00007FFBD1DD1000-memory.dmp

memory/3748-1374-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

memory/3748-1376-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp

memory/3748-1379-0x00007FFBD1C70000-0x00007FFBD1C8E000-memory.dmp

memory/3748-1378-0x00007FFBD1C90000-0x00007FFBD1C9A000-memory.dmp

memory/3748-1377-0x00007FFBD1D80000-0x00007FFBD1DB2000-memory.dmp

memory/3748-1380-0x00007FFBD1C10000-0x00007FFBD1C6D000-memory.dmp

memory/3748-1381-0x00007FFBD1BE0000-0x00007FFBD1C09000-memory.dmp

memory/3748-1383-0x00007FFBD1BA0000-0x00007FFBD1BCE000-memory.dmp

memory/3748-1382-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

memory/3748-1384-0x00007FFBD1B70000-0x00007FFBD1B93000-memory.dmp

memory/3748-1385-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

memory/3748-1386-0x00007FFBD19F0000-0x00007FFBD1B63000-memory.dmp

memory/3748-1388-0x00007FFBD19D0000-0x00007FFBD19E8000-memory.dmp

memory/3748-1387-0x00007FFBD1DE0000-0x00007FFBD1E2D000-memory.dmp

memory/3748-1389-0x00007FFBD19C0000-0x00007FFBD19CB000-memory.dmp

memory/3748-1390-0x00007FFBD19B0000-0x00007FFBD19BB000-memory.dmp

memory/3748-1392-0x00007FFBD19A0000-0x00007FFBD19AC000-memory.dmp

memory/3748-1391-0x00007FFBD1D80000-0x00007FFBD1DB2000-memory.dmp

memory/3748-1393-0x00007FFBD1990000-0x00007FFBD199B000-memory.dmp

memory/3748-1397-0x00007FFBD1970000-0x00007FFBD197B000-memory.dmp

memory/3748-1399-0x00007FFBD1960000-0x00007FFBD196C000-memory.dmp

memory/3748-1398-0x00007FFBD1BA0000-0x00007FFBD1BCE000-memory.dmp

memory/3748-1396-0x00007FFBD1BE0000-0x00007FFBD1C09000-memory.dmp

memory/3748-1395-0x00007FFBD1980000-0x00007FFBD198C000-memory.dmp

memory/3748-1394-0x00007FFBD1C10000-0x00007FFBD1C6D000-memory.dmp

memory/3748-1401-0x00007FFBD1950000-0x00007FFBD195D000-memory.dmp

memory/3748-1400-0x00007FFBD1B70000-0x00007FFBD1B93000-memory.dmp

memory/3748-1406-0x00007FFBD19D0000-0x00007FFBD19E8000-memory.dmp

memory/3748-1405-0x00007FFBD1930000-0x00007FFBD193C000-memory.dmp

memory/3748-1404-0x00007FFBD1920000-0x00007FFBD192B000-memory.dmp

memory/3748-1403-0x00007FFBD1940000-0x00007FFBD194E000-memory.dmp

memory/3748-1402-0x00007FFBD19F0000-0x00007FFBD1B63000-memory.dmp

memory/3748-1414-0x00007FFBD17B0000-0x00007FFBD186C000-memory.dmp

memory/3748-1413-0x00007FFBD1870000-0x00007FFBD18A5000-memory.dmp

memory/3748-1412-0x00007FFBD18B0000-0x00007FFBD18BC000-memory.dmp

memory/3748-1411-0x00007FFBD18C0000-0x00007FFBD18D2000-memory.dmp

memory/3748-1410-0x00007FFBD18E0000-0x00007FFBD18ED000-memory.dmp

memory/3748-1409-0x00007FFBD18F0000-0x00007FFBD18FB000-memory.dmp

memory/3748-1408-0x00007FFBD1900000-0x00007FFBD190C000-memory.dmp

memory/3748-1407-0x00007FFBD1910000-0x00007FFBD191B000-memory.dmp

memory/3748-1415-0x00007FFBD1780000-0x00007FFBD17AB000-memory.dmp

memory/3748-1416-0x00007FFBD1530000-0x00007FFBD1779000-memory.dmp

memory/3748-1417-0x00007FFBD0D30000-0x00007FFBD152B000-memory.dmp

memory/3748-1418-0x00007FFBD1950000-0x00007FFBD195D000-memory.dmp

memory/3748-1419-0x00007FFBD0CD0000-0x00007FFBD0D25000-memory.dmp

memory/3748-1420-0x00007FFBD09F0000-0x00007FFBD0CCF000-memory.dmp

memory/3748-1421-0x00007FFBCE8F0000-0x00007FFBD09E3000-memory.dmp

memory/3748-1423-0x00007FFBCE8A0000-0x00007FFBCE8C1000-memory.dmp

memory/3748-1422-0x00007FFBCE8D0000-0x00007FFBCE8E7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oxeyuvkw.3ao.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3748-1477-0x00007FFBD3580000-0x00007FFBD3595000-memory.dmp

memory/3748-1467-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

memory/3748-1485-0x00007FFBD1D80000-0x00007FFBD1DB2000-memory.dmp

memory/3748-1484-0x00007FFBD1DC0000-0x00007FFBD1DD1000-memory.dmp

memory/3748-1483-0x00007FFBD1DE0000-0x00007FFBD1E2D000-memory.dmp

memory/3748-1482-0x00007FFBD34C0000-0x00007FFBD34D9000-memory.dmp

memory/3748-1481-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

memory/3748-1480-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

memory/3748-1479-0x00007FFBD3540000-0x00007FFBD3554000-memory.dmp

memory/3748-1478-0x00007FFBD3560000-0x00007FFBD3572000-memory.dmp

memory/3748-1476-0x00007FFBD8FA0000-0x00007FFBD8FD7000-memory.dmp

memory/3748-1475-0x00007FFBD2460000-0x00007FFBD257C000-memory.dmp

memory/3748-1474-0x00007FFBDDB00000-0x00007FFBDDB27000-memory.dmp

memory/3748-1473-0x00007FFBE1BA0000-0x00007FFBE1BAB000-memory.dmp

memory/3748-1472-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp

memory/3748-1471-0x00007FFBD35D0000-0x00007FFBD3688000-memory.dmp

memory/3748-1470-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

memory/3748-1469-0x00007FFBE7020000-0x00007FFBE702D000-memory.dmp

memory/3748-1466-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

memory/3748-1465-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

memory/3748-1463-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp

memory/3748-1462-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

memory/3748-1461-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

memory/3748-1468-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

memory/3748-1464-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI40082\cryptography-44.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/4752-3053-0x00007FFBD2460000-0x00007FFBD257C000-memory.dmp

memory/4752-3077-0x00007FFBD34C0000-0x00007FFBD34D9000-memory.dmp

memory/4752-3076-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

memory/4752-3075-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

memory/4752-3074-0x00007FFBD3540000-0x00007FFBD3554000-memory.dmp

memory/4752-3073-0x00007FFBD3560000-0x00007FFBD3572000-memory.dmp

memory/4752-3072-0x00007FFBD3580000-0x00007FFBD3595000-memory.dmp

memory/4752-3071-0x00007FFBD35A0000-0x00007FFBD35AC000-memory.dmp

memory/4752-3070-0x00007FFBD35B0000-0x00007FFBD35C2000-memory.dmp

memory/4752-3069-0x00007FFBD8A10000-0x00007FFBD8A1D000-memory.dmp

memory/4752-3068-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp

memory/4752-3067-0x00007FFBD8F70000-0x00007FFBD8F7C000-memory.dmp

memory/4752-3066-0x00007FFBD8F80000-0x00007FFBD8F8B000-memory.dmp

memory/4752-3065-0x00007FFBD8F90000-0x00007FFBD8F9B000-memory.dmp

memory/4752-3064-0x00007FFBD95E0000-0x00007FFBD95EC000-memory.dmp

memory/4752-3063-0x00007FFBDB5F0000-0x00007FFBDB5FE000-memory.dmp

memory/4752-3062-0x00007FFBDDAF0000-0x00007FFBDDAFD000-memory.dmp

memory/4752-3061-0x00007FFBE05B0000-0x00007FFBE05BC000-memory.dmp

memory/4752-3060-0x00007FFBE05C0000-0x00007FFBE05CB000-memory.dmp

memory/4752-3059-0x00007FFBE1250000-0x00007FFBE125C000-memory.dmp

memory/4752-3058-0x00007FFBE1260000-0x00007FFBE126B000-memory.dmp

memory/4752-3057-0x00007FFBE1370000-0x00007FFBE137C000-memory.dmp

memory/4752-3056-0x00007FFBE1640000-0x00007FFBE164B000-memory.dmp

memory/4752-3055-0x00007FFBE1A30000-0x00007FFBE1A3B000-memory.dmp

memory/4752-3054-0x00007FFBD8FA0000-0x00007FFBD8FD7000-memory.dmp

memory/4752-3052-0x00007FFBDDB00000-0x00007FFBDDB27000-memory.dmp

memory/4752-3051-0x00007FFBE1BA0000-0x00007FFBE1BAB000-memory.dmp

memory/4752-3049-0x00007FFBD35D0000-0x00007FFBD3688000-memory.dmp

memory/4752-3048-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

memory/4752-3047-0x00007FFBE7020000-0x00007FFBE702D000-memory.dmp

memory/4752-3045-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

memory/4752-3044-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

memory/4752-3039-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

memory/4752-3050-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp

memory/4752-3046-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

memory/4752-3043-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

memory/4752-3042-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp

memory/4752-3041-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp

memory/4752-3040-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 821b1728a915eae981ab4a4a3e4ce0d1
SHA1 8ba13520c913e33462c653614aece1b6e3c660a2
SHA256 36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b
SHA512 b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aee441ff140ecb5de1df316f0a7338cd
SHA1 82f998907a111d858c67644e9f61d3b32b4cd009
SHA256 5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67
SHA512 54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 40054cb73dd68fcf513186a36e7b28b1
SHA1 782f64c46affe72bd6b334c69aae88aa32216b2d
SHA256 136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118
SHA512 8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc63e31d2b8685e141497eb2d3200293
SHA1 361cd64316a78dc9f649b44cc1d1ab99e7f727c7
SHA256 0f89d7184647080a5321c6ae05809c4653fa836489af39b6be8a659d616ace41
SHA512 551353ad2c48d0c5d24ece84262a314ccac3e68dda4e12b8d4bcde72c9129d099720844b1054bceb19e83507efb703e58c0f13a0da9ee6cc0fababd1f078c142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 fb361603fc5f0d0744d0ab8c0a14808e
SHA1 8923ecea853047f3bef985cda8ec7e1d49eb340d
SHA256 94f4a35d32e3d0b102996be302a8e001605b01fa6b64a67c9d3065b5952caf37
SHA512 f30df6ecb43f3299a741f7e86910f4dc5141961fbed4fa5c1ec769437033a1598942b3f5f13824caac3831e942fd1cd9f253e59f31ab0226514d1fde4f8fcaca

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 be31cdf1eebc065bcb624ca96ae09220
SHA1 090899da286c2e48d9e4fe45258b524894bf1fcb
SHA256 6618d22e069aa5b0aef8c48362250fba972e288113ea0e04b7f126a87ec06325
SHA512 a086611e0c1c33d66c429f4753f5ca4ef6d0995ffe214de4e9455c5b9931e70b54df3addb0331b0bf75b3c473e0be7490f9f6783faabb3e8beba676545d49dc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 78a049c86f502df9dff4f392a47ae9d5
SHA1 00e13560f0aff8f8ea98807bf738c29069c6e2b2
SHA256 1631cf0116d6e624299e855acfcad683d276efd7fbe152c89c5944e3630b10a9
SHA512 64bd581d4a60d40fb00538e80402e0e986ee239f5e15c7bf1085f5a6b91634d3f8a1257e417c0f2185b87e3cc5f503f2274d014e0ee42efb22711bc34cb234ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 777d1179e3c007647c294aa9a82f1619
SHA1 812d5daae860d95759214e9447d8ce3f08b8497d
SHA256 68459126a56458d26195122842f98553edb8fb5faf9a6032ec2f8e16e2d2440f
SHA512 6842012600a6423dcfcc99dbab34d3a427fb1bfefbfba999bcd42a1199fcd4feaa38b5f2589c42de42ec0ef45cfbfa7723b4a5d858260d2dd73c0ea0097f6d63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c02c014cc706c4dab7981d93a53826fd
SHA1 3f34f6c035d3b50b17aa5cfbd04cd65c8f76d36a
SHA256 1c0ea82c76a25007634dcfe2f44cb146f8c47b06f4e50864e98a1910bd4f5762
SHA512 cfda4b9ea687eb0dd0979e8789bcd7c5c5e8166a41ae3b88ed525e920684b7456fc488dbc5b73ab2aa0fe9d37eefec1f1cc100ed235923ad384e4a8015bb5e9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

MD5 c0a1881ae749ed7b4b9c778fe1e73474
SHA1 84c89bd9a9615d6a7c80b330a8f798193080d4e1
SHA256 04a16a4b9a93b7c42a55e518b724c156546b783c08a978ba984aeb5472374c7f
SHA512 fd8da4bad862c3f8f1ae6be9f80fb12d61295921ed321494d757da728d6fb7729e3f27321a252f431f59de776f2f77e86c1b1166a745d16a5bcd97d6c0580911

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 428972259d73ea1bd613e3ead0443cad
SHA1 04b6f496688e62001c95ede6939f6c57a7877476
SHA256 9dc99a84034b6c70f1d7e197e09221b3288928eaecedb0921c78aa7d8b2e032c
SHA512 bf207d3a9c0c37855c3dfac9b2e610e25022114d426786edcf09c4d0d18dcdf34212c186a5c1cc910a080d21b500f3be30960558767c07114aaa313fb518ea28

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

MD5 9929c6f68711a286db7758b03c2f945f
SHA1 de8b9fa7acdfb9ad0456f8336bb47aea72f18281
SHA256 72bca315342f97c695db80d0392173d29ded07b2d28fcf9ab6876fa098f719ea
SHA512 374df730935860b170528ac496d33ae483b153e8926c91631164b1c959ab1a955963a5c64a3f44e8021470ce19e7292391c64dc8726f9c70dab3178f5afeb22e

C:\Users\Admin\Desktop\F97A5E00

MD5 375b69d08f5dcbae0b665b05894d8bdb
SHA1 ee64bb8f4ea26c25e6ae502790085ec29ae4e601
SHA256 9ea055659ae19afe84d3da1c15c0db0f6195b47444e84cc99fe422f9f7be8e7f
SHA512 3d55ea490f6d5b683b8404fd9561fb77ee3787a69b43e1cb5fad02e6eb063edcf6b4421a5815e5b6efb6227dcf7a29ae9b89d7aea6dda1fc512bf095b972aa32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\bf15f234-e552-4240-b3fa-cdfec069cb28

MD5 13bd07e90e9ad343c77a134232a06e21
SHA1 9238a552fa28c5f862d058e2500192de4048e652
SHA256 0dfa57efac9f1e8be527aa1fb4dc9a5904907005bcb573826950375e266a85e2
SHA512 f5d552b81de6ae7c8c638d35eb4b544ffb4a673182b7076879fa9415d02a3bd1984899fd67472056d188d80a4f0a6ffe818156682d4447891c6ed812adbc21f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\abdb42b4-ecd1-4a6f-bdf4-76ab5b9b6cde

MD5 53049b7241cd711c380deed75b7ec327
SHA1 4b592b88ce124faf0137751daff00f87fdac5117
SHA256 16a48c52886b7864887a28e9c40a4134040e5c621df5cec5604601e4fe49eb89
SHA512 f95f49a3aaec05e57eabfcca9e5e8425891866f7c414450f0b09ac63d368331c5cd4132a8a51e13b42cd3f4ef983c0950e7bd387c878148bfc4519988e7a18ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\8cb432d6-4f3d-4eb7-b62a-6f6834db1610

MD5 0a491ac99ddaa58b8eb1e851077653b3
SHA1 cb2dedf28b3dc9af1c0b27b77a49805848645a4b
SHA256 f5896722c3ababe1baf0fdc50cdbdbca99a9f9f1fa4c069d4cb5cdbd5421c609
SHA512 bf52f56f53f8bc1d34d5fd00e82b7a79913a54ea1cbd6fc165058484dad8bbbb3c757d70db0ed3e68f1f36e09f46051aa66002db6690e5f7c67852ca69149ad4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

MD5 11eedb3c4de31d62323a2dbaa385234b
SHA1 1c1aad13862df61047e4e85005e02f25dd35ea1e
SHA256 0c19fa856f5f2eeee622633847dd0b15bec1daf134b3fb74665eefbd816dc993
SHA512 22b8880fab3f6ba1fafa8334e280e8e8ef415a13a1bfd5d9daab51f220be248a10c8d81773c2d9d0db1945c0ee60a830cadf55c0d47968c41dff31212f7d6f0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

MD5 e555dbc4d45a2624f6285beb54ba6a09
SHA1 e67d563d652746bfae6662a77330dc2cbdb252e7
SHA256 d43928ff3834927bf97c43626a012c9644471440106f38324ab9aa6d9564f880
SHA512 cb2a6b3f0c870b8e5c52e85a35ddc5c8acc186c5c6eec11bc887a5fc9c54f55db6198309ecad7f256eeaa16d54aa04362105be7e2fad6e1d079fdac9c1edc5c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\activity-stream.discovery_stream.json

MD5 ac6e52b0bee09ce9d9e785a03811a96a
SHA1 de0f8c63fbc8c058d4b91d28d70bc5fc10b00e0e
SHA256 513b81e8b42435334a2e8a4b7889e81d7841a6c4809f338ce3706d4c7d339e87
SHA512 36362eccf82612b903fb5382ccf38e81b3bbd2b1a26ea3627b686f0e8883dc2637ddfb884a0abbb5b4a2663afffc928a8b18c40a270013db66ee3f21cc052b51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

MD5 41ec20f536c273cd1136004476d21615
SHA1 478f1e3338600dd5ad04f307c219426add7e6a2e
SHA256 b5d5c594feac5e4395af9ca4da8099287a825f60df6e738846a9af3f0ce14bbd
SHA512 fef2f7e0be7f7df4c24fc80d09108c0a8dc1ffd40d7effe14b86b8fd12dd5bb08b896f8bcf1b1a10ffba35fe1dee223218e91761541337cdcab06c3966420593

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs.js

MD5 91e9c731be2742ece704a55443186194
SHA1 5b3f0b7afeebfa890fb056fd2094d4a99750c38f
SHA256 47cd8851f903de8f65decf828c1ce4d6f8abfca033e9a07a3204d44e664e562d
SHA512 0dc2f5bda8e73b073e1bc4294db9be073d9ae7b5defc00e5ad5a0423a042111a0f621f99cc3f6a2862a6bc8bf8e2a04422c0212617c0cc31d63a2d89fd8ae23e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs-1.js

MD5 26151ea1d19b54914c0d5e873224faec
SHA1 30b8a86b20ab585951b6456672cf4dfd44f2f889
SHA256 3ac875dd7988bd2377f7768f9647c9ba4dd6d3d8e41b570cc2d2762f6246f910
SHA512 fa1d57c288e00449f422c4b09ada56956f72fe9e131cc6532a391844b3abb42e2f53c017a30e0e74cb2a451ab5259e44e5c8bfd68814246672d4b7c985b48237

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\AlternateServices.bin

MD5 0910ba0211bcd838e9e62c1ad2228afa
SHA1 f1949d56141cd315698dd391b200808ba03e5d0e
SHA256 d2709827981d378a5dfb4e72e88c26f29419849b0c29b7c0154e9e55c2951b91
SHA512 e6c65c6f70e0122c1fbe6fa93dbfcf7864b49cc92e74f9daad3fcbfc23b444144ae79617272febd8921d5da7df654c55a73d4947366f840426efc7875ab6cf3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

MD5 de22ba8732cc2ae103b1849ebfea3107
SHA1 ec3588697704868de829761942f6b22cf16d1d7c
SHA256 54a9fa1742a489056ebc835dfa0d67bb0c755e82d47e1e3ce4b6f88421fe8d50
SHA512 4312ce9665ba324db5689cff0c74ec0d3ec05043bf10e99981642c2ff8eeeb41b48a49ad830035e974b57a41582f70f2a5893ba48f8cc91fb37e31ba653b61b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

MD5 4bddb020aa685be544f3ee471548ded3
SHA1 d72ba00aeb3308e098816784abf0062bcae98941
SHA256 819c775617322451933838c596aa3f4d649f86177e59817a73796641725534ed
SHA512 7b581e645c3ad083fff91b910f4752ce4e1356e6ed0ab9ff2cd410d32312f6772de296fe22eea201177b8dd258dcae8b42c1624cd215bc05d868aa467e73c4f9

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\AlternateServices.bin

MD5 ab672be86abfc028d76e2f16c16f5563
SHA1 62b7167972f4aadcf366de00c6e5937546742add
SHA256 eb18cb6ac9b10e925f79963ab8a0e3ae6d3c8a3ce983911b69192e72e7a57f63
SHA512 48d2b3898ffef7fe48526aa3c763d0a0439cbafa87cd8b15579a7d9fddb0604e9358c239c17daa6c7359e24c766efa16a21043a4288e5101d074faa578b35b32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs-1.js

MD5 aee13dc5c3a2a03d68da32ca7011413a
SHA1 dd9c64fe9406d486ed0d081f9115ac16cd3ab9f5
SHA256 aca9cb08fee265e4a8637e25b5230fab28b60d6777b8ef495d2f95a9eafda097
SHA512 e18586d69600534842e7c3d79f263182baa1eb37f18f8c524ae7412cd29ff7b92dd3fb854a56a7fc2d4349a36c2035c99730d4d47e7ff98b0d46a93cb25661db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

MD5 568cc84070702476ff1326b499fcecb9
SHA1 71050b888687661fe293b49bcbfc122a0bc5b04b
SHA256 687fda4f1c809574f35e0f19155edd84851acfc28e6c1db17ad2d354eca88984
SHA512 3a7c262daa1e5dc9eca747e8ae79abe4297c86553b7dee60c7179573cac8379d7d1fcc466e13bb1f0ab8ddcc7a76f1fe29e81dc3e49ffb509607552891ab4fae

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

MD5 e2d04afa877c52de5db2f42da02d919b
SHA1 1eacef29000315f4a282f88f64b407e4f4fb0da5
SHA256 7fb789369037716b805188852dbbd633ca7084426ef6f6fd6cccc043eae183c2
SHA512 143e1156a28c41ed6966524ffd74950b7b62a558016dece625ad7b7ab4cd8c17d09256ccf18d326f18e34e430055a7d98f3f8fda53edf1529c137f3caeb3b1e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

MD5 3975842e442d82fc6885710fd2839ceb
SHA1 4e5dbbef714d211769fa0efbd66b894a254c7dc9
SHA256 08fb54c610af9c08f448ce860ec34ed83e2d77df89c6025bf14fbe2ef31e41fe
SHA512 d47c2a1ecf1540ee1e35c82667fe78cd9ba01fbd39cc48bba984ce43a7750efe40055d5caf112a40a90757d9c52993bb170eddbe93ef3e1cad4effd30b818a2a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\F2429E488C0501B11AE94E0CC664752BF083117A

MD5 7771016b1a0c92d8788e7caaccb7e5d2
SHA1 392ce109cdd63641e24d9805834c797591623be4
SHA256 658e16b58a2acf7908d41a26536d4f85b8b239d8e4537e2359c7843435f4c67f
SHA512 79545bfb0c28c488f5d61754f213fe284e29ceef37628af1c19e8e0d8bc0ba0ce87d6c1d44ed7ea133c53fc81f7eaab331c05ba26c757be4b6db948731f1f72d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

MD5 f0b075ec463693a1624ee0c0091934af
SHA1 4f77c97bb396ea59842b3f13f99e8f88cfc328c2
SHA256 26a3c04adee6e0b59b536aa0bb6e3ce2ea68ec6e1b12465e667ecbeeccb29cd3
SHA512 20bdda8979df662891c303768170b41c4b6c222d4dc691d7bf3668628a7f564277e095aa823a5111a5a72609e8ac8311d53ac8c1d4039d69dd69ad85a9559389

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\doomed\11861

MD5 46b1187a990a421fc18ea23c7f70bdd2
SHA1 ae9a13c63797340f4e6dbe3c13bf53fce2f33fdf
SHA256 2b0b66c68a298faa7513f587940c6c4d4989f31cce90a94514232467b2ede4cb
SHA512 8fb175936ba4d82cfb4531c4041ef5dea1ce5513e0731762920429d3a74f3538868d03db120221d361d8df1d16e14fea5745316e4ef12264c83b553e84b012b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

MD5 92b7510919acc23149d55f175af3f3b5
SHA1 a832eda91cda5bec015914df5ddae733c508beba
SHA256 e85048397a2ed15084f8166aa89bdaeee518fee798c004b770c499c12983a45e
SHA512 90a68e0cb7893fd5b8ba52c4b52de95d5fa0463f5739e7c2d032a05e1d4fdc00e2317b7dc9f58833593dfa241f25df4340fa7031f12073353ead51eda285cf40

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs-1.js

MD5 99830730f580b4317f7967f8991660c9
SHA1 dfd87b2a34e5e5ed811466d0cb5a396b2fd5f48c
SHA256 dacf56722acdac11c72b75433109c57e309191fa866b00dd37c66f0d9d08f545
SHA512 cee46cf2b7b284e5a2dd4d5022a7b55d324eee320a4e5f6043e10539595fee61f454fca181a9fb05bd8885c557c77d4e5758a884195cfa89bf1061b6e7a4180f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\7D3068195A30D049CC263CE0A0641E65E92E39CF

MD5 b028dcc621baf8c298cbc60ef5cc76b7
SHA1 ddc3a5b2bd2ca11e48d8055a5b56d24f1b5f5bd3
SHA256 0c7e872d49c9b8099d0eead11b591873887517a8f47a7d0c53ade07a909aa92a
SHA512 dbc876ac31441aeda68838c44da020e943b2a2652f824cc76f1534cd441dff77aa4b31e5beaf600e383ce3be2f4ed37bdc7adf1d39b954eff2080b10af87367b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\B3E209C0A977414244AD29090033C0BF9F4E8BA3

MD5 71d035c8174ad4c72836e554850ceeeb
SHA1 4c90bcdffa8fe3682fed22a8d17c27daa4814036
SHA256 24548061a3a464186fb21578f8b5e41e090262e89578cf6cbc82ded4205fcecc
SHA512 1cf389f30bddcb2824cf9874b715a085da3dc3525f282b6e169c4228ec2fcedc615b998685192c5c00826bebb1a3ae616fe7d7d9beba3718fd84e08a43eff7a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201

MD5 e10565fbd87e2598ca373ca7c3b131d7
SHA1 95f3d32e4ea7f953b2e4f0a47e9c7a2a94d922b4
SHA256 5309880b192b6144c8d97e34a83c369569eaad3402a87bd100ea91b7d69799e9
SHA512 852db0aa985d6652feef0a94bee08674e5470234fae6b89ff77b9e9aa0fb9c122ff42fa66802290452638d9c50df808e23b7c8d5020812bab895446b8efdb555

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\2FAC8294461765A1D81BB47B466686C6D67287C3

MD5 26614803ad7d6c153614fbba8fc2fdf3
SHA1 000690aa9dcddbdefb29fb2773ff4078d197cba6
SHA256 1cc137d2611662f9ce63313a674e00ee607c0f0201b602516068c169b22d582a
SHA512 9a5848a602e477e9f84e72fa73ce799988272bff682dfcc7a1a02886ce7cead78bcbf93ba41354ccc7741d9d3a3d04bcacedee77af47866374490fd39f3b890c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JL83CFABEKBAKS9LIY06.temp

MD5 6b0b75adedc67d8581821b8d35390f4e
SHA1 f54351d3404af95ae3e1868478de37e75084786d
SHA256 9230347b0ac199ce4b4f74578d7d2477cd50433e61187602dfd10acdd939baa6
SHA512 c4e430124b89766bab6736673569aa1dc8793019588f055faf91f4fe856c3829e47000f62ff12116009cbedec5623cf0d822f0a05245eeb83edffbf12c82ad84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

MD5 137d53485f043b1e2f65b68515e794c1
SHA1 e047f822a1c8d64a727228e6d93fbaec724a5b4e
SHA256 ef154b83a6c226f7b2f531a90e981af8f207745df231795eede149a40813ef98
SHA512 820f0d140e4731f89f31f37c7528d76e9a86ecb09de302f82659be2eef298a5832de997df0d402d8260dd0ae90ec684018457aa5af90e67fb120b52b7383b638

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

MD5 2a994cdf2f1c988b0911668fe01ca58f
SHA1 94c30fa670173c409ee7d92824b6f4ce6a2ff1ca
SHA256 02fbe0a62df3176bcaa380298887ffc3ff53ab8ce4943ba1bae733322861d8a3
SHA512 3f83fb5a706d5ed3fde1de247cb5ef956ed5d213f05f9594167bfe54c421784be418a49f83b82a6f9c382e3f0222f3374b5bd586b104f5715aae5910133ebc5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 d376b9242ed6f320699c9dc01e64c0df
SHA1 aaae880b13816ddad698d208d382d86a02c1cb8c
SHA256 97fef5e860f1b1bffae6b6fff18b577c1a7a29b8694bcef600b59fe39497e298
SHA512 479f64f4c6dec82ab0a6f876112f1a4666fa29082dfdd3b042ddd2eaa20dd7448d128795a88162e5bb642473b083af8b45a749a510e99c8ba113cf9a75a8bef2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\bookmarkbackups\bookmarks-2024-12-22_11_lyxg1hw4T5jXURaRXgX5wQ==.jsonlz4

MD5 2e7447b0bbbd6748865b8f7ae490107f
SHA1 e8078861912e9cb3de68989ec14365e61cc514a0
SHA256 e2284d8562675accf56af50a74d81b00e2cd9b6ed932a3401157c33b43b8eb26
SHA512 7093a29ebb1bb5b44dceca71f96f6a5d5a4f359facb1a1cd4d8dbcfab4f7ed8773189cf44bf892d50b29fe0796c127c7f35095f556e3e45893dbbdf1809f117b