Malware Analysis Report

2025-08-10 20:48

Sample ID 250502-gkxxna1ns2
Target Microsoft HID-Class Device Driver 5.1.2600.2180.zip
SHA256 78892c2b319f23e6bb542db0ad74c7133fb698cd1069b8d3c1c596692a697dce
Tags
pyinstaller discovery persistence ransomware
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

78892c2b319f23e6bb542db0ad74c7133fb698cd1069b8d3c1c596692a697dce

Threat Level: Shows suspicious behavior

The file Microsoft HID-Class Device Driver 5.1.2600.2180.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller discovery persistence ransomware

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Looks up external IP address via web service

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Windows directory

Detects Pyinstaller

Unsigned PE

Browser Information Discovery

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-02 05:52

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-02 05:52

Reported

2025-05-02 06:03

Platform

win11-20250410-en

Max time kernel

569s

Max time network

578s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000\Software\Microsoft\Windows\CurrentVersion\Run\WebcamOptimizer = "\"C:\\Users\\Admin\\AppData\\Roaming\\WebcamOptimizer\\WebcamOptimizer.exe\"" C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000\Software\Microsoft\Windows\CurrentVersion\Run\WebcamOptimizer = "\"C:\\Users\\Admin\\AppData\\Roaming\\WebcamOptimizer\\WebcamOptimizer.exe\"" C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\Mozilla Firefox\firefox.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\coreglobconfig.dll C:\Windows\system32\cmd.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\WebcamOptimizer\\assets\\Screenshot_2025-04-30_230903.png" C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1736683183\test.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\sv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\en_US\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\no\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-en-us.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\sr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-nl.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\ka\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\az\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\tr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1736683183\male_names.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_838986005\Part-NL C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\bn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\vi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1736683183\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-ta.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_838986005\Filtering Rules-AA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_838986005\Part-ES C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_838986005\Part-ZH C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\kk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\uk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\be\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-sq.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\zh_TW\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\es\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_142661107\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-gl.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_134826771\deny_full_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\fi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\zh_CN\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\128.png C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-de-1996.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\msedge_url_fetcher_1604_1995872575\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_91_1_0.crx C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\pt_PT\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\my\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\dasherSettingSchema.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_142661107\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1736683183\ranked_dicts C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-es.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-et.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1741350427\Microsoft.CognitiveServices.Speech.core.dll C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-as.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-ru.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_838986005\Part-IT C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\lo\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\af\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\gu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\gl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1916949114\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-ga.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\iw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\pa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\el\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1596250491\service_worker_bin_prod.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "142" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906390868559681" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2627618461-2240074273-3604016983-1000\{1A6270D4-501C-4DB0-B984-3D7589E98B82} C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2627618461-2240074273-3604016983-1000\{A3E11D34-1C4E-4A6B-ABED-6F5A89F124E1} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\shutdown.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4084 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe
PID 4084 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe
PID 6052 wrote to memory of 2968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe
PID 6052 wrote to memory of 2968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe
PID 2968 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe
PID 2968 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3028 wrote to memory of 2324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 3856 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 2792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2324 wrote to memory of 2792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\Micro Innovations USB Input Device Driver v3.42.118 - MIUInput.sys\MIUInstaller.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe"

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\WebcamOptimizer.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1968 -prefsLen 27097 -prefMapHandle 1972 -prefMapSize 270279 -ipcHandle 2044 -initialChannelId {d7571061-fe98-474b-89cc-e7b522d35ca1} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2392 -prefsLen 27133 -prefMapHandle 2396 -prefMapSize 270279 -ipcHandle 2404 -initialChannelId {246ed206-f3d0-4a94-acb7-164612e7b778} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3796 -prefsLen 27274 -prefMapHandle 3800 -prefMapSize 270279 -jsInitHandle 3804 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3812 -initialChannelId {a514e9de-db5b-40ca-981f-d001af233c1e} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3964 -prefsLen 27274 -prefMapHandle 3968 -prefMapSize 270279 -ipcHandle 4056 -initialChannelId {f8aa9677-b6f0-4e6c-a52e-42994d04eb89} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2928 -prefsLen 34773 -prefMapHandle 3132 -prefMapSize 270279 -jsInitHandle 3136 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2816 -initialChannelId {d6a57c58-a831-4959-9e27-daf526bb6e4c} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5020 -prefsLen 35010 -prefMapHandle 2984 -prefMapSize 270279 -ipcHandle 5044 -initialChannelId {be3c9b32-3266-48ad-b094-59de8f5c5683} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2568 -prefsLen 32952 -prefMapHandle 5564 -prefMapSize 270279 -jsInitHandle 3308 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5584 -initialChannelId {eb37e983-4290-4aca-a539-3c21f99dc9ae} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5752 -prefsLen 32952 -prefMapHandle 5756 -prefMapSize 270279 -jsInitHandle 5760 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5768 -initialChannelId {4fe7e87c-57bb-4342-a041-22a1c07b049f} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5940 -prefsLen 32952 -prefMapHandle 5944 -prefMapSize 270279 -jsInitHandle 5948 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5956 -initialChannelId {ff9019f1-dbbd-4673-94e3-60949365cc94} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" zri.info

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2dc,0x2f0,0x7ffb1ce5f208,0x7ffb1ce5f214,0x7ffb1ce5f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2076,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2436,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4844,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3696,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4304,i,2317577700407167718,15594300824992119484,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x2f4,0x7ffb1ce5f208,0x7ffb1ce5f214,0x7ffb1ce5f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2508,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4344,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4344,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4536,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4732,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=572,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4976,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=752,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4936,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:14

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3712,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4032,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:14

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del /f /s /q C:\Windows\System32\*"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3876,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:14

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "Add-Type -AssemblyName System.Windows.Forms; for ($i=0; $i -lt 100; $i++) { [System.Windows.Forms.SendKeys]::SendWait("^{ALT}{PRTSC}"); Start-Sleep -Milliseconds 200 }"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5152,i,9422087024301375842,10376777897142471487,262144 --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:14

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "shutdown /s /t 30"

C:\Windows\system32\shutdown.exe

shutdown /s /t 30

C:\Windows\System32\PickerHost.exe

C:\Windows\System32\PickerHost.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 1 -prefsHandle 11936 -prefsLen 40117 -prefMapHandle 4816 -prefMapSize 270279 -ipcHandle 5556 -initialChannelId {f590ee63-63cb-44b1-a866-0550a8037730} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9056 -prefsLen 36932 -prefMapHandle 8096 -prefMapSize 270279 -jsInitHandle 8104 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8500 -initialChannelId {17636096-b5a4-4061-bc7f-c4afc17e0780} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10048 -prefsLen 36932 -prefMapHandle 9956 -prefMapSize 270279 -jsInitHandle 10084 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10092 -initialChannelId {2ac9eca9-f565-46a5-bc7b-39fe4f4a2e55} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13520 -prefsLen 36932 -prefMapHandle 13524 -prefMapSize 270279 -jsInitHandle 13660 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9468 -initialChannelId {e6514c7f-7dec-4ea5-901e-e570ab4efa70} -parentPid 2324 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2324" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3993855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:58881 tcp
US 162.159.135.232:443 discord.com tcp
N/A 127.0.0.1:59959 tcp
US 162.159.136.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:59971 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 34.36.137.203:443 spocs.getpocket.com udp
US 8.8.8.8:53 mc.prod.ads.prod.webservices.mozgcp.net udp
US 34.110.138.217:443 merino.services.mozilla.com udp
N/A 127.0.0.1:59981 tcp
US 8.8.8.8:53 cloudflare-dns.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
NL 2.18.121.73:80 a19.dscg10.akamai.net tcp
US 34.104.35.123:443 edgedl.me.gvt1.com tcp
US 34.107.152.202:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 151.101.3.19:443 archive.mozilla.org tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 34.117.59.81:443 ipinfo.io tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 zri.info udp
US 8.8.8.8:53 zri.info udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 zri.info udp
US 8.8.8.8:53 zri.info udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 76.76.21.21:80 zri.info tcp
US 76.76.21.21:80 zri.info tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 76.76.21.21:443 zri.info tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 88.221.135.9:443 copilot.microsoft.com tcp
US 76.76.21.21:443 zri.info tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 88.221.135.9:443 copilot.microsoft.com tcp
US 8.8.8.8:53 www.zri.info udp
US 8.8.8.8:53 www.zri.info udp
US 76.76.21.123:443 www.zri.info tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 142.250.185.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 firestore.googleapis.com udp
US 8.8.8.8:53 firestore.googleapis.com udp
DE 142.250.186.170:443 firestore.googleapis.com tcp
DE 142.250.186.170:443 firestore.googleapis.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 76.76.21.123:443 www.zri.info tcp
DE 142.250.185.226:443 ep1.adtrafficquality.google udp
DE 142.250.186.170:443 firestore.googleapis.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
DE 142.250.186.33:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
DE 142.250.186.33:443 ep2.adtrafficquality.google tcp
DE 142.250.186.33:443 ep2.adtrafficquality.google udp
DE 142.250.185.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
DE 142.250.186.131:443 update.googleapis.com tcp
GB 95.101.143.34:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
DE 142.250.186.131:443 update.googleapis.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
DE 142.250.186.131:443 update.googleapis.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
DE 142.250.186.131:443 update.googleapis.com tcp
DE 142.250.186.131:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
DE 142.250.184.193:443 clients2.googleusercontent.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 8.8.8.8:53 edge-cloud-resource-static.azureedge.net udp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
US 13.107.246.64:443 edge-cloud-resource-static.azureedge.net tcp
GB 23.73.139.35:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 104.86.110.129:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 13.89.179.10:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.152.202:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
GB 95.101.143.185:443 www.bing.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 23.62.195.112:443 cxcs.microsoft.net tcp
GB 88.221.135.34:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
DE 142.250.185.131:80 c.pki.goog tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 8.8.8.8:53 pornhub.com udp
US 8.8.8.8:53 pornhub.com udp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 8.8.8.8:53 media.trafficjunky.net udp
GB 64.210.156.19:443 media.trafficjunky.net tcp
US 8.8.8.8:53 static.trafficjunky.com.sds.rncdn7.com udp
GB 64.210.156.19:443 static.trafficjunky.com.sds.rncdn7.com tcp
GB 64.210.156.18:443 static.trafficjunky.com.sds.rncdn7.com tcp
GB 64.210.156.18:443 static.trafficjunky.com.sds.rncdn7.com tcp
US 8.8.8.8:53 ei.phncdn.com.sds.rncdn7.com udp
GB 64.210.156.18:443 ei.phncdn.com.sds.rncdn7.com tcp
GB 64.210.156.18:443 ei.phncdn.com.sds.rncdn7.com tcp
GB 64.210.156.18:443 ei.phncdn.com.sds.rncdn7.com tcp
GB 64.210.156.18:443 ei.phncdn.com.sds.rncdn7.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
US 8.8.8.8:53 smallimg.phncdn.com udp
GB 64.210.156.18:443 ss.phncdn.com.sds.rncdn7.com tcp
US 8.8.8.8:53 media.trafficjunky.net.sds.rncdn7.com udp
US 8.8.8.8:53 static.trafficjunky.com.sds.rncdn7.com udp
US 8.8.8.8:53 ei.phncdn.com.sds.rncdn7.com udp
US 8.8.8.8:53 media.trafficjunky.net.sds.rncdn7.com udp
GB 64.210.156.18:443 ss.phncdn.com tcp
US 8.8.8.8:53 pix-ht.trafficjunky.net udp
US 8.8.8.8:53 pix-ht.trafficjunky.net.sds.rncdn7.com udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 a.adtng.com udp
GB 64.210.156.21:443 pix-ht.trafficjunky.net.sds.rncdn7.com tcp
US 8.8.8.8:53 hw-cdn2.ang-content.com udp
US 151.101.195.52:443 hw-cdn2.adtng.com tcp
US 151.101.195.52:443 hw-cdn2.adtng.com tcp
US 151.101.131.52:443 hw-cdn2.adtng.com tcp
US 8.8.8.8:53 www.pornhub.com udp
US 8.8.8.8:53 www.trafficjunky.com udp
DE 142.250.186.91:443 storage.googleapis.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 ss.phncdn.com udp
DE 142.250.186.91:443 storage.googleapis.com udp
GB 64.210.156.18:443 ew.phncdn.com tcp
US 66.254.114.156:443 smallimg.phncdn.com tcp
GB 64.210.156.19:443 ew.phncdn.com tcp
GB 64.210.156.18:443 ew.phncdn.com tcp
GB 64.210.156.18:443 ew.phncdn.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
DE 142.250.186.163:443 www.google.co.uk tcp
US 8.8.8.8:53 region1.analytics.google.com udp
DE 142.250.186.163:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com udp
BE 64.233.166.157:443 stats.g.doubleclick.net udp
GB 64.210.156.22:443 ew.phncdn.com.sds.rncdn7.com tcp
US 8.8.8.8:53 ew.phncdn.com.sds.rncdn7.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI40842\ucrtbase.dll

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\Users\Admin\AppData\Local\Temp\_MEI40842\python312.dll

MD5 b243d61f4248909bc721674d70a633de
SHA1 1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc
SHA256 93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7
SHA512 10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

C:\Users\Admin\AppData\Local\Temp\_MEI40842\VCRUNTIME140.dll

MD5 862f820c3251e4ca6fc0ac00e4092239
SHA1 ef96d84b253041b090c243594f90938e9a487a9a
SHA256 36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153
SHA512 2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

C:\Users\Admin\AppData\Local\Temp\_MEI40842\base_library.zip

MD5 6c382cf68ed7803b71febc9b53153e7a
SHA1 74f0b9126e957ac5f130adb70f6aefec94108d15
SHA256 9e6fb6aaa9aa0e2f5bac3224d19fddd64f8e19121ebd1b964c192df850112523
SHA512 3cdf12d8f669e729ac71d20e81cfd2745831fafd848c45dd3c46b669b9b09039e3a82211e9cb407cda2c75f56141eab46bf6b5059f59cdc3da34b24befdb62ad

C:\Users\Admin\AppData\Local\Temp\_MEI40842\_ctypes.pyd

MD5 302ddf5f83b5887ab9c4b8cc4e40b7a6
SHA1 0aa06af65d072eb835c8d714d0f0733dc2f47e20
SHA256 8250b4c102abd1dba49fc5b52030caa93ca34e00b86cee6547cc0a7f22326807
SHA512 5ddc2488fa192d8b662771c698a63faaf109862c8a4dd0df10fb113aef839d012df58346a87178aff9a1b369f82d8ae7819cef4aad542d8bd3f91327feace596

C:\Users\Admin\AppData\Local\Temp\_MEI40842\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI40842\python3.dll

MD5 2e2bb725b92a3d30b1e42cc43275bb7b
SHA1 83af34fb6bbb3e24ff309e3ebc637dd3875592a5
SHA256 d52baca085f88b40f30c855e6c55791e5375c80f60f94057061e77e33f4cad7a
SHA512 e4a500287f7888b1935df40fd0d0f303b82cbcf0d5621592805f3bb507e8ee8de6b51ba2612500838d653566fad18a04f76322c3ab405ce2fdbbefb5ab89069e

C:\Users\Admin\AppData\Local\Temp\_MEI40842\_bz2.pyd

MD5 fe499b0a9f7f361fa705e7c81e1011fa
SHA1 cc1c98754c6dab53f5831b05b4df6635ad3f856d
SHA256 160b5218c2035cccbaab9dc4ca26d099f433dcb86dbbd96425c933dc796090df
SHA512 60520c5eb5ccc72ae2a4c0f06c8447d9e9922c5f9f1f195757362fc47651adcc1cdbfef193ae4fec7d7c1a47cf1d9756bd820be996ae145f0fbbbfba327c5742

C:\Users\Admin\AppData\Local\Temp\_MEI40842\_lzma.pyd

MD5 e3e7e99b3c2ea56065740b69f1a0bc12
SHA1 79fa083d6e75a18e8b1e81f612acb92d35bb2aea
SHA256 b095fa2eac97496b515031fbea5737988b18deee86a11f2784f5a551732ddc0c
SHA512 35cbc30b1ccdc4f5cc9560fc0149373ccd9399eb9297e61d52e6662bb8c56c6a7569d8cfad85aeb057c10558c9352ae086c0467f684fdcf72a137eadf563a909

C:\Users\Admin\AppData\Local\Temp\_MEI40842\tcl86t.dll

MD5 bed46aa40c392c9068aed5f94857d398
SHA1 227561d5f6a592dedd7a8b0ffe0c284f9bbf23e8
SHA256 22a1746363151a19e02f92f9b7bc4849038783be34c04f311a11df69fdc1a039
SHA512 04850421617366faeaa711fd28dcf58ff1bc5aa2b0cb962fbfc47b5ae645b3726f3decc19d0b36b23c6b00210badeefc67f83ba6f0a81d6de57dc27001ac19be

C:\Users\Admin\AppData\Local\Temp\_MEI40842\select.pyd

MD5 7e871444ca23860a25b888ee263e2eaf
SHA1 aa43c9d3abdb1aabda8379f301f8116d0674b590
SHA256 dca5e6d39c5094ce599143cb82f6d8470f0c2a4ce4443499e73f32ed13333fd0
SHA512 2e260d3123f7ca612901513b90fe40739e85248da913297d4cca3b2ebd398d9697880d148830e168e474ebfc3d30ede10668c7316ed7668f8b39da7bca59e57d

C:\Users\Admin\AppData\Local\Temp\_MEI40842\pyexpat.pyd

MD5 b34ca0fcd5e0e4f060fe211273ac2946
SHA1 f7e978eb8adda4bf74739ef71901e0e3aa12ea8c
SHA256 b6670d91a76e9f00609752ab19aae0b1ebe00d24d9d8d22068989bbb24d0aa44
SHA512 010774770dd5c4355c336ece7bfb729d2e616bba62bfb9961324d3b314396f1f535b5adf50621bfc0517c03587c912568e19602173a43f297a5f638aa9296500

C:\Users\Admin\AppData\Local\Temp\_MEI40842\libssl-3.dll

MD5 4ff168aaa6a1d68e7957175c8513f3a2
SHA1 782f886709febc8c7cebcec4d92c66c4d5dbcf57
SHA256 2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950
SHA512 c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

C:\Users\Admin\AppData\Local\Temp\_MEI40842\libcrypto-3.dll

MD5 123ad0908c76ccba4789c084f7a6b8d0
SHA1 86de58289c8200ed8c1fc51d5f00e38e32c1aad5
SHA256 4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43
SHA512 80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-stdio-l1-1-0.dll

MD5 4a3342bce6b58ef810e804f1c5915e40
SHA1 fe636cca0a57e92bb27e0f76075110981d3b3639
SHA256 2509179079a598b3e5dfd856d8e03e45de7379c628901dbd869ec4332ddb618c
SHA512 f0c626f88f016c17fa45ea62441dd862a9575666ec06734f61d8e153c5f46a016fe1d9271293a8e29afbd167f7a381e3ee04cb413736bc224ac31e0fe760341c

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-runtime-l1-1-0.dll

MD5 dc8bfceec3d20100f29fd4798415dc00
SHA1 bd4764be2833f40c1cc54229c759f83d67ae5294
SHA256 4950d0a97cb18971355247feccfd6f8ea24e46bca30f54540c050e4631ec57a8
SHA512 cc7899ad716a81af46d73b1cb8ded51aee9619f2accc35859e351fb8ee4f965f5bcc9adbb7353ca7a3c8e39d36c09481f66519cb173da1d2578718c764fb6fae

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-private-l1-1-0.dll

MD5 cd9cc79e885497f4da7cce77551ea160
SHA1 160427067df3cdf6fde3277a2ce1c69d82cedc5f
SHA256 7da01dcebc45ba07374a2bf5d88d6746b91bbb3a299b75458889d4ba7f5c11ee
SHA512 0b109f990c74ebdc995ad1f3c40a20e4478141a6714e74d3a0085f636e67423809b835f144eace9a65d38278ef33e0d5d8fbd890cde98ca8c30990d8e5a19aef

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 952eea89949b7facd3f22b127f51d5c9
SHA1 c1bae3e284f734a175f9e42c302728454d6c5976
SHA256 808b4c22e32b829fad8468d7991bc81ce23f9c702b1d3d6fd66b58c1e18dd780
SHA512 3223657cb44e79b4880a025def07334f8ee993083055030cf5b23451a8bb67c58dd9f6f9cc62983d9a9a716509fce722f3660b1c39ed2aad886c971acf11a660

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-math-l1-1-0.dll

MD5 a12569b252b6761a6330d2ffb6c2983b
SHA1 cc6bdb88b252144af816976a181d2b3b961ce389
SHA256 ab0de0cf89f88b947e01a5ab630d71384ad69f903cef063ccb10de54d061ea2e
SHA512 ee9cb0e2c613374348a34e4a65c83da8d35e6e841f50eed726ff397c7bb6ec430ed200b3b1a541041a91ebe5ae0c96270ee7b891c8c173b340c82abd2cdf8750

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-locale-l1-1-0.dll

MD5 78fc4a7e489f64ea5e0a745c12477fd8
SHA1 51ab73b5142ee2f742abdaedf427690613a19f4a
SHA256 c12c28e3391a8c8adcabe4632470de824118c56338f46fcd8b99257709f50604
SHA512 c9064ff0b39421b28720e65e70695a997995cbec80f1534d88b886bda1797a7316d9b61e458b894b528c7bce21c36f1d4acd916de96d0cdfde59107ea93cd5d7

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-heap-l1-1-0.dll

MD5 481282554b34e19c77978dc7888434e6
SHA1 bd33f1189fc79ac57716f9d030ef0bdd30205115
SHA256 8895c5ab2152a7f25f0c44a3457867229046952106d422331a1c57ad7935b47e
SHA512 fbe98fda91618dd980709babd8e56b8c4c4ff370e6de23075f89303aafffd723dddfd270f388c573914385e957add756bfe2b1fcef5f9f86cb30e111177a52e9

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 1fd59e1dd71eb3bdadb313029710dc33
SHA1 82f5de117d9c55247da873ab8ad23f4e07841366
SHA256 953e4403094ec0c3e8c3a9ab38012cc36d86ac5fe3fff2d6b6c5f51f75737c46
SHA512 69608ff0127587b93db86c8cb27a932fa4b550c7d8d908f9fb8579ba2bccc6d43e7283363f7b46dd39a40a8c790a030028a78302703658fd5d68f5ee9452a5aa

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-environment-l1-1-0.dll

MD5 4eeb879fceeae59927f98a1a199b59ca
SHA1 3bb833edf4c10b42b7b376b93644ccc7f9a4b0f8
SHA256 e1b95e27cad9da4f0bd8bf4c913f49b9b8da6d28303f2946b55da3bd7feb36a3
SHA512 6a43eb0c660395a60d17401e948bc4da010261197ea13b5c9e043e7ee93c30eb17efb9b6b138ecdd77ddc3d0caa98921b57bfc244f6cd554417a0fba5c9407b0

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-convert-l1-1-0.dll

MD5 55e742035343af7b93caeeb71d322bed
SHA1 121134dfeca618ec3fae3fb640e541141d0c7b65
SHA256 2364fa428deba813b8a27b369acea8ed365aa5c9da776d57e146576920746f0e
SHA512 601474b8c9185cb734df191f4382590f1466c0a32773e17c73afa5c1446dc648253d44e4ebad6ce0d29288afb1d7794c09ff0d7cfe81a3adc3dc26b3da46103d

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-conio-l1-1-0.dll

MD5 43760078912b411595bcded3b2eb063d
SHA1 bd00cd60fd094b87ab0cff30cd2afe0a78853f22
SHA256 0a9bcaa55326373200396bb1af46b3058f8f7af7be3289544dddbafdec420fea
SHA512 d779f67bbb6e9867bcef7667c28e0032c01f36b8ea418504e9683240a6c0d9640b24d1dc5fa78cc9dcc4515f7be0d314f27ebcebc047b2e0f71680905d87827b

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-util-l1-1-0.dll

MD5 85a8b925d50105db8250fa0878bb146e
SHA1 4b56d7eb81e0666e0cd047f9205584a97ce91a01
SHA256 f3324803591d2794bad583c71d5036976941631a5f0e6d67c71fc8ba29f30ba8
SHA512 cb074508052fafa8baa2e988e0f4241411a543e55a6a9fee915029c6aa87c93cce1f0b14fe0658361b6b4ab6880b31a950c215404c0d71d8a862d4e74ab3b797

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-timezone-l1-1-0.dll

MD5 953c63ef10ec30ef7c89a6f0f7074041
SHA1 4b4f1ff3085fded9dbd737f273585ad43175b0a3
SHA256 c93954167c12e15b58ac95240d2e0a2fbd94561d739d9f6aca906d9c30453496
SHA512 b4534785e4d02ad387e3c6082884d438cc4b3cd8758aabcf99620052f5842dbd298351bc1723c274d4f7d3fce0cc940df3d47865fece2f07cdb1151376ba852e

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 1f0ab051a3f210db40a8c5e813ba0428
SHA1 e2ec19439618df1d6f34ee7c76108e3ea90a8b14
SHA256 2d4cdda6d6aec0b1a84d84528380c5650683b8eed680f3cafd821ac7f422070c
SHA512 a8ba535580d6756ac30e725411980a8d17e9a8aa1229233bb7a9b15c55b18b61136772d5d75cce0edf21b0f300bbd4d2458a4c69762261e928ef3cb7d5a14bdd

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-synch-l1-2-0.dll

MD5 b865442fb6836a9b933a216109ff3d0f
SHA1 15011fcaea649ca016fa93996639f59c23b74106
SHA256 498194cfe8b1138385595a7db3863adf29a9663551d746fb64648ffd075186b3
SHA512 eeb9fa00a941c4b30320fbb9ecc2717e53d13cd12394500d795be742dbe25c5fdf8590e9fe7f3b210a9d9aa07c7392419823a6a947591e7a38707a87309a2b76

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-synch-l1-1-0.dll

MD5 2c4be18e4d56e056b3fb7c2afb032e9e
SHA1 9620c91a98175dddccc1f1af78393143249e9eb9
SHA256 56657da3db3877624f5dad3980df3235fe7e1038916627c0845b5001199d513f
SHA512 18cbb5671ed99b475c7f6ff2d41943ba6d28fbbd781884bf069d1aa83f051c00d61baa11459dcca4fe2a4bc26c3540e1f598e4e0ae59a5e18d340a68b695ed78

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-string-l1-1-0.dll

MD5 9ab1bde57b958090d53de161469e5e8d
SHA1 8452aed000b2e77040ba8b1e5762532cdf5a60ad
SHA256 199c988d566f19e8c67f4cd7147a7df591cd2f2d648cbc511a5e4580346e75f4
SHA512 cf53c6885e154a05f8773d6b66a605049d70cc544f22a11d423c885608cd387446306ce6dfee2cc4ee9387cdc0a50da55948b5e55ad94acde7c7fd04fe38a137

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 c03daa9e875ff8638f631b1c95f4b342
SHA1 71eaeaccea8a302f87d1594ce612449c1195e882
SHA256 a281ae7a487ecea619e696903e5a8119ae3f9e9eb2f0b64b31a8324b530a4d35
SHA512 efa6ca2710f9827888f2cfcb87a321d66593b39988ebf743f37e2b8fe77dba9517bdd8571d0be7573cd6e1c786c1edba10857cfb6060e315aa0d46a16523d43b

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-profile-l1-1-0.dll

MD5 430d7cdd96bc499ba9eb84bb36aa301a
SHA1 48b43f6e4ffa8423966d06b417b82c5f72525dd9
SHA256 3e16b030a162ee3b4f6bf612af75d02a768a87f2d6a41a83f5adab2ec3c24dd1
SHA512 51042ebca24086e1d0015fa921816a2f3c56065e1e15190b48c58656eb88610d64acacb87584981963cab501985c2cb68e53075cf5e0c65761bbddaf56fbbab0

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-processthreads-l1-1-1.dll

MD5 b1ba47d8389c40c2dda3c56cbed14fc5
SHA1 2eef9ffa32171d53affa44e3db7727aa383f7fac
SHA256 c7277c05dc6b905fad5cb930b0ecfbbc4676b46974b4571e54ca44cb6f6be404
SHA512 466e31f17f73bda5149343b23f4966502a8597d2a2e43f9a6c9c32387451d92c6b658ccaae27044e68e4a9fd0ef9c89e32dc7639d59fcf04c596b6abfa09658b

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-processthreads-l1-1-0.dll

MD5 d21be88a58960edfe83ccbbdf5c4103d
SHA1 3cb0d010837b77102e77ca62e1033ef4eb5473ac
SHA256 3e909b4951e485de391f9a101e513b32c6d3507674c4d666ad3105b939b25c24
SHA512 99b1fda3ec9292a59ed528ab243b4f8ac63e2d7b219135f26050bb7dd124a5d5dc4a14a69383a8aa0b03f0f0a3bccf0c233ef09b8e3d3bdf43d0aa1cfc1a3992

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 df64597430e1126c3ba0fe5ecf995004
SHA1 3e32ad558501fb9d108f885a55841605be641628
SHA256 9638950211cbdcdaeb886cab277573391bf7dda2fbdb24fc18d31125dc8a7c24
SHA512 e16c1f5468bf2fc90b66b4b66dbad62cdbe29180f8da8ab8ad28d1b0c418cb96eadf24bb54f2ee9bcfe3176256d05f7eb591b6f908e47bd420ba22768fe0ea61

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 94fce2f4b244d3968b75a4a61b2347ab
SHA1 c5898af5fd941c19fcdd949c6b4e2bb090d040d2
SHA256 c513bdc265654d2e9a304423f299fb46953631f0d78af8c1d397cd58b491475a
SHA512 1afe1f3a9b803c5758ff24376fe040d856b5ca814717b490464260c9c78e70ce6c166efbcc98e26ac12dd6173285b4863da7df4ff644d1d8150f8ac4b47113e1

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-memory-l1-1-0.dll

MD5 5e93bf4aa81616285858ca455343b6d3
SHA1 8de55be56b6520801177f757d9e3235ec88085f7
SHA256 c44ec29a51145281372007d241a2cc15b00d0bacc8adfaac61e8e82efe8ea6a3
SHA512 e6a46dad1d7125dbaaf9d020100d7ec321620e38fdd1c931af74e8ec25e841c52555ec9646a895ad4450de94f70e82e9a237c2895ddfd16769b07cb73ad827e0

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-localization-l1-2-0.dll

MD5 0414909b279ea61ca344edbe8e33e40b
SHA1 4ece0dabe954c43f9bd5032de76ec29c47b22e10
SHA256 05b0c773a77850f3d50ddb4b82cc4d5f19316fe1aaa65e21b4709ae73f60a28e
SHA512 edbd33540cd1ef69f2ce824cfb991903ec6e4edda815f07d610247594ceeb2ebc78f05a44b4de8c5c937191b7e8b2ef221423c06df303d73deea721c25d15eed

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 5eb2d8e1b9c9bd462c808f492ef117c2
SHA1 60d398ec6e72ab670a2d9ef1b6747387c8de724e
SHA256 db85f9aae6e9a5f1664326fa3fb82fe1002a3053857724d6c8d979a07c1221a1
SHA512 df0ef770368f153104f828f1c2381bea9a79e69defd43af53bdd419b7d80144831e0c4cc8695baee9f26928f0c4a00fe4837c872313c37bce1b23e6690a93bda

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-interlocked-l1-1-0.dll

MD5 5a1569efa80fd139b561a9677a661f8a
SHA1 fb0c824688e65ed12f52fa961ef3bae5674f32af
SHA256 41c1eaf5545109e871abef7386ab1abf9d2de1762cb4720c945afa8424858b00
SHA512 1d2594c7f9757a95b41a9e6496f89c81fc96448b32cacb0c10d0db8c28a95cf33b3ad23348bcd8fb37d82bd72865d3c60944206f2e795686440de49bbcc39d7e

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-file-l2-1-0.dll

MD5 50abf0a7ee67f00f247bada185a7661c
SHA1 0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1
SHA256 f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7
SHA512 c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-file-l1-2-0.dll

MD5 3473bc217562594b5b126d7aeb9380e9
SHA1 b551b9d9aa80be070f577376e484610e01c5171a
SHA256 0d8190fd619feb20df123931108d499132f7051f1ebb0ef246082f4c52c88b22
SHA512 036b93457ade632ad68264d81ff26ee1156038e234c606882386d6babcbe722a18e9ced1655f97caecaf5fd514e261dafe999a3e9fec00cc677e177f0bf8e203

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-utility-l1-1-0.dll

MD5 4653da8959b7fe33d32e61e472507d54
SHA1 6d071b52f40dc609f40989b3dd0fb53124607df8
SHA256 b7e186a946119791e42f17e623732e23f864f98b592c41d95b3da0532ea9d5f3
SHA512 81e17cf4b64ed5efba191d35b1877384544557c3001efa0321a755a35413740ae66e39e39f573d3184ef8c893c739a74d37f170fe540f81177a83b44bc18ba6d

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-time-l1-1-0.dll

MD5 9bc895e2cc140e168fa55372fce8682b
SHA1 579d71e19331625dda84baa9d8b81dd3bafc9913
SHA256 287f80b2b330cc5f9fdf47de50b189993ce925b5e2b7a6da5cdaef9c7d5f36c1
SHA512 de0e5c6f9656106fcf2443d863d26c4b16bbb5b40e676199f9c459be02b4837a2d32bddda82543eb2e0bf14a27edea7f5d506914da8d63da77ed7ccd2204aa65

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-string-l1-1-0.dll

MD5 2e657fe299572eacdac67f4b9f603857
SHA1 eb4fbc0147d4df5d4ef81953bc1265d505a19297
SHA256 ec3c2bff10b9469ac9c6ed109307731a1a4694fb54856ddd082a2ffd3cc34df2
SHA512 ee3899584ecece342accbd73d681358cfe8b4fd2ed07cf3034b14f3d04e3b03e5d6d041a0afcb0b2b2b5afac118032317b5eca00d11f7703d9d0dae0e3ac38f7

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-crt-process-l1-1-0.dll

MD5 38d1c8d2aa2023d85aca69286d79fb78
SHA1 a97e806268dc4ee781ec2bfb654ed8bf91c2a83a
SHA256 381a09a63b5818a2499144adbd8c5f6bbcfce93d643e9920cc54485006fbcc48
SHA512 fc71441009ebe69dfbc04a791cb401306cb88f7bed5290cd899e234d290209917dc7fbd0d0d1a16ceb056858c77306b8ee5f3c17432f3594904b73b20162738e

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-heap-l1-1-0.dll

MD5 5846d53ac41102bb6f7e1f78717fea7f
SHA1 72254f1b93f17c2c6921179c31cd19b1b4c5292d
SHA256 059dfa16c1bbe5ff3a4b5443ba5e7ad1d41e392a873b09cfef787020ca3e101f
SHA512 0c29c0f562f1cabd794d8bf7f5cef0b0213fcf52a71eb254e0122f88c6e03558cb2259caff6b46d3b055101ef5422318e48d6c7568cbf2423212b8ed4e8f0f7f

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-handle-l1-1-0.dll

MD5 53b1beee348ff035fef099922d69d588
SHA1 7bc23b19568e2683641116f770773f8bcf03376b
SHA256 3a52229bf8a9df9f69a450f1ed7afc0d813d478d148c20f88ec4169d19b0d592
SHA512 85c7ffa63483d69870cd69bf40e2b4ea5992d6b82607ee9bfc354c3bd5079e18cfe2ca0bcaa2fe493b42226f4a8097737116ea023823ce3ef177596dd80edcdb

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-file-l1-1-0.dll

MD5 ecee1b7da6539c233e8dec78bfc8e1f9
SHA1 052ba049f6d8cd5579e01c9e2f85414b15e6cbf8
SHA256 249d7cd1c87738f87458b95ace4ab8f87b0de99eeefb796f6b86cba889d49b2c
SHA512 ea21fe20336b8170b2a8cd13df217e9ee87aa1d2b0ba476bee2a97c3fce57648c9ab664b9ba895d5bbbcd119f2bb6633bedc85dafbd7bf6853aa48b168a927f4

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-fibers-l1-1-0.dll

MD5 73dd550364215163ea9edb537e6b3714
SHA1 c24fcadfee877d5402e2b4f8518c4f5f4a2ce4b4
SHA256 0235c78780eff0bd34fce01d1c366e5e5936ea361676cb9711a4cfff747d457a
SHA512 2406d9d44d3ed86a95248b25cf574e0c06533cd916048a2facd68f4db48e49e8e8ce1917091bcfb273d0acc210697ceb659930c896e51464c300ec06476d8cc2

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 a17ff429442d4e5298f0faf95950a77d
SHA1 522a365dad26bedc2bfe48164dc63c2c37c993c3
SHA256 8e9d1d206da69da744d77f730233344ebe7c2a392550511698a79ce2d9180b41
SHA512 7d4e31251c171b90a0c533718655c98d8737ff220bcc43f893ff42c57ab43d82e6bd13fa94def5bb4205caec68dc8178d6b2a25ad819689f25dad01be544d5ac

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-debug-l1-1-0.dll

MD5 c68a86c180ff1fcac90d1da9a08179c1
SHA1 c287951441c957931dc4ebbee4dc9426a4501554
SHA256 2c91c4861e88c92693a1b145ebe2f69ffb90797cd42061e2d84f3d7fc009a941
SHA512 857fbf9852596ef7263d8faf970128487413c859246f58b15cec32d11576894c47211a3bd9005f86c2a28fa6b67fba96831c4953c0fa24e2373a6daecb85e121

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-datetime-l1-1-0.dll

MD5 d7ad8db12ff42d620a657127dada1d88
SHA1 0ca381c734a3a93dc5f19c58dadfdca9d1afccd8
SHA256 26054d8febab1aacf11aa5cb64055808cd33388a8e77d0b3bcbc7543b0eea3bd
SHA512 7e2d6b60adbf97b22ab4b66691e483827d5755cfc6fcb5224369ada53cbd8cda43c4694a000ea4b5cebc69a475b54df0e9694c20afd9ec62b4db7b22241bdc45

C:\Users\Admin\AppData\Local\Temp\_MEI40842\api-ms-win-core-console-l1-1-0.dll

MD5 4a8f3a1847f216b8ac3e6b53bc20bd81
SHA1 f5aadc1399a9da38087df52e509d919d743e3ea7
SHA256 29b7d786d9f421765a4f4904f79605c41e17c0a24d7f91e44c0b7b0dea489fc3
SHA512 e70d2b719517c413fa967ca1a8d224299af55d988b3cc28013aaa3677660fae9ecb6f858d31c08cd8a0888f932af1384f0eaa928c002200f0710c2d5bddced1b

C:\Users\Admin\AppData\Local\Temp\_MEI29682\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 d04d4dd746fac339d662de0bd01e3612
SHA1 936660a9544f7879092c1154cb8fdf8fb03907e8
SHA256 f8f6436d595719ced88ddaf3d091c7c1a7f09bcbbdf6aa0c8dc72a6a88f2801d
SHA512 12cb23841a8268f1da899484751309de750f5537cd1bd65f27fbc1c0f16246df903bd1303d22ee5565f72e4fcefeba72bcfdd74dcf0307c66c39f4d2dc1a8dc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\ce8e8acc-6aa7-4788-a882-5a38c25e845f

MD5 1778f16bddaebcab6f3a9d32c099fedb
SHA1 04f5f2aa0a03e8a18df4b3eb43a112fad3412431
SHA256 c4e05262130dff87a6a70097d3cde0277cdd19b9d7b00cd0949fad1029e06c1c
SHA512 85bd63303981f56ba973f5ee2a2714b5b2fee62cacb8337f9cc001544ae81b3112ea925292edc1b47b1be22102826cccc9120fca065e716ad6031eb7c2852aa2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\21fnvccy.default-release\activity-stream.discovery_stream.json

MD5 d74beeb6a5c61aeeb688256f3cb69710
SHA1 8e060b35a658e9350aa404b0eac6cbef29c0a5e6
SHA256 4cf9d852da3a51cfc7da405ad2816c8d3e0b32bc00e6db730543a5e3472e1ef4
SHA512 c823c01cdf5916adec48da99120bc016e8257c7cdbb1c1d4399ba73eee4e176756ddd1ed4220d4eb7dafadb0d1e15970ab7ce867c903c21e4856e3527f47c31e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 dd4d3ff80eceb9af768e8e714af29fa3
SHA1 bf16de1452aee14cfc37a1f1d03e8c6b874329fb
SHA256 772df6b83081bbcf4df6450809c6084d75e1c80d298f4ff740307cc10de5930e
SHA512 679931fb4a8fc58ce164917b682af2d885612e2d57a757938787af2459205222e328c26185acbae57f62bca3449e0eecfca8324e236ad8a21c3b36875104b29f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\bc37cf76-2adc-4488-8ad2-9d925f037e1a

MD5 34d88a6d3eeb77a72eec784adcd7302f
SHA1 f9df8ed0401fb75a2ba33d9cdf9b754e198007d1
SHA256 2252d90a7f73c65162e2fa8b0b775bda73280c0819322aa3a9c7ae34c3b2f2d5
SHA512 652ef5faafbbd77615bab24883cba76cc84d6446155f96f334687703923e38494d29a9ad3c20e8df50d8ede0097e9b159ab675bbc7ba70e0f4fce7d1f320b967

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\8f2b645b-b236-423e-9667-7707215f8cd6

MD5 90097335fb9804c837b0ca9736e58b66
SHA1 c76fec0ab9017cae98245e891671049ea879b06e
SHA256 af8b8f0728a92561f1190d8a5167a9ca9862a70afb28129d835d0f8bd379eb45
SHA512 f5f456f54f19a7d0bf792905731c91e080d1894002d8a0d6001ca4d0c161b7aa1931db0f6cac6abfa2ea13ef28b58ea56b38590243ce6ab4e13be0a4a8048586

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\8b42cdfc-fe3b-4882-b94c-fae89ef762ba

MD5 b1f39fcc31cb29a1aeadce38da28243d
SHA1 2e01f4a95387be4caccdaf0e044322c085a657f7
SHA256 1224557f0c6855e625d695074d3d13898d1e021cce62e7a84de729ad0244d099
SHA512 c0be24a21b05a29e46d169a72f190e61e0242f865492b342d4acb9c850209467453a9a12235f37b95e1cce36baff61992f8d9ceb83299c7fd2e242ceef7b8ec5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\3de333ae-c872-4cbd-ba85-e14afdcc61d6

MD5 3b61bdcdb06c4d02132f5068f064f91c
SHA1 b5787f0a1b113de66f568102baeb70bc0f299d64
SHA256 a29cf7c394e28a41d8c1cbeaccc4d3ecad000e61d6a23456f78515ec88c73421
SHA512 8871b92ef4a0b74e91dac2e52deb4574a7a14f7ebe446a8dfa16fd1dd9dbf74f9d8889538259bfac69324ebe25344c07839dc1efb68666e426dfe6efd9dd962f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\257c69c0-16fb-4910-b17d-c994ceff4d11

MD5 658d6d18de7b905145bbfe3c9beffa2a
SHA1 3cbe4be3f50ac0105ce4085eb86f7b889b25303f
SHA256 ead69afa40f99ef0fd65bdaddb319bef3c5c189f926976da6016900fbf9855ac
SHA512 e144c21bc9d215ed7180f63f679fbc5a3f4f2bb1d856333bc7e64a4f3429ba7d6519d66892af2be73d47884302bb688383112d1c5d2226252aa73813ffcae91a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\events\events

MD5 9f22fee6520e8af124b44daefb6edd0e
SHA1 631057d0da08a28511b3ecf672d1cb6509b0f6ae
SHA256 907cc1c757766fe9ac936deac69df7a198d9a9fd2dee18c5439121469e24beb7
SHA512 63c1e5a5da23aa96fd3073e90a421b5f1a7201346b205a9195479225cbc6569adda9fc7c997acd1d9d465a33103356a92eb72d8ba6b86ac64b37d9812e79a93d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 0e4878b8fd7b40b484526f03ee0ca560
SHA1 5733c3e25f0aa7bfb35c02dea58c8f151ff47314
SHA256 1e6fe8b71f16652cac8dbb5eda79a99d378df90f98b2f5afdb407d74a77eebf5
SHA512 642adc4579442b0c6bc80e2fb46cce7b88dadddfe31a0f799f0f1ca8b2025b87bfbde48897e4b1ed3df60c9e2ed4b0c07a00b00a60d4646d17a9cd95bc26d814

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs.js

MD5 d8d91fa1dfc6faa39161e93d322e680a
SHA1 7f8997752be4bf1221ed287e763cd6deed1a6948
SHA256 44d68dc815ffff73840dd61c8fe0a658cd40f1accab698bb621aede3c891c2a4
SHA512 dd6b045fd7aab9451eca8935f90f2260dbdfe8a8320d15fa270544f4d5c7095fc36fb3e84e859f357000f2a5ce0a9436e7a61d67e08759d3bf8f4db3b1972205

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs.js

MD5 7988ac0c37f01487c16b59bc4dbd182e
SHA1 458901717e02617593cc1b9a39992d308bce47f0
SHA256 ac108b0feb0c80ef5c3ce7e973cc0714b8ecd3657f1a6ee508c030c72a92ddb4
SHA512 a6edd65fa60ef9b7c26177079e69bd21b9ad336ea5812a20bf2a4f07419e3480319d3824bf56082bd106a2434bee33e8c8f6b18640609fc1ed74ec327a64f1b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\sessionstore-backups\recovery.jsonlz4

MD5 09a756e6e19b3a77f7199e62dfab0c22
SHA1 e4ad83029357874d3886d63f671a305e3415b0dc
SHA256 62179f2ef6a35ab3205fac2a03ed04e130214a820a7ceff6f0505058009146a4
SHA512 cb2d833eafb4fb08f9d3fce5b246ce1935a4b60331a30379bf3a76153e98a8d03103a689f4e6041334dc565c54bab983134a585aca065476d1dbd4232b35e1ca

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 e690f995973164fe425f76589b1be2d9
SHA1 e947c4dad203aab37a003194dddc7980c74fa712
SHA256 87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171
SHA512 77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

MD5 ae29912407dfadf0d683982d4fb57293
SHA1 0542053f5a6ce07dc206f69230109be4a5e25775
SHA256 fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6
SHA512 6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

MD5 626073e8dcf656ac4130e3283c51cbba
SHA1 7e3197e5792e34a67bfef9727ce1dd7dc151284c
SHA256 37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651
SHA512 eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\AlternateServices.bin

MD5 9ec1bfecdc355b409834cd5e4492ee65
SHA1 9198159be0b602edd68c5cd6ffc8c28b0b4bb35a
SHA256 95584dd2adf75033c3f92fd48e96151c4e80ccef7b5d279d974582c91e89b415
SHA512 10f2927c1d764fe95d2b4de2faf6e3933075656783adb4494705abc15aaaa8e9114683fba24e436e292d2f0656c9069e85afb08a4a30a03a9b8d11c3dab19309

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs-1.js

MD5 d09e1a66e5831f1df27ebfc141d2eed3
SHA1 8ab03c0529253e1f7a283d4bd82ece169a0658e0
SHA256 950160916ecf966e15d800e626b019e9c36042e482245338e919d3158235ed64
SHA512 00cefb74cc641d9575ae05d2c8bcdc781ac4bf921d6b447e4f3c66e3d522c6c298acdf565cf2819d237abd8c84a0d586d0cbff7d6be2359e23baa5c8a5909506

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\21fnvccy.default-release\cache2\entries\73EC3764FB3BA737E60C1F3545992FF513570DA7

MD5 e21f1e7ded54c82e6a614de3bcac56c0
SHA1 5e9629b50e002c440333fff685b5109c9bc97cf1
SHA256 75ef6e2476c92b40ec0f8cb78246fad17d3d439c0eb1af9372b7ba316869945a
SHA512 d70be9ccfebb9b9daf3484e42af83b53ccb20c7f4302344ac8b984246c95789f4f4a79174e0f020ca9c17881c5300bc2eb1505bd8a9524b3c61d521d9ca126e3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 bcceccab13375513a6e8ab48e7b63496
SHA1 63d8a68cf562424d3fc3be1297d83f8247e24142
SHA256 a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9
SHA512 d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

MD5 32aeacedce82bafbcba8d1ade9e88d5a
SHA1 a9b4858d2ae0b6595705634fd024f7e076426a24
SHA256 4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce
SHA512 67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

MD5 1b32d1ec35a7ead1671efc0782b7edf0
SHA1 8e3274b9f2938ff2252ed74779dd6322c601a0c8
SHA256 3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648
SHA512 ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

C:\Users\Admin\AppData\Local\Temp\19665d5c-f8fd-465e-b679-2345b53724ee.zip

MD5 055e2e8bb57abdd27d5a1659bb194334
SHA1 907dfaf13a61b75b061a9b54c0ef63634ae8025d
SHA256 9c763deb27b8082f777e2dfa60809e91b5a9a9354c05ffdffd5e02bdb7a8d136
SHA512 a52d75b52125e35c34a25b9f4e33edafca29a2c1b1b8e34d53a041994f33512f12005506738b7489b48380c2875d7efd03cfede13cf00887b6430bee1e55a6a3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 25e8156b7f7ca8dad999ee2b93a32b71
SHA1 db587e9e9559b433cee57435cb97a83963659430
SHA256 ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986
SHA512 1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\extensions.json

MD5 fa8a465e4131126f54d335b982e4a869
SHA1 c3c77cab975bee2b7ab55c1999b245546c58bf29
SHA256 33cbb8adb95f6d73ba37de4be1bfdda0f0e1145523d38af20d9204d1071c880a
SHA512 1c776ec073ad2c902f6309e0e1a4fa878de7cadc8deb8f44dd6ea0787609e53dab993d33829bf2f52219b27067ea057ec12385bef8d8debfbcbcd58c014fe065

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs.js

MD5 eb9ee10045d0d8b8a5a56e82218ce46c
SHA1 f33819e566d5cc24a188f1a262fb2b5cac6c9519
SHA256 9c04bb5ca8a2b760e8ca33479b2776cc661292582f02456282419bb43d64153d
SHA512 a08da2b33494a0abd5736314883ad4f87c509bd507834d88ac6c01262549b024643154057e31a2bcc32dbef4de9ee526137b6ef0828ff3d01d167effb1fce28c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 db48c7771f45323f485da21fac252163
SHA1 e3c6d6aa6acb89c910717c65f12c783682aff2d9
SHA256 3a4fe885ac4e51ba3feffc1c3bac3e9e491d7d3859a78fba5f12d9e52f1754ef
SHA512 7b0d9b287fb66cec0332335f01b838b45012627a67e67ec99914212c46c9c33d32299336a77ce40d015ba6186159ff8838773143895d72175d3fa7ea9c9a014d

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\assets\assets.json

MD5 b86afd9e4a7ba1540c29e4c7440df7a3
SHA1 b048d7d413ec649cf720b281650d01a0acecbf02
SHA256 3426bdd182944c0c4e9fcb940dbb235f5e5135d67e0e78c29c7b906f7709e230
SHA512 6752e3ce6689eec12a9aadeb84291dc0ff5e545a91fb824e1b42bf1f5821d112686a41e69581d96859be0cb451bf95a49c5e94ee9a0ab6c196a1aa554736f018

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 1b8eb1aa8f1e013574cd966c4c62cbe7
SHA1 62d640387c07dc739ff56c276c5de1bcf6b31c7e
SHA256 72fde76d92a33c91a8697176232e1d2f602e6164fa3ff32101127c13c43e0999
SHA512 5665cff3187181e67d05b461f9b6a628514ba045c2150206136a57b613d9135cb1928221d36259e3298b297c14714975afe8d56738c3961580989cadb153dfbd

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 a73562ca719b0ad9ba4a2d5b5dd8a2c8
SHA1 65555a548b1e0d18cca0898087ac28785ee07545
SHA256 b1a44bb270f82cfb6af80ab60f60c2063628d0f93c95aa3d0a06d361df549e39
SHA512 6152b12e3fbc3c38fb17e4c6c9ad112f48f90b45879a9f7cbd6c83888a0d64f2f077a7bb78fe25b355e3751a935b72bab7f3322b20557868877c6923634df153

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74e6355f805feed11841c844da55a09d
SHA1 2eb5958b6b1c7e83bb77ff3919e826ad37880d35
SHA256 1b3ab595bcbac31f97e7632a85c9d7126175ec9d2c19645cb1001cbe0d576caa
SHA512 14f0c0d1b3017773cc2ed89763f6727a3708c1452e00fc350ac6fac9b661920184dc7457d9923f25281849466965b30bfc095248f319dedf06ec797f51fdeb75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0c45ee0655e29b0a935a305e66bba8cf
SHA1 ad52868d94ba826e1f0b9db56d8fb7ff1c8fff2e
SHA256 d23f3010a3dd3688741250e254dd07d508883c099e1911c3e7d0854be85ca599
SHA512 479b8d020e5f818a452c050f27488928faed74c6d329ab58befc860f5bf76878efcdd03bd0eb7b83f22afb4e74aa40c7a0d6bb29677cb4cc03ff4dbd2687bb2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5b77bd.TMP

MD5 02e481e215ef479f2be600ee5f4a18f2
SHA1 f742cb68dbcdd8cb59c7fd3c694e3e1937507b13
SHA256 6d15a74be670fc77c43373ff6781b3e42998c15c13d5b1519f8c9678c824d783
SHA512 f57b4d33d4db464c2e4bc5ff6b00ec74bc087380dcb0e8d7bd1dcfe1400199d24c883ef255d41eedddb0caa8e342272c167754c8969c65ca56979bccf00a9c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 a07b78ba0da41e1884ad26b03627dab3
SHA1 935edc0447e1df05c3790fabe9cbaecd219fdbcc
SHA256 76e47155809d5132a23bf9a6d77f5f80dd56854850fefe0ee5db400086464c36
SHA512 dbe83da079e956380a13416e202118efe1a5a9f9e9de5e317b0275ad09cbf3f5b489b9a049300208a0c403657c8d69083d8c2b721dfe63369307d1888bcb7cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca674321b901d7633360bc95b53dcf6a
SHA1 68604d2eef648ad874624734df7af99023d14f97
SHA256 0005c0e4bc8ecec765f8148fd8e790071900cb49a583e01ac96fd457f4ed520b
SHA512 269372ea6d56875991477171fb06223ed014afc886eebdf75767074e0b957ed5ecdfe1e802489a079c0eb98953b45ca1bcbb99ce7f1bdf69e55223e1e2b1fdec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 86ca5ee1bdcf2bde859e42222d411a3b
SHA1 ac0b5a3fb9531d7c2f2c35291ac3505476e707a8
SHA256 878707fea7436fba1080849f291c523ceec32805ef8667bde5a954396effab95
SHA512 a6565d4b406116cfb1b76fd598cbe5a28f3cfe7fc4471ea1228ea40be0185a0f8696fcee863d5cc5a7b201f56235892fba995cfe59e5a0fb36d2b266dbc2162f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 b786092a59367245f757d8c4ef8df07a
SHA1 d0c4caa24ffb503283efbf41a97a60185baa6ff3
SHA256 8578d20eece868da7d3ea07c0f9c5e9fd86abdaab70ba71dcae838bfc157cd56
SHA512 a0cdc7c2f7dcb1dfdff9f0ce4e1d50479ded11b2bf3188a54747ec2c50b7586ac22d50c11f48a462ee3c9dd1631b9b036500917194b22da3bb5526e05913efcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 dca47e6363f25846a2f2a5e2bde205a5
SHA1 e91d794718222f094db51449b3a5f84cbb48addf
SHA256 064eae758175d5119f866288001099e9ea40368aa76a5e5622f6365dc13299ed
SHA512 8d1d4c6d28fdbc9c3f0633c2df62dd8690b69fcd3cc5f6137708c5ea9ee0e9cca1670efc50a4f696d6d537d325ca6641594e082f296829161ff33f7a7d9baf0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

MD5 b0917d8e6c5b6be358bff67f84eb8336
SHA1 a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256 dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512 cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

C:\Users\Admin\AppData\Local\Temp\ba19d135-11a6-4a6a-a58f-287337b10c45.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 125f21da76d282e8de17aced128b4773
SHA1 6ca6f729e4303719e05f7160ee97e4bf4b5708ca
SHA256 e266101d4284d719a69da00c70ed1df91e0374b92bf38ad08b6f63efa1bdf1e2
SHA512 bb9ab50cf3918d66dca83fa8d477825c57be533c57d5a62abede07ad874e259eaac3971f68a82a4efd2fea637ba8fa98f1d1dfe7c2a1063fae272b16f73d9780

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 dc8a98a200a16f00629b8608f8555454
SHA1 7dc612509cfe72c5d4d8f0606b157490cc466472
SHA256 ff16db1b5300abb5dfef4e5cb72f1645e5b091ce0984ba2dc83fa6c51fb72813
SHA512 e1f92ccaaaf0e0c9ed811e852cfa9e00ab2736958b3c1c14ec303667ae8544830df360fd9f3c45b7aebf606590002754a552bdd539a02e1dc5db5c558eb37145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 56fa669504e1e5c2af14648711d1247a
SHA1 9c7cfa6ee776e5a0e39de902a0a936747627435a
SHA256 2b91c22f2af7c380e6bdef0325e4460c3201eabeaf8d4a831c0f91c6607dab77
SHA512 dcf30cdd977c46603dc0e9f5cec39904bb58aaf3221d96d5b80b1682dd46515230571fcbdcd231b78ce92ffe6aeae6d2d95f99edc475ea4e39938cf6fd4cadfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 2287154e90ff3f8b2148b93fd175bc6c
SHA1 c99749abdb945475f27db23f765a123e1697b19e
SHA256 9326d54b81c7db7b0eec0e48a97cfd60ad3114ba20c653e6e898870ceb7c4b98
SHA512 56c59bde91de3cdc6c76941df7ffe49cab45bc4c3a93a3ed020804c6b40c28626c781f51f956d55d9ec88d4df929887e3591f4cd00dde0897d5257eb575c2aac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 1e84fee7337cedf0d2314f4bb91679ed
SHA1 6542ca96a10b531a03dcca8d63a26cee3190b505
SHA256 803076ad9011614bf8e5eee362c5ed01f0f2427fd74c0a7c3e5cd3c87e88448b
SHA512 4db42b9fc81cd2da4890ee40fb39bdf84c1efa098ee81a7595664063c4daaa48e24efa7bb8fe15249b6713cff971c9e1f296cf50cf8bf028ae40a52db1a48b60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 3f8927c365639daa9b2c270898e3cf9d
SHA1 c8da31c97c56671c910d28010f754319f1d90fa6
SHA256 fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512 d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 90c94f3a1c393a0793963a8c1ea1133a
SHA1 86c3184ba09f241b915d4f310cd67ebae33d420c
SHA256 07d2b3fd38797c358b9fe521c7609a2c0f6de66c94701545bbbc7329ffa6b043
SHA512 40fe2959f1992f8a2749e739e4eddb0591007fe8a3aea69002934c708465c3eba4a602c7466127d4b6dae1346c6a723e8cd7f4af6c32834aaebdab6e9070ff99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0fb80007351ca0fd61ed508bf89ecfc2
SHA1 6eb1ca86f68fcb006704f1c6dc513c1c14b91df3
SHA256 c18b310d54a13daaec3b7cd31b087380d429e79d6cbe8219931a0b58810140c2
SHA512 03b661c0419a0a73a28e29b7febf36e3822fc4ef8a06d4b30828478294c4ef283aae94819d2e2d5af971b3d42e936ebda6403510266229852434b99cfbaf0d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 3b1b763665064324d3d9203e23b5f586
SHA1 f78ac1370f5306c76158e0ccd1c873516b3ccfd6
SHA256 2e7dd9bea352db9ca73721fc2cec1ba2c89e1e8e7dd53e8aad364835eec29af8
SHA512 035cf8f88f8999fbe5fadd92b4f503c96453847d17ecf368c38fc286a3a0ee3ee8bae69e7288e9808ebb95aa683c28c73ad0d87f8f673339ec06317e6552a159

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\21fnvccy.default-release\activity-stream.contile.json

MD5 e86798a7ec407bb996ee79ff3f57d657
SHA1 622d2146dc214c32dad6da5d876192ff5e6a1a06
SHA256 3dd9709f4eaa6088b0725522fa134c4a46c2a6be072ad512b03a32bb0f23b198
SHA512 874a4ac13118b6fe601e651487b1f57dbad94aa72c1a74c8f6f871ef6c3ef0d8a53475c884b6d75fc1d1ef9ba57b7e6ccdbee11b3f2ab5531cb88bbf4ca64ff6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 65aa7a6c14cb6facf922b193ca6ba4ed
SHA1 0cd92b8c46775e0ba64b48a718b2195337f510a8
SHA256 adf5c488d48d156f197d0d66a33c030ea1603a0a6f92b6efe49f312794ef1b3e
SHA512 e463f12ebe722212c2a26b95b44aa9910eb3c3dd7e286a053b8aa0bf14e4e2015959b3b246138c568df92a43fee014e45b66a22fd6b267561be91af65abdc416

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_134826771\manifest.json

MD5 778202dc964e7fb0ab5bed004f33fb14
SHA1 932ed013275e2c1172575885246c937c7cca87af
SHA256 4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA512 9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_134826771\deny_domains.list

MD5 085a334bdb7c8e27b7d925a596bfc19a
SHA1 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256 f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512 c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 b049532383b52591cdac839b694c191e
SHA1 4f7362452b290a7624a67f041a3487c0b56e3a8e
SHA256 d9978c5d525e73e304c57a3b6b99e8be84c4c54f889141635bb076ab90f89b96
SHA512 c8def66adbcb5c535aecb33399b808a64757a2f8ec81bc66af8b7a81939939273dc52522fd06ad9e0941abec587e82048fbbca6a60740ef9f811f2089a020efe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

MD5 0de1aaaa0b8e7b2981af2fd6ccf704d7
SHA1 94f165be64ed2e67d9815c8f8ef5f83ca36d072e
SHA256 80f13eb2ca8aa21af8c50f9fd4ab469cc418b6cfa1df59b0db8c1792f0ae3bea
SHA512 2b4d3f9b231507fb59c641baedeb334686a2725c201440cf7820e84265fe3c1ee14ca0b9bbeb8845aa5f68cb44222e24813289c3349c824d2cfc6e4f63cfdc53

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_142661107\manifest.json

MD5 a0fedd9b29991ae92455f05414e5fa74
SHA1 300c53982db6bc2bf1875a8e85518e93b94d1f15
SHA256 e3fede606090dcfbb6446f4da29cb6ef3afe7d0b0c8faeff52f7feb2557fdfc8
SHA512 63ce6bd825cb611f34ae5d3a71eee40af7afc460d5a6ece59d4bb86d37a38a9e6a519d30adb720ddedf332754a3ba5f44b578cac3a610ecb8182c0ac3912615b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.1.1\typosquatting_list.pb

MD5 45b4f63711eaa89d9c9792be8b19c2b1
SHA1 59c28d96b19377751accf132f1c42557e2e1fa8c
SHA256 9144637db432c2e17209b2893ba67278fd1acdad9231096674caf7a6b4236253
SHA512 43902e07f6eca8141d458e84d1fc136d850cdf1551597993099de6e2496d29686f8f93263be94abe023588ef5f979533d3e1baf29688c992bc902eea550f8256

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\assets\assets.json

MD5 fd9c954de868eeba55256c3dd98861d7
SHA1 5d083ff0e7a3c89600b8f645b8173053f012824c
SHA256 8679dd81725e5ed5e73c9423f39bb3a1d544741448cb91bb8a84b5c3794e200f
SHA512 570a6ae9096334b295806933b366ce10bdf37effeef0593127d3e62074dde04ca1afaccfb5df529344368c68184381117e5bfcfccb7588b272f3f7d220237fd3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\fb253677-464b-46c0-9db9-ad6e0db9858c.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 51330909ffeb6dc4108380ad1ec90748
SHA1 e42c7076700fffa1538574adf00e217cb2dcfa98
SHA256 f9bf70056f4e0b53505b6ae8f04c1b5142386406aa04027e4e0d56e5d9f0a0ff
SHA512 f863aa1cc1d0c313917ec72be10ae25672d59c64a274d08eb6d3fb7256e357f4cfa6f3a0dde38bb90235df7e0904b04877ad06674370b1ab99baef4d727ddd2c

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1736683183\manifest.json

MD5 b721bdf2924d658186ac8868dbd2c008
SHA1 914aacc65bb7933bd73aa06f8bd2ca0b04de3858
SHA256 dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3
SHA512 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\assets\Screenshot_2025-04-30_230903.png

MD5 951a66019d02b6c8359be309e24f1f78
SHA1 f0461be00e2029945da8479644bdd1aaa59e5f07
SHA256 de7702909ff04313eca59475a8dea7cd34755cbfe8a17fd491b832efa7cd3f19
SHA512 470fd2dc6872bea446bc654ee2e042e69758e1e27d2f0d6fe1d852d4494f6029ae39f3c6749e4dbc3811374e895822c97130950a995502b814ef68a0eb4286c5

C:\Users\Admin\AppData\Roaming\WebcamOptimizer\assets\assets.json

MD5 2c64d77f0127ba0c95a922917441f557
SHA1 54887e367af30f66f51195a6dc17bcef574c9c30
SHA256 a81347c3fc0510319a25ce1af8c139a4dea0be911c84e4718fb391f77b5d6c5d
SHA512 62a688a82f967bd0cfdee5c3b132afde6b037fb8769539a27c57394fdc5119e4cae27c306c3cc258cf3d700c0cf7550beb24380dcfbb4623d3e113b8024e8442

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_1741350427\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_307763886\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1604_838986005\manifest.json

MD5 a4edf901d950a9758ffe578ff1b03212
SHA1 cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5
SHA256 aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd
SHA512 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

MD5 faf01ed2c0020f8fa512ff379d82c211
SHA1 233d104dfe718231837e33c5543085b6dba5cd8b
SHA256 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750
SHA512 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs-1.js

MD5 1939a4518c58684d734e016aeecc22a2
SHA1 585edbd75d8327d7c98c8059155629bd0493b8fd
SHA256 9bfcf7bb6df33bbae88cb1687f64b361b4a9bf5a60ce40a8c6b461811c1deea0
SHA512 4235f62aac261240ce522880e3bb7c3ee7a66fe8cdc985fd93d08520eb17021175441fcd24d0beeeef60267ea354f98ffcb36b57d605f184c0f9dc45d3483c86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\storage\default\https+++www.pornhub.com\cache\morgue\129\{c1ffbdd1-244c-469b-aecd-06df0f8bbe81}.final

MD5 9798527e4888d5d4113bf20a322b430b
SHA1 e66459c36de806742f7d4b101407ed00c3107ff2
SHA256 67dec1ecb506dc5b0a773f9a65ac368e476df45c61c055cb1ac082f784aff8e6
SHA512 1d50cba842cd9c351816c035d1d88d53e5cbfe3986fafcc232b2ccbdc412dc1040800949782f053bbd6dd709364b59fc34273106b0a3d82a7c16e4339905336a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\AlternateServices.bin

MD5 2003aaa44ff1cbcace6befd6ccf25a7c
SHA1 17756a56b084771e7df27c17f6b14e46c670eeba
SHA256 5250cc006191e35834f4091c16acbe08e89a0b916d6c271755fabe0bbc68f9a2
SHA512 530986c1653c3ab5d47632402da097b3b8bc20833e675df298f9da924991cfa05b88162c18b8811362a3df768b8b650cc2851fb99f2bf7caccb1bcfc08c0c2d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\events\events

MD5 adbdd4f048c7cd15b8750335d8539a5b
SHA1 c05644b71034e1b2b813ce5468e425f22de737f1
SHA256 56622f4c7dd2f339ecef69b0554db5574e418df3c553f4605090e97a20e7bf1b
SHA512 51c8aab363a3f62a50f55aa05b08a34a75c0e26374514f12ba0899cc53b3b14c005c64614ad7ed8d878fab23da3ae8e53eae89d66e904cdb108cfb1d3cd22642

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs-1.js

MD5 43226267b2c5c28d8a79855db5aa79e1
SHA1 66d197cafb0faf7cce5e9e388e96d0817a85e9c1
SHA256 ae17ded1eb98b452b3df81a0a0bdbfd82744d2027275012db84d49788a3b1d31
SHA512 cf65cfcae7e2cbccb093938cd69819b837c67aa26f56120d4e0cfea47f7099b3993a27fe0349b9b5e64f04e5cdd0ab1f713c78b138f13b7be773de6fd24e91c5