Windows Analysis Report
https://www.wemod.com/fr/download?title_id=16170

Overview

General Information

Sample URL:	https://www.wemod.com/fr/download?title_id=16170
Analysis ID:	1432191
Infos:

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Maps a DLL or memory area into another process

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Source: unknown	HTTPS traffic detected: 172.67.25.118:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49778 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41

Source: global traffic	HTTP traffic detected: GET /fr/download?title_id=16170 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: www.wemod.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AfQPRnlBHVf9QbAmjPnmJQnDwEcerxafOq8p01cAfJ5QoFk2s6gAMnMY_23BNiizXK2e-3smriJGTe2WOZO9s5X2xejbvoKpPILOKN2-0t9ZbrurACaLAMZSmuXX9slHldVQ07B5bvw6KCm_x6CONA/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_76_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vx6bTDOtzbzKA7k&MD=A2MOXoDe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1714748051&P2=404&P3=2&P4=i2pGAIUHUg6kMwpWcJNe7zGN8wmXyNyU4ER2LSpE0zLZg1SYKRaXJFfRQNHLdZ%2b4HQv6Z%2bro1S6aV6QIHCV%2f4A%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: u2mOi4MKcr/QWsovoKJbGXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vx6bTDOtzbzKA7k&MD=A2MOXoDe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: download@title_id=16170.2.dr	String found in binary or memory: <iframe data-src="https://www.youtube.com/embed/d2otcZsVb_g?showinfo=0&rel=0" allow="autoplay; fullscreen"></iframe> equals www.youtube.com (Youtube)
Source: download@title_id=16170.2.dr	String found in binary or memory: <a href="https://www.facebook.com/WeModGames" target="_blank" rel="noopener" aria-label="wemod facebook"> equals www.facebook.com (Facebook)
Source: download@title_id=16170.2.dr	String found in binary or memory: <a href="https://www.youtube.com/WeModGames" target="_blank" rel="noopener" aria-label="wemod youtube"> equals www.youtube.com (Youtube)
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: download@title_id=16170.2.dr	String found in binary or memory: <a target="_blank" rel="noopener" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.wemod.com%2F&src=sdkpreparse" class="fb-xfbml-parse-ignore">Share</a> equals www.facebook.com (Facebook)
Source: download@title_id=16170.2.dr	String found in binary or memory: <script type="application/ld+json">{"@graph":[{"@context":"http:\/\/schema.org","@type":"SoftwareApplication","name":"WeMod - Les Triches de Jeux PC et les Trainers","headline":"Ton jeu, tes r\u00e8gles.","thumbnailUrl":"https:\/\/www.wemod.com\/static\/images\/meta-fr-f131ef6734.png","isAccessibleForFree":true,"keywords":"wemod, infinity, tout-en-un, mods, triches, codes de triche, modding de jeu PC","operatingSystem":"Windows 11, Windows 10, Windows 8.1, Windows 7","applicationCategory":"http:\/\/schema.org\/GameApplication","downloadUrl":"https:\/\/www.wemod.com\/fr\/download","installUrl":"https:\/\/www.wemod.com\/fr","featureList":"Trainers, Triches en Mode Solo, Mods","fileSize":"75MB","softwareVersion":"8.19.0","genre":"gaming","audience":{"@type":"Audience","audienceType":"gamers"},"author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"offers":{"@type":"Offer","price":"0.00","priceCurrency":"USD"}},{"@context":"http:\/\/schema.org","@type":"WebSite","url":"https:\/\/www.wemod.com\/fr","name":"WeMod","author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"description":"WeMod est la meilleure application du monde pour la modification de milliers de jeux PC en mode solo. Personnalise avec des triches, des trainers, des mods et plus encore dans notre application gratuite.","publisher":"WeMod","potentialAction":{"@type":"SearchAction","target":"https:\/\/www.wemod.com\/fr\/cheats?q={search_term}","query-input":"required name=search_term"}}]}</script> equals www.facebook.com (Facebook)
Source: download@title_id=16170.2.dr	String found in binary or memory: <script type="application/ld+json">{"@graph":[{"@context":"http:\/\/schema.org","@type":"SoftwareApplication","name":"WeMod - Les Triches de Jeux PC et les Trainers","headline":"Ton jeu, tes r\u00e8gles.","thumbnailUrl":"https:\/\/www.wemod.com\/static\/images\/meta-fr-f131ef6734.png","isAccessibleForFree":true,"keywords":"wemod, infinity, tout-en-un, mods, triches, codes de triche, modding de jeu PC","operatingSystem":"Windows 11, Windows 10, Windows 8.1, Windows 7","applicationCategory":"http:\/\/schema.org\/GameApplication","downloadUrl":"https:\/\/www.wemod.com\/fr\/download","installUrl":"https:\/\/www.wemod.com\/fr","featureList":"Trainers, Triches en Mode Solo, Mods","fileSize":"75MB","softwareVersion":"8.19.0","genre":"gaming","audience":{"@type":"Audience","audienceType":"gamers"},"author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"offers":{"@type":"Offer","price":"0.00","priceCurrency":"USD"}},{"@context":"http:\/\/schema.org","@type":"WebSite","url":"https:\/\/www.wemod.com\/fr","name":"WeMod","author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"description":"WeMod est la meilleure application du monde pour la modification de milliers de jeux PC en mode solo. Personnalise avec des triches, des trainers, des mods et plus encore dans notre application gratuite.","publisher":"WeMod","potentialAction":{"@type":"SearchAction","target":"https:\/\/www.wemod.com\/fr\/cheats?q={search_term}","query-input":"required name=search_term"}}]}</script> equals www.twitter.com (Twitter)
Source: download@title_id=16170.2.dr	String found in binary or memory: <script type="application/ld+json">{"@graph":[{"@context":"http:\/\/schema.org","@type":"SoftwareApplication","name":"WeMod - Les Triches de Jeux PC et les Trainers","headline":"Ton jeu, tes r\u00e8gles.","thumbnailUrl":"https:\/\/www.wemod.com\/static\/images\/meta-fr-f131ef6734.png","isAccessibleForFree":true,"keywords":"wemod, infinity, tout-en-un, mods, triches, codes de triche, modding de jeu PC","operatingSystem":"Windows 11, Windows 10, Windows 8.1, Windows 7","applicationCategory":"http:\/\/schema.org\/GameApplication","downloadUrl":"https:\/\/www.wemod.com\/fr\/download","installUrl":"https:\/\/www.wemod.com\/fr","featureList":"Trainers, Triches en Mode Solo, Mods","fileSize":"75MB","softwareVersion":"8.19.0","genre":"gaming","audience":{"@type":"Audience","audienceType":"gamers"},"author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"offers":{"@type":"Offer","price":"0.00","priceCurrency":"USD"}},{"@context":"http:\/\/schema.org","@type":"WebSite","url":"https:\/\/www.wemod.com\/fr","name":"WeMod","author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"description":"WeMod est la meilleure application du monde pour la modification de milliers de jeux PC en mode solo. Personnalise avec des triches, des trainers, des mods et plus encore dans notre application gratuite.","publisher":"WeMod","potentialAction":{"@type":"SearchAction","target":"https:\/\/www.wemod.com\/fr\/cheats?q={search_term}","query-input":"required name=search_term"}}]}</script> equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.wemod.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/14/9672/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/149/9807/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/16170/24091/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/43046/132505/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/44802/149491/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/49/9707/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/57522/513833/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/67221/998545/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/77777/905782/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/81248/995557/460/1/thumbnail.webp
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.6.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: download@title_id=16170.2.dr	String found in binary or memory: https://cdn-4.convertexperiments.com/js/10046150-10046491.js
Source: Web Data.6.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.6.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.6.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.6.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.6.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp.7.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.6.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp.7.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://community.wemod.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: download@title_id=16170.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.0&appId=416727938524079&autoLogAppEvent
Source: manifest.json.6.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log7.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log6.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://gaana.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://m.kugou.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://m.soundcloud.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://m.vk.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://music.amazon.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://music.apple.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://music.yandex.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://open.spotify.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: download@title_id=16170.2.dr	String found in binary or memory: https://platform.twitter.com/widgets.js
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: download@title_id=16170.2.dr	String found in binary or memory: https://support.wemod.com/v1/fr
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://tidal.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://twitter.com/
Source: download@title_id=16170.2.dr	String found in binary or memory: https://twitter.com/intent/tweet
Source: download@title_id=16170.2.dr	String found in binary or memory: https://twitter.com/wemod
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://vibe.naver.com/today
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.telegram.org/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.whatsapp.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.deezer.com/
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.google-analytics.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.google-analytics.com/g/collect?v=2
Source: content.js.6.dr, content_new.js.6.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.6.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp.7.dr	String found in binary or memory: https://www.googleapis.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.googleoptimize.com/optimize.js?id=OPT-53T5WHN
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-K7ZLZSR0WX
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.instagram.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.last.fm/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.messenger.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.office.com
Source: Top Sites.6.dr	String found in binary or memory: https://www.office.com/
Source: Top Sites.6.dr	String found in binary or memory: https://www.office.com/Office
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.tiktok.com/
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.trustpilot.com/review/wemod.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/de/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/download/direct?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/en/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/es/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/fr
Source: wget.exe, 00000002.00000002.1662480113.00000000001A0000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr, download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170
Source: wget.exe, 00000002.00000002.1662729904.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1662308905.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170?
Source: wget.exe, 00000002.00000002.1662676428.00000000011A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170NSERVE
Source: wget.exe, 00000002.00000002.1662729904.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1662308905.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170_
Source: wget.exe, 00000002.00000002.1662676428.00000000011A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170s
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/ja/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/ko/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/pl/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/pt/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/static/images/meta-fr-f131ef6734.png
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/tr/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/zh/download?title_id=16170
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.youtube.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.youtube.com/WeModGames
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.youtube.com/embed/d2otcZsVb_g?showinfo=0&rel=0
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.67.25.118:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49778 version: TLS 1.2

Source: classification engine

Classification label: sus22.evad.win@57/306@11/10

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\d52ce31b-b738-4bbf-b124-233750020050.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Login Data.6.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.wemod.com/fr/download?title_id=16170" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.wemod.com/fr/download?title_id=16170"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\download\download@title_id=16170.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2100,i,8280702734010801450,1076502928605854625,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\download\download@title_id=16170.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6296 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6548 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,16353303745652073765,4587380498974727283,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2016,i,14563752989006235143,9510457546782628012,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5496 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.wemod.com/fr/download?title_id=16170"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2100,i,8280702734010801450,1076502928605854625,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6296 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6548 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5496 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,16353303745652073765,4587380498974727283,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2016,i,14563752989006235143,9510457546782628012,262144 /prefetch:3	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.1662573916.00000000009F8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown

Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://www.wemod.com/fr/download?title_id=16170" > cmdline.out 2>&1

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.25.118	www.wemod.com	United States	13335	CLOUDFLARENETUS	false
152.195.19.97	sni1gl.wpc.nucdn.net	United States	15133	EDGECASTUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
23.50.115.142	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.217.234	unknown	United States	15169	GOOGLEUS	false
142.250.217.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	162.159.61.3	true
www.wemod.com	172.67.25.118	true
googlehosted.l.googleusercontent.com	142.250.217.161	true
sni1gl.wpc.nucdn.net	152.195.19.97	true
clients2.googleusercontent.com	unknown	unknown
bzib.nelreports.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.googleusercontent.com/crx/blobs/AfQPRnlBHVf9QbAmjPnmJQnDwEcerxafOq8p01cAfJ5QoFk2s6gAMnMY_23BNiizXK2e-3smriJGTe2WOZO9s5X2xejbvoKpPILOKN2-0t9ZbrurACaLAMZSmuXX9slHldVQ07B5bvw6KCm_x6CONA/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_76_1_0.crx	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b95cdb7-7a95-4c48-b923-e882043f6a87.tmp	JSON data	8200BE4DF968A3EA9A833BCE88E5DA9A	E491AC11CE5995DAEC8CB2954FDBC0D267B97BE2	68DE6CFFAD71AD414EFE838339B56841BA3793E7C57D34FE53F0F98BAE4785F7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2c5428f4-2867-4588-8bdb-2c88587f0cff.tmp	JSON data	243830CD4984233344F100AEF8DD650A	B76BC53A4EE8D98816F4D050D8FEE51F5D566B19	BA1FD317F0E636C3A692B26E5BC38B69B5DE1999972DC9FAFB4E87D1ABFF93A4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3ac3a3e2-f16f-4bac-987e-c700660314cb.tmp	JSON data	243830CD4984233344F100AEF8DD650A	B76BC53A4EE8D98816F4D050D8FEE51F5D566B19	BA1FD317F0E636C3A692B26E5BC38B69B5DE1999972DC9FAFB4E87D1ABFF93A4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6d3dc265-8f07-4424-8dd6-b842b8a9b8d6.tmp	JSON data	8200BE4DF968A3EA9A833BCE88E5DA9A	E491AC11CE5995DAEC8CB2954FDBC0D267B97BE2	68DE6CFFAD71AD414EFE838339B56841BA3793E7C57D34FE53F0F98BAE4785F7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7ec35aae-a4c6-44c5-8cd6-464be339f9f0.tmp	JSON data	642DD6828A65E1494525C490120306A8	6626A736FF2E7893CA175FACAC3801626D6C62B3	8AD8FC12393E8E6ABAC3429E42DA91F183D3B7EC2F46ABF25955B2BD64CCD9A2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\806182c1-4e2b-4e44-a5e9-54f1b4e4a6e1.tmp	JSON data	8CCCF72830F939696E44DEA417DBE880	C8F1DD70A227927421424CEA3E73A4FB6BD48CE0	FD2678031D7DB922506C1456F2E4B94BF826C9B500D312A96D6A64667408905A
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\978a86b5-280a-45ac-a596-1bdd013fadb8.tmp	JSON data	7F9CBFF4C6AA8E91C77C97B62430C724	D26CBC467A28ED9F467503BD11F4B4731C1DB6D1	561E0A46E9D43F396C3EF3E32A02E2B3E22186F74C033496DC567D783EEACB8F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\6e999701-3cc1-4368-b4a1-371b8eff4875.tmp	JSON data	7D535D28339A6EAA84A691ED38293877	330238382A8F0AFEF91BDFCE70B0F41AF4D30C08	9882417EB84B09D0462B3F64249E1EFD78AB44822C45569DADEDF811116DD8E0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)	JSON data	7D535D28339A6EAA84A691ED38293877	330238382A8F0AFEF91BDFCE70B0F41AF4D30C08	9882417EB84B09D0462B3F64249E1EFD78AB44822C45569DADEDF811116DD8E0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662BC00A-E44.pma	data	0882C56DF822363EC71E0260A97C11AE	8FA440853509D3B2599212D77707253CAF37BB43	A7065EA7D7ECE079CEAE5AF9EE5C6F09788C59EABA342E40B92E549AB3EC5B78
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662BC00B-1B44.pma	data	5FB896373D3686B2D30D41F7F9549548	0DE360F81F4FE750024483E870E5B18605730D4A	8FD0B093519F59F1CC8E7608BAE8320B8075B386F5E29772E76DCA5354ED6E8E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662BC01E-22F4.pma	data	7F7BF8281372BCE1426E2AF7CE34AE5F	C729F57084538D0B9AB237206A561483A75C1A94	5642F885B25B4BDE92EDA042FA7A5C08100F58A7DF661438D69023932AEA2A41
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662BC027-E08.pma	data	0C2F66F2FB69E1DCB659640594490B77	3E4DDFABCFFC7F3B04F9DC6C69C36120818CCD3B	573642557BE474D8E19A21DE221B370272C1C8F9E904B917E42BCC667157F47C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma	data	CFAB81B800EDABACBF6CB61AA78D5258	2730D4DA1BE7238D701DC84EB708A064B8D1CF27	452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat	data	74B32A83C9311607EB525C6E23854EE0	C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2	06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3e17f54e-e56c-41e2-b234-e27098250e05.tmp	JSON data	2AD0C1053745DB1CFB1D9FB2870E34F3	AD76968E474EBE31E104536E50EE39F1760493AF	46A32ADB620F38D7C4B9B8F3EC67E4A1F07D567455AB4A99250D01DC8493847C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4605bc15-623b-4371-9fc8-77781877e66e.tmp	JSON data	7860B350A321DBA21CE90F2C8F7DD169	81EDD8D54FA5773D25B6C6209A77BF0F7CC1B220	9F641E358078289ED67AB0C9BD5B72408F2F3371BB91ADFB51389D87E34B0273
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5d5ab9bc-53fe-426b-a5fd-aef7d2c61742.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\79081b2d-9b57-4ec3-a834-21d70ef4250b.tmp	JSON data	F4D9E6DF89581AE4B6BCD97A9D512F7F	E0F75E2F19636B34899ACED86BB047B9DC1131B8	355276CC1CBA812E439D3DC372B6EDF180B758DBDE3B1B126AD768A8F9C2FFF9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\863309d2-99a4-4263-89ba-4939d4c1649a.tmp	JSON data	692087FBA0630C31FAFED8B897E629FD	4C75DE5C0033B805AEA52E25A8E78267E4805811	7995433A55B9E32AE83C32C08A8562955DCC7F6ABD33B8A218ED0D60FA64CC66
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\986c7bad-d3c4-4434-98a0-4c7d248a2a1c.tmp	JSON data	FCB0A2D0184A22D5BA88376305884BE4	7BF9E910A0B65ED8E9A09CD5F07B69776B267A91	82F57382591E398B9ED7F51D8D13196F66015864FC6CF87EE3BFA1987D87498F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9bb479f5-7c9b-4043-887b-5e79b2d30904.tmp	JSON data	9EEA15AA7113B340CE74E33D6A245FE1	8227D90305D7C0E04C65925FDFF8D48A8525B4DB	847B1EC1EBBB8E2FA6301912C569F7D6CB51C9FF8ECF6D824F849A2AA347B632
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log	data	7469D3724088EF14A3BB9740BCDB2554	C4E4599F96C9B01887A34AFF859103136B077B80	EC38DBC24E671FD41FFBF5D26C055319399C6E1DC42E152F62485ED754013465
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG	ASCII text	EB165BE20589EE92A62EC0F58325B054	81B8902ECABC07E94827295F6E34499EBD92B0EE	3770514318649DDF85E8CB9D496568D50C00AAEA076436E2EE544197A089A26B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1	40B18EC43DB334E7B3F6295C7626F28D	0E46584B0E0A9703C6B2EC1D246F41E63AF2296F	85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1	F5237AED0F897E7619A94843845A3EC3	A0C752C9C28A753CFB051AACE2ADA78A6D1288C3	D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	ED7D5E2C082264ECEB5845AB89A4BA2B	99E7EBFC9B5137FE35A93CBC2966A3FE0FB4486E	B36CCB892A6BBA587096BC3B4F226ABC569E776A8CA616A2FDF0CCCAF9B08A26
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log	data	F27314DD366903BBC6141EAE524B0FDE	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG	ASCII text	ED3AEF835EFD3DD5A3A1375187C8EED7	A6876F5B264346B77874A48E45AD79F543A79AF4	EC5E3363AE4A3414C0534F9C4A91B28481A98B73829DEFB48EB46704BF86D62D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14	CF7760533536E2AF66EA68BC3561B74D	E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD	E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5	B9CA869E8ADA553B82070171CB3D1736	8E5DDB6EBB36F099C034F2198A980F36A4805449	954C8D36C864FDAFDE28DF34B64C648C6751BC5CC8D40CB555E40E8C7164D43E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log	data	1701B820FF75E14341EC0208AA376097	42CD9ED8CCCC10B2061FF7B56F80A4C95C728FE3	8ED99804564000075BB09AC4D5F714E978039A8A3FFB46F528AEF2B6D0A5D7AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG	ASCII text	9D2CC4BC46F16BB53D91E28B8CAADCC9	E2773ACF13B13F8C9E253B013D2BE8A117494F6D	7FF6B13369AB01108E75847F97B472DAC4089BFB6B30705C32F436AAD3053487
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json	JSON data	820AC0A9FA583CBFAD33B98BF9A5189B	C2E534317B352AFCDB9B688CA31F0C20B234434E	2B761275210CA4D0626D13B91906592C25D75976A27621A1F2E8C3547679AC04
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log	data	478D49D9CCB25AC14589F834EA70FB9E	5D30E87D66E279F8815AFFE4C691AAF1D577A21E	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG	ASCII text	408AC9FE8F8AB57CEF80A381DB806DC5	0D02F3BDE34699FC592D5E39C1C010666DE263BF	83AB60F6395422F89B3784DFFBA83A3409A2036BCC5B07ACFD74A66A3A527204
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log	data	478D49D9CCB25AC14589F834EA70FB9E	5D30E87D66E279F8815AFFE4C691AAF1D577A21E	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG	ASCII text	3BB61D2120726479457C836FB4115292	0AAE10CCE9BA729CB914A5F60BD69057487EC72B	4317B3F0EC1FAFC5BC3F096E14FF075181F27F9F6850505E61171F594225255E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log	data	A2A3B1383E3AAC2430F44FC7BF3E447E	B807210A1205126A107A5FE25F070D2879407AA4	90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG	ASCII text	8DD0DC635B0CCF3DE2C54043F8968A06	EEF235D06FD837DCC567C1193A8AAA52C5A77FA8	1C8187C9734B435030A17F99777671D16699DFA3466CC98D544E938369D08502
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)	ASCII text	8DD0DC635B0CCF3DE2C54043F8968A06	EEF235D06FD837DCC567C1193A8AAA52C5A77FA8	1C8187C9734B435030A17F99777671D16699DFA3466CC98D544E938369D08502
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1	2554AD7847B0D04963FDAE908DB81074	F84ABD8D05D7B0DFB693485614ECF5204989B74A	F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2	1A7F642FD4F71A656BE75B26B2D9ED79	51BBF587FB0CCC2D726DDB95C96757CC2854CFAD	B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json	JSON data	5D1D9020CCEFD76CA661902E0C229087	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4	B12E6B7E80431D98DFE4000975207E01	011A35EF3F1BA1FD3DCB863C6D21F8428D63DE6C	CE713C34D55ADDD711E51F68CC838D849F39CC1E828EF32B200AACC300AF97AE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	data	1DD1647A175C3637ED8782BEB6C7C9E2	4226D28017189D53C1805E958FD4BF158703A78D	7BF1241E1B0034733A3A9E6BEE8AF78418D7E910A8AED52EAD942046F0DC5659
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)	ASCII text, with very long lines (1597), with CRLF line terminators	3D8183370B5E2A9D11D43EBEF474B305	155AB0A46E019E834FA556F3D818399BFF02162B	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 6	4F524D1F54FD696C3DA6A4277CE9D1CD	2D498322A9BE8C6EC6943FC1E64160462FFD136F	218238CB856234F0DD315F5A46E1467A0DC1DC0BF4F388C685E42108272B322D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG	ASCII text	3805D72F38CEE7E0940F71A8BF6503F5	C8BC7C31EFADD09ED54717E6D59C2F525EC4D5AA	1E1F6FE8032DC7A5ADF3C6E9C720D7A746FBDD59D1E046DE831F81B3F1E262DF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)	ASCII text	3805D72F38CEE7E0940F71A8BF6503F5	C8BC7C31EFADD09ED54717E6D59C2F525EC4D5AA	1E1F6FE8032DC7A5ADF3C6E9C720D7A746FBDD59D1E046DE831F81B3F1E262DF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG	ASCII text	BF7EC074FDC1857DFF8DA58C6051B396	CB13A329A9D91C4A4902CE9C24089DF5A95ACB68	97F7B3ABBD8104EE9A6379FE39E102C8F89907F5C3C3197F8E9514214CF83DC6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	BF7EC074FDC1857DFF8DA58C6051B396	CB13A329A9D91C4A4902CE9C24089DF5A95ACB68	97F7B3ABBD8104EE9A6379FE39E102C8F89907F5C3C3197F8E9514214CF83DC6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2	C681C90B3AAD7F7E4AF8664DE16971DF	9F72588CEA6569261291B19E06043A1EFC3653BC	ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3	ADC0CFB8A1A20DE2C4AB738B413CBEA4	238EF489E5FDC6EBB36F09D415FB353350E7097B	7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1fc47309-df70-4072-88a1-b6f95c22e41c.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\316e463c-f421-49a8-948e-a8ca1aea7397.tmp	JSON data	6833E2FEEACF2930174137246FC7E09F	7707DD22D2CFD3C3B79D727C93AE1D3DFD90B307	839EB286A9A424BFB655D9DA050BE4CAE90B3DE4894CFE1F352919B551F17C0C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3ec6c934-4367-48b4-b42a-c1a0e992566f.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\74135391-8d68-449f-8d70-97ef790a0458.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2d651.TMP (copy)	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3bf79.TMP (copy)	JSON data	4DF4574BFBB7E0B0BC56C2C9B12B6C47	81EFCBD3E3DA8221444A21F45305AF6FA4B71907	E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6	792B50A44E9070CD759ACCFFF3B4471D	4D0309D8BF72A97DED8D81B8088EF5DC730B72D1	77E0A2A301D10D61E39C3FFF2CA4B5D5E162C6806CFD9F2648157ECD950A0186
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2ae28.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2d874.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity	JSON data	24D66E5F1B8C76C76511DA68057CDE5E	70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D	D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2d651.TMP (copy)	JSON data	24D66E5F1B8C76C76511DA68057CDE5E	70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D	D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp	JSON data	27722D97477680DD2027B7904A65F97F	99241644B06B4CBE23AD5D69CECAAABE4653F3BC	2586F54AB1DF261CA2F8B370C9B82516F86FBC3ED98C9419A7D1E2D4628B5709
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bbef4f58-79a8-4a41-9e8b-010475b6dbb6.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bcb4adde-12ff-4f9d-8aef-27c38f94455e.tmp	JSON data	285252A2F6327D41EAB203DC2F402C67	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2	8B7CCBAE5FB8F1D3FDB331AED0833FB0	7924CE8D7CF818F1132F1C8A047FBEEF13F18877	8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)	JSON data	C01386A84CC6E6A922D0688EFCB16DA8	ABFDEFA4482EF9F9B5895B97924163B484537AFB	86F71BF3241F7B049254E8BF6678F94E8F9298331810224EFFD97475B029B1AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2f8ec.TMP (copy)	JSON data	C01386A84CC6E6A922D0688EFCB16DA8	ABFDEFA4482EF9F9B5895B97924163B484537AFB	86F71BF3241F7B049254E8BF6678F94E8F9298331810224EFFD97475B029B1AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF33624.TMP (copy)	JSON data	C01386A84CC6E6A922D0688EFCB16DA8	ABFDEFA4482EF9F9B5895B97924163B484537AFB	86F71BF3241F7B049254E8BF6678F94E8F9298331810224EFFD97475B029B1AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37291.TMP (copy)	JSON data	C01386A84CC6E6A922D0688EFCB16DA8	ABFDEFA4482EF9F9B5895B97924163B484537AFB	86F71BF3241F7B049254E8BF6678F94E8F9298331810224EFFD97475B029B1AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3aad7.TMP (copy)	JSON data	C01386A84CC6E6A922D0688EFCB16DA8	ABFDEFA4482EF9F9B5895B97924163B484537AFB	86F71BF3241F7B049254E8BF6678F94E8F9298331810224EFFD97475B029B1AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps	JSON data	2B432FEF211C69C745ACA86DE4F8E4AB	4B92DA8D4C0188CF2409500ADCD2200444A82FCC	42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)	JSON data	FCB0A2D0184A22D5BA88376305884BE4	7BF9E910A0B65ED8E9A09CD5F07B69776B267A91	82F57382591E398B9ED7F51D8D13196F66015864FC6CF87EE3BFA1987D87498F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2f969.TMP (copy)	JSON data	FCB0A2D0184A22D5BA88376305884BE4	7BF9E910A0B65ED8E9A09CD5F07B69776B267A91	82F57382591E398B9ED7F51D8D13196F66015864FC6CF87EE3BFA1987D87498F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF38fdd.TMP (copy)	JSON data	FCB0A2D0184A22D5BA88376305884BE4	7BF9E910A0B65ED8E9A09CD5F07B69776B267A91	82F57382591E398B9ED7F51D8D13196F66015864FC6CF87EE3BFA1987D87498F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log	data	22B21EF1C867F920688AD23503CC59B3	2A7D083F7C8E2FEA6851D13A3FCB1F37A87D3E8D	7867C6DEC8A5FD95B544F7590EB8257CAD3F7E13E15A938EAA76F04966122C33
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG	ASCII text	DF3C5F7C05B5FEF1DC8A8D3393D91C4C	D4EB19A3A3B84DB051CE2AAA277CED51EF881644	83018D25D79686818D8EE4FEA91E039390B3C76A7175EF963CC7364A9F976F8C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	DF3C5F7C05B5FEF1DC8A8D3393D91C4C	D4EB19A3A3B84DB051CE2AAA277CED51EF881644	83018D25D79686818D8EE4FEA91E039390B3C76A7175EF963CC7364A9F976F8C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358616846957170	data	644002B41899AEC3F1B0F98884781958	36D15A8BBC189D2B8A59EDCF108E8132C77C0735	22CDBB823319717D889BB059EEC7B27F1F7899FDADB3722284858831782C2900
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1	B35F740AA7FFEA282E525838EABFE0A6	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG	ASCII text	D2F6BF5DBA8118799C901DD54D2A29BA	DE6CEB98EFA3134FF3524E445DC6D48433E68983	20197E229165BDDEF1FA92984E9E01371CD60229F77879AF177267D46CB0C744
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)	ASCII text	D2F6BF5DBA8118799C901DD54D2A29BA	DE6CEB98EFA3134FF3524E445DC6D48433E68983	20197E229165BDDEF1FA92984E9E01371CD60229F77879AF177267D46CB0C744
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	B5E1A7B0A93488225E501BEEC4078A1F	9B7FC7AFBD1E1F6EBD24F6CC9577CD8571FD68A0	0C15DE2B09C64795336D1E1A1927D9C12AB759053894C05D369669CABFC507A4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	57653DCB9B8BE45C725DA811946673D6	75B17B1680374A9409F11C4D99BCCD020865DFE6	6AC389162D244CCB39C4AE1DCBAD9E1854692A24A8D7D8C5B14C1813BC2070B6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG	ASCII text	B3607588D8D921A51A691C8D6F62080E	3F86EB778F821BDCAFC017E65FDA8B1DB9CBA75F	86EA4EA59F115F229BC7D143726E8672663282CB1AB6783F81CF0CB745F7B00C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	B3607588D8D921A51A691C8D6F62080E	3F86EB778F821BDCAFC017E65FDA8B1DB9CBA75F	86EA4EA59F115F229BC7D143726E8672663282CB1AB6783F81CF0CB745F7B00C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\51dfc9a7-c470-4d14-8f0d-f7d4f2daf194.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\70165320-7a6e-40db-83bb-82b5e3f5e71b.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\80df7be6-25b6-4144-bc24-bdba80f6cd08.tmp	JSON data	285252A2F6327D41EAB203DC2F402C67	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3cbae.TMP (copy)	JSON data	18D8AE83268DD3A59C64AAD659CF2FD3	018C9736438D095A67B1C9953082F671C2FDB681	D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4	0247E46DE79B6CD1BF08CAF7782F7793	B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6	AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2d874.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	25363ADC3C9D98BAD1A33D0792405CBF	D06E343087D86EF1A06F7479D81B26C90A60B5C3	6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b965b1c7-b4d6-42db-95c6-7628bd890e5b.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG	ASCII text	2FB9CDF13B4FB1165DE2D29E72191BE6	D1D7C75F9B88502707F7E0C5B2C6C3B571C9C3C6	26FF1A3853E30D55627EB7FB2D380ABC1D0176B44F86F3084E030E3377122C3D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)	ASCII text	2FB9CDF13B4FB1165DE2D29E72191BE6	D1D7C75F9B88502707F7E0C5B2C6C3B571C9C3C6	26FF1A3853E30D55627EB7FB2D380ABC1D0176B44F86F3084E030E3377122C3D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	47F7621CFE222C9B921B34A73272DAD0	A552C3E286ACCBFC4F69EF7DD4F76934F7273A17	29D3E770962CA40820A76FC9E1A3CA0B3E39A6F846C9B11999EB25217E2845A9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)	ASCII text	47F7621CFE222C9B921B34A73272DAD0	A552C3E286ACCBFC4F69EF7DD4F76934F7273A17	29D3E770962CA40820A76FC9E1A3CA0B3E39A6F846C9B11999EB25217E2845A9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2	04F8B790DF73BD7CD01238F4681C3F44	DF12D0A21935FC01B36A24BF72AB9640FEBB2077	96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links	data	3A11AAF00DBF536EBAD918E0A71C297D	85CC439FD0C69DC268223CFD218EA34011862DC1	4DA308B2613D54E102E3D0C509610DC89DA47B577584E393669BFFDD9D73619B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5	A4BF77299A7F77173506D7AB9A2C142A	643DA7279B3900AA4FCA048C02C0003E6CE14A60	080CD76B61882E79529D4A25C1433ACF95463E3A166F6D335B2FC414E4A7EC80
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10	AA9965434F66985F0979719F3035C6E1	39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4	F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1	981F351994975A68A0DD3ECE5E889FD0	080D3386290A14A68FCE07709A572AF98097C52D	3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json	ASCII text, with very long lines (3951), with CRLF line terminators	07301A857C41B5854E6F84CA00B81EA0	7441FC1018508FF4F3DBAA139A21634C08ED979C	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b3bec464-4038-4dc3-bef4-5bd3d957b7f3.tmp	JSON data	50410643E3F6DE33D5692CAC3F4D0039	0D2176DF8F75869AF50D265B7749E65D8E32D15E	F6737CF2E18F36FE250C5EA41D5637B1F21A9415D2CB6CE425BDEBCC431E08C3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b4e91ef7-f2a1-4ad1-908f-306e27d8a575.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp	ASCII text, with very long lines (1597), with CRLF line terminators	3D8183370B5E2A9D11D43EBEF474B305	155AB0A46E019E834FA556F3D818399BFF02162B	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ced25687-28dc-4539-a631-3a39c18b9114.tmp	JSON data	C01386A84CC6E6A922D0688EFCB16DA8	ABFDEFA4482EF9F9B5895B97924163B484537AFB	86F71BF3241F7B049254E8BF6678F94E8F9298331810224EFFD97475B029B1AC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1	98643AF1CA5C0FE03CE8C687189CE56B	ECADBA79A364D72354C658FD6EA3D5CF938F686B	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2	D2CCDC36225684AAE8FA563AFEDB14E7	3759649035F23004A4C30A14C5F0B54191BEBF80	080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm	data	B7C14EC6110FA820CA6B65F5AEC85911	608EEB7488042453C9CA40F7E1398FC1A270F3F4	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log	data	BEAA1C3999090B51CB6634BAA0D351AB	C9C6AF1F076019B1361B6519AC4338CF5FF47C3A	38E19607D3421E5C1A2066294C3A496E5A552B6F26225BBF494BE594C51B33E3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG	ASCII text	75BF53E463687372B35483AB389F6F0A	52E13E20B84B216220C9DF3E1025C91EB4994884	3F40A69E91916F20548E6EFBC6C2CE11A2B63CEB8C98425243894ECD9BCE93A0
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log	data	AD15D72AA4792C14DDD002CED70E8245	30D0E75166FDA7126A73480EE3222C193231B579	17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	1C19BABC4C6663D431EAFB6C913E44C0	EF0156B9E5EAA0F19D5F38C4F65262CBAFC76674	FEE93E9518DAE3A98BE3398C0EA6557355934C04C925159C3F15ECF4D9AD002B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	8F8A765930A0458806F7AEB6BABDF3B1	C190BECAE87EDB3571E43D738C83773D28867231	E8CFDC5C7216277C34AF41A33C2419DF6D14BAEDF1047638B3C124AF79AEF536
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	EC9C89DA2458207CE5DE29F161A72154	4B8500B91BE9B1DF7C8122E76F4E82EEC450AED2	9DAC1F94F3F5AEA0001E1FD09829DD562CDBDC586A4D31B82FA455DB6D64F425
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser	data	A397E5983D4A1619E36143B4D804B870	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version	ASCII text, with no line terminators	BF16C04B916ACE92DB941EBB1AF3CB18	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29754.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF299d5.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29a04.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2c181.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e4c8.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e4f7.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e507.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30550.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30560.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a9ed.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d10d.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF40f3e.TMP (copy)	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2	E93ACF0820CA08E5A5D2D159729F70E3	2C1A4D4924B9AEC1A796F108607404B000877C5D	F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0	5D5EA1B22C06F04E812E9CA5B617BB8B	29F930F73E01E4CE9D9B42F77C5A8C5C984C98E1	CF2E3B265147F3C5888127CEAA03029DD2BA58DE875CE0FBBBFAC3C470C50039
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris	ASCII text, with no line terminators	7BAAFE811F480ACFCCCEE0D744355C79	24B89AE82313084BB8BBEB9AD98A550F41DF7B27	D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0	data	0E06E28C3536360DE3486B1A9E5195E8	EB768267F34EC16A6CCD1966DCA4C3C2870268AB	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings	ASCII text, with no line terminators	5692162977B015E31D5F35F50EFAB9CF	705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D	42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0	JSON data	BDE38FAE28EC415384B8CFE052306D6C	3019740AF622B58D573C00BF5C98DD77F3FBB5CD	1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris	ASCII text, with no line terminators	3F90757B200B52DCF5FDAC696EFD3D60	569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77	1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2	data	0E06E28C3536360DE3486B1A9E5195E8	EB768267F34EC16A6CCD1966DCA4C3C2870268AB	F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations	JSON data	03B6D5E81A4DC4D4E6C27BE1E932B9D9	3C5EF0615314BDB136AB57C90359F1839BDD5C93	73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\aa9913d5-80ed-438e-9e6c-c01bff42336d.tmp	JSON data	960EEFC49D94FC170A9F1A9B2FA4AAEC	602EC15CE628D82E9D9F734A46B20F670F5D7CED	31BC90CF68CB71CC54CF679418FEB2A91A1D43D04A87E8058B54AF761766913B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d40e7473-7d5f-4f7d-beba-068141e54daf.tmp	JSON data	D58A282D0BEAA9B3E74A268E94DCC1FA	2DCD4B1F537D21B3A8D1F2CB6B966E070B0139AD	D9DAEAB991DCBF14346ECEE1A06B7923C866213DECA501BA5EE3A1504CB26261
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f1fa9763-919a-433d-ab5e-9a44d168f324.tmp	JSON data	A2B18124931C67003AC219CBA648D7F7	A133ADC2824692ACCF0AE287E9FE4660F0E2108A	300BF90F32D51725E545B991F86F468CA8320F27864AD8911027C4260057A54C
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f78cb1a9-64c9-4178-b7e8-e02d5d6b2810.tmp	JSON data	BBD36541124056147696ABBDE62508FD	9DF3F1228D313B79AEE983E7A5F07E92A144F08F	495940C18D7E76C365C27377E483FFB3D5592FF23F7E9BF7D903DFF1A59F9C58
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres	data	F57B0D2EEE2153A0DCF9C46DCE9678A7	4B51A860634295118D3D075F82CBECA10C75023F	C87BFE7E8E116A01DC17B438C40208480EDE66CC5CF5E935327D27A91F25D0A5
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres	data	A5B7E5307BD4341A432A6AB57C8F4BE4	BB7087F48C02058CFFD62ED8B3B6EF64A4A6DDB0	125458A40A6F87DB261568368F57C2D9D30C8D4C90389F04C5BD88ABD42C6355
C:\Users\user\AppData\Local\Temp\099e1ee6-bb2d-4051-894e-c035dfd75ef1.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\2a3a9165-b1ec-41cb-8189-d03bae37d04f.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\44902014-4403-467e-8834-e4efd995eabd.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\cv_debug.log	JSON data	1FC43099DBD8026E54E5D168E5CDBA1A	99D3ED8FFB05E9C13884E5752FE99A5DB12438CA	74850270DA2505D6608DC6168FB9930055244F643A91F1AEB82F3E414406F7F5
C:\Users\user\AppData\Local\Temp\d52ce31b-b738-4bbf-b124-233750020050.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902	24439F0E82F6A60E541FB2697F02043F	E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F	B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
C:\Users\user\AppData\Local\Temp\dace58c7-b7ff-46cb-a69d-238c2c1eee3f.tmp	Google Chrome extension, version 3	87996BA4DD83A8988D96E918DCB2BC62	23910F09EA806D13D9A337A1E23D5FA49B383269	6409D21A03FAFF1503AA83A19BE0B7DCB701F5E4501C4FEFB81877147E869D57
C:\Users\user\AppData\Local\Temp\fdd08ca5-b34a-4038-8539-19bdc2924733.tmp	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3	788DF0376CE061534448AA17288FEA95	C3B9285574587B3D1950EE4A8D64145E93842AEB	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	913064ADAAA4C4FA2A9D011B66B33183	99EA751AC2597A080706C690612AEEEE43161FC1	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\af\messages.json	JSON data	12403EBCCE3AE8287A9E823C0256D205	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\am\messages.json	JSON data	9721EBCE89EC51EB2BAEB4159E2E4D8C	58979859B28513608626B563138097DC19236F1F	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ar\messages.json	JSON data	3EC93EA8F8422FDA079F8E5B3F386A73	24640131CCFB21D9BC3373C0661DA02D50350C15	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\az\messages.json	JSON data	9A798FD298008074E59ECC253E2F2933	1E93DA985E880F3D3350FC94F5CCC498EFC8C813	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\be\messages.json	JSON data	68884DFDA320B85F9FC5244C2DD00568	FD9C01E03320560CBBB91DC3D1917C96D792A549	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\bg\messages.json	JSON data	2E6423F38E148AC5A5A041B1D5989CC0	88966FFE39510C06CD9F710DFAC8545672FFDCEB	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\bn\messages.json	JSON data	651375C6AF22E2BCD228347A45E3C2C9	109AC3A912326171D77869854D7300385F6E628C	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ca\messages.json	JSON data	D177261FFE5F8AB4B3796D26835F8331	4BE708E2FFE0F018AC183003B74353AD646C1657	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\cs\messages.json	JSON data	CCB00C63E4814F7C46B06E4A142F2DE9	860936B2A500CE09498B07A457E0CCA6B69C5C23	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\cy\messages.json	JSON data	A86407C6F20818972B80B9384ACFBBED	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\da\messages.json	JSON data	B922F7FD0E8CCAC31B411FC26542C5BA	2D25E153983E311E44A3A348B7D97AF9AAD21A30	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\de\messages.json	JSON data	D116453277CC860D196887CEC6432FFE	0AE00288FDE696795CC62FD36EABC507AB6F4EA4	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\el\messages.json	JSON data	9ABA4337C670C6349BA38FDDC27C2106	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\en\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\en_CA\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\en_GB\messages.json	JSON data	3734D498FB377CF5E4E2508B8131C0FA	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\en_US\messages.json	JSON data	578215FBB8C12CB7E6CD73FBD16EC994	9471D71FA6D82CE1863B74E24237AD4FD9477187	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\es\messages.json	JSON data	F61916A206AC0E971CDCB63B29E580E3	994B8C985DC1E161655D6E553146FB84D0030619	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\es_419\messages.json	JSON data	535331F8FB98894877811B14994FEA9D	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\et\messages.json	JSON data	64204786E7A7C1ED9C241F1C59B81007	586528E87CD670249A44FB9C54B1796E40CDB794	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\eu\messages.json	JSON data	29A1DA4ACB4C9D04F080BB101E204E93	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\fa\messages.json	JSON data	097F3BA8DE41A0AAF436C783DCFE7EF3	986B8CABD794E08C7AD41F0F35C93E4824AC84DF	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\fi\messages.json	JSON data	B38CBD6C2C5BFAA6EE252D573A0B12A1	2E490D5A4942D2455C3E751F96BD9960F93C4B60	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\fil\messages.json	JSON data	FCEA43D62605860FFF41BE26BAD80169	F25C2CE893D65666CC46EA267E3D1AA080A25F5B	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\fr\messages.json	JSON data	A58C0EEBD5DC6BB5D91DAF923BD3A2AA	F169870EEED333363950D0BCD5A46D712231E2AE	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\fr_CA\messages.json	JSON data	6CAC04BDCC09034981B4AB567B00C296	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\gl\messages.json	JSON data	6BAAFEE2F718BEFBC7CD58A04CCC6C92	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\gu\messages.json	JSON data	BC7E1D09028B085B74CB4E04D8A90814	E28B2919F000B41B41209E56B7BF3A4448456CFE	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\hi\messages.json	JSON data	98A7FC3E2E05AFFFC1CFE4A029F47476	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\hr\messages.json	JSON data	25CDFF9D60C5FC4740A48EF9804BF5C7	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\hu\messages.json	JSON data	8930A51E3ACE3DD897C9E61A2AEA1D02	4108506500C68C054BA03310C49FA5B8EE246EA4	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\hy\messages.json	JSON data	55DE859AD778E0AA9D950EF505B29DA9	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\id\messages.json	JSON data	34D6EE258AF9429465AE6A078C2FB1F5	612CAE151984449A4346A66C0A0DF4235D64D932	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\is\messages.json	JSON data	1F565FB1C549B18AF8BBFED8DECD5D94	B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638	E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\it\messages.json	JSON data	0D82B734EF045D5FE7AA680B6A12E711	BD04F181E4EE09F02CD53161DCABCEF902423092	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\iw\messages.json	JSON data	26B1533C0852EE4661EC1A27BD87D6BF	18234E3ABAF702DF9330552780C2F33B83A1188A	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ja\messages.json	JSON data	15EC1963FC113D4AD6E7E59AE5DE7C0A	4017FC6D8B302335469091B91D063B07C9E12109	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ka\messages.json	JSON data	83F81D30913DC4344573D7A58BD20D85	5AD0E91EA18045232A8F9DF1627007FE506A70E0	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\kk\messages.json	JSON data	2D94A58795F7B1E6E43C9656A147AD3C	E377DB505C6924B6BFC9D73DC7C02610062F674E	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\km\messages.json	JSON data	B3699C20A94776A5C2F90AEF6EB0DAD9	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\kn\messages.json	JSON data	8E16966E815C3C274EEB8492B1EA6648	7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687	418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ko\messages.json	JSON data	F3E59EEEB007144EA26306C20E04C292	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\lo\messages.json	JSON data	E20D6C27840B406555E2F5091B118FC5	0DCECC1A58CEB4936E255A64A2830956BFA6EC14	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\lt\messages.json	JSON data	970544AB4622701FFDF66DC556847652	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\lv\messages.json	JSON data	A568A58817375590007D1B8ABCAEBF82	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ml\messages.json	JSON data	4717EFE4651F94EFF6ACB6653E868D1A	B8A7703152767FBE1819808876D09D9CC1C44450	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\mn\messages.json	JSON data	83E7A14B7FC60D4C66BF313C8A2BEF0B	1CCF1D79CDED5D65439266DB58480089CC110B18	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\mr\messages.json	JSON data	3B98C4ED8874A160C3789FEAD5553CFA	5550D0EC548335293D962AAA96B6443DD8ABB9F6	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ms\messages.json	JSON data	7D273824B1E22426C033FF5D8D7162B7	EADBE9DBE5519BD60458B3551BDFC36A10049DD1	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\my\messages.json	JSON data	342335A22F1886B8BC92008597326B24	2CB04F892E430DCD7705C02BF0A8619354515513	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ne\messages.json	JSON data	B1083DA5EC718D1F2F093BD3D1FB4F37	74B6F050D918448396642765DEF1AD5390AB5282	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\nl\messages.json	JSON data	32DF72F14BE59A9BC9777113A8B21DE6	2A8D9B9A998453144307DD0B700A76E783062AD0	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\no\messages.json	JSON data	A1744B0F53CCF889955B95108367F9C8	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\pa\messages.json	JSON data	97F769F51B83D35C260D1F8CFD7990AF	0D59A76564B0AEE31D0A074305905472F740CECA	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\pl\messages.json	JSON data	B8D55E4E3B9619784AECA61BA15C9C0F	B4A9C9885FBEB78635957296FDDD12579FEFA033	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\pt_BR\messages.json	JSON data	608551F7026E6BA8C0CF85D9AC11F8E3	87B017B2D4DA17E322AF6384F82B57B807628617	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\pt_PT\messages.json	JSON data	0963F2F3641A62A78B02825F6FA3941C	7E6972BEAB3D18E49857079A24FB9336BC4D2D48	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ro\messages.json	JSON data	BED8332AB788098D276B448EC2B33351	6084124A2B32F386967DA980CBE79DD86742859E	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ru\messages.json	JSON data	51D34FE303D0C90EE409A2397FCA437D	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\si\messages.json	JSON data	B8A4FD612534A171A9A03C1984BB4BDD	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\sk\messages.json	JSON data	8E55817BF7A87052F11FE554A61C52D5	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\sl\messages.json	JSON data	BFAEFEFF32813DF91C56B71B79EC2AF4	F8EDA2B632610972B581724D6B2F9782AC37377B	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\sr\messages.json	JSON data	7F5F8933D2D078618496C67526A2B066	B7050E3EFA4D39548577CF47CB119FA0E246B7A4	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\sv\messages.json	JSON data	90D8FB448CE9C0B9BA3D07FB8DE6D7EE	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\sw\messages.json	JSON data	D0579209686889E079D87C23817EDDD5	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ta\messages.json	JSON data	DCC0D1725AEAEAAF1690EF8053529601	BB9D31859469760AC93E84B70B57909DCC02EA65	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\te\messages.json	JSON data	385E65EF723F1C4018EEE6E4E56BC03F	0CEA195638A403FD99BAEF88A360BD746C21DF42	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\th\messages.json	JSON data	64077E3D186E585A8BEA86FF415AA19D	73A861AC810DABB4CE63AD052E6E1834F8CA0E65	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\tr\messages.json	JSON data	76B59AAACC7B469792694CF3855D3F4C	7C04A2C1C808FA57057A4CCEEE66855251A3C231	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\uk\messages.json	JSON data	970963C25C2CEF16BB6F60952E103105	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\ur\messages.json	JSON data	8B4DF6A9281333341C939C244DDB7648	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\vi\messages.json	JSON data	773A3B9E708D052D6CBAA6D55C8A5438	5617235844595D5C73961A2C0A4AC66D8EA5F90F	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\zh_CN\messages.json	JSON data	3E76788E17E62FB49FB5ED5F4E7A3DCE	6904FFA0D13D45496F126E58C886C35366EFCC11	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\zh_HK\messages.json	JSON data	524E1B2A370D0E71342D05DDE3D3E774	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\zh_TW\messages.json	JSON data	0E60627ACFD18F44D4DF469D8DCE6D30	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_locales\zu\messages.json	JSON data	71F916A64F98B6D1B5D1F62D297FDEC1	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\_metadata\verified_contents.json	JSON data	92F7CC1C498F314277DAFB300FC3372A	4672F96C3F64C08FD6841FFCF79DC690FCEC822B	CD825CBCB19783F8D616DE33A8352B81B4482FDD87DBA6B537D0907260762D35
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\dasherSettingSchema.json	JSON data	4EC1DF2DA46182103D2FFC3B92D20CA5	FB9D1BA3710CF31A87165317C6EDC110E98994CE	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\manifest.json	JSON data	702D50119D4110E453DAA57DE3ADE79A	9754676F727803F8BF4DDD973F7050E67FC62B7C	177CA18A28C498CB573A0DF3142C591B40FEB17F42353055B563084E515F9A88
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\offscreendocument.html	HTML document, ASCII text	B747B5922A0BC74BBF0A9BC59DF7685F	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\offscreendocument_main.js	ASCII text, with very long lines (4369)	09AF2D8CFA8BF1078101DA78D09C4174	F2369551E2CDD86258062BEB0729EE4D93FCA050	39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\page_embed_script.js	ASCII text	3AB0CD0F493B1B185B42AD38AE2DD572	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\CRX_INSTALL\service_worker_bin_prod.js	ASCII text, with very long lines (4369)	EA946F110850F17E637B15CF22B82837	8D27C963E76E3D2F5B8634EE66706F95F000FCAF	029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
C:\Users\user\AppData\Local\Temp\scoped_dir6980_1650281551\dace58c7-b7ff-46cb-a69d-238c2c1eee3f.tmp	Google Chrome extension, version 3	87996BA4DD83A8988D96E918DCB2BC62	23910F09EA806D13D9A337A1E23D5FA49B383269	6409D21A03FAFF1503AA83A19BE0B7DCB701F5E4501C4FEFB81877147E869D57
C:\Users\user\AppData\Local\Temp\scoped_dir6980_365243206\44902014-4403-467e-8834-e4efd995eabd.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\scoped_dir6980_365243206\CRX_INSTALL\_metadata\verified_contents.json	JSON data	738E757B92939B24CDBBD0EFC2601315	77058CBAFA625AAFBEA867052136C11AD3332143	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
C:\Users\user\AppData\Local\Temp\scoped_dir6980_365243206\CRX_INSTALL\content.js	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators	3D20584F7F6C8EAC79E17CCA4207FB79	3C16DCC27AE52431C8CDD92FBAAB0341524D3092	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
C:\Users\user\AppData\Local\Temp\scoped_dir6980_365243206\CRX_INSTALL\content_new.js	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators	3DE1E7D989C232FC1B58F4E32DE15D64	42B152EA7E7F31A964914F344543B8BF14B5F558	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
C:\Users\user\AppData\Local\Temp\scoped_dir6980_365243206\CRX_INSTALL\manifest.json	JSON data	E805E9E69FD6ECDCA65136957B1FB3BE	2356F60884130C86A45D4B232A26062C7830E622	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
C:\Users\user\Desktop\cmdline.out	ASCII text, with CRLF line terminators	3650FCC1DB059BA53A794AA58D7A984E	3524595930EC5EF32C0162D8113EFF0609FC2633	0A175E060F93CAC5CC4C8E04AD6631E591C3B555DA77AB6091B69FCADF05D6AE
C:\Users\user\Desktop\download\download@title_id=16170	HTML document, Unicode text, UTF-8 text, with very long lines (2344)	96AE11E6280E6FFE0206A33D86D1B48E	8F749C5EFFA204B7A941D6F878E56C72C7D7FBBD	CDE8047C05AE48058ED84EEEFECFC10A0713FE0323B661D240AAC0DE0DB033B3

Source: unknown	HTTPS traffic detected: 172.67.25.118:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49778 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.213.41

Source: global traffic	HTTP traffic detected: GET /fr/download?title_id=16170 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: www.wemod.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AfQPRnlBHVf9QbAmjPnmJQnDwEcerxafOq8p01cAfJ5QoFk2s6gAMnMY_23BNiizXK2e-3smriJGTe2WOZO9s5X2xejbvoKpPILOKN2-0t9ZbrurACaLAMZSmuXX9slHldVQ07B5bvw6KCm_x6CONA/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_76_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=R83mlHRCqeHRG9T0loza5cz3U8zjuZzQy2wVvoSHGHw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-06-30T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vx6bTDOtzbzKA7k&MD=A2MOXoDe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1714748051&P2=404&P3=2&P4=i2pGAIUHUg6kMwpWcJNe7zGN8wmXyNyU4ER2LSpE0zLZg1SYKRaXJFfRQNHLdZ%2b4HQv6Z%2bro1S6aV6QIHCV%2f4A%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: u2mOi4MKcr/QWsovoKJbGXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vx6bTDOtzbzKA7k&MD=A2MOXoDe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: download@title_id=16170.2.dr	String found in binary or memory: <iframe data-src="https://www.youtube.com/embed/d2otcZsVb_g?showinfo=0&rel=0" allow="autoplay; fullscreen"></iframe> equals www.youtube.com (Youtube)
Source: download@title_id=16170.2.dr	String found in binary or memory: <a href="https://www.facebook.com/WeModGames" target="_blank" rel="noopener" aria-label="wemod facebook"> equals www.facebook.com (Facebook)
Source: download@title_id=16170.2.dr	String found in binary or memory: <a href="https://www.youtube.com/WeModGames" target="_blank" rel="noopener" aria-label="wemod youtube"> equals www.youtube.com (Youtube)
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: download@title_id=16170.2.dr	String found in binary or memory: <a target="_blank" rel="noopener" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.wemod.com%2F&src=sdkpreparse" class="fb-xfbml-parse-ignore">Share</a> equals www.facebook.com (Facebook)
Source: download@title_id=16170.2.dr	String found in binary or memory: <script type="application/ld+json">{"@graph":[{"@context":"http:\/\/schema.org","@type":"SoftwareApplication","name":"WeMod - Les Triches de Jeux PC et les Trainers","headline":"Ton jeu, tes r\u00e8gles.","thumbnailUrl":"https:\/\/www.wemod.com\/static\/images\/meta-fr-f131ef6734.png","isAccessibleForFree":true,"keywords":"wemod, infinity, tout-en-un, mods, triches, codes de triche, modding de jeu PC","operatingSystem":"Windows 11, Windows 10, Windows 8.1, Windows 7","applicationCategory":"http:\/\/schema.org\/GameApplication","downloadUrl":"https:\/\/www.wemod.com\/fr\/download","installUrl":"https:\/\/www.wemod.com\/fr","featureList":"Trainers, Triches en Mode Solo, Mods","fileSize":"75MB","softwareVersion":"8.19.0","genre":"gaming","audience":{"@type":"Audience","audienceType":"gamers"},"author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"offers":{"@type":"Offer","price":"0.00","priceCurrency":"USD"}},{"@context":"http:\/\/schema.org","@type":"WebSite","url":"https:\/\/www.wemod.com\/fr","name":"WeMod","author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"description":"WeMod est la meilleure application du monde pour la modification de milliers de jeux PC en mode solo. Personnalise avec des triches, des trainers, des mods et plus encore dans notre application gratuite.","publisher":"WeMod","potentialAction":{"@type":"SearchAction","target":"https:\/\/www.wemod.com\/fr\/cheats?q={search_term}","query-input":"required name=search_term"}}]}</script> equals www.facebook.com (Facebook)
Source: download@title_id=16170.2.dr	String found in binary or memory: <script type="application/ld+json">{"@graph":[{"@context":"http:\/\/schema.org","@type":"SoftwareApplication","name":"WeMod - Les Triches de Jeux PC et les Trainers","headline":"Ton jeu, tes r\u00e8gles.","thumbnailUrl":"https:\/\/www.wemod.com\/static\/images\/meta-fr-f131ef6734.png","isAccessibleForFree":true,"keywords":"wemod, infinity, tout-en-un, mods, triches, codes de triche, modding de jeu PC","operatingSystem":"Windows 11, Windows 10, Windows 8.1, Windows 7","applicationCategory":"http:\/\/schema.org\/GameApplication","downloadUrl":"https:\/\/www.wemod.com\/fr\/download","installUrl":"https:\/\/www.wemod.com\/fr","featureList":"Trainers, Triches en Mode Solo, Mods","fileSize":"75MB","softwareVersion":"8.19.0","genre":"gaming","audience":{"@type":"Audience","audienceType":"gamers"},"author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"offers":{"@type":"Offer","price":"0.00","priceCurrency":"USD"}},{"@context":"http:\/\/schema.org","@type":"WebSite","url":"https:\/\/www.wemod.com\/fr","name":"WeMod","author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"description":"WeMod est la meilleure application du monde pour la modification de milliers de jeux PC en mode solo. Personnalise avec des triches, des trainers, des mods et plus encore dans notre application gratuite.","publisher":"WeMod","potentialAction":{"@type":"SearchAction","target":"https:\/\/www.wemod.com\/fr\/cheats?q={search_term}","query-input":"required name=search_term"}}]}</script> equals www.twitter.com (Twitter)
Source: download@title_id=16170.2.dr	String found in binary or memory: <script type="application/ld+json">{"@graph":[{"@context":"http:\/\/schema.org","@type":"SoftwareApplication","name":"WeMod - Les Triches de Jeux PC et les Trainers","headline":"Ton jeu, tes r\u00e8gles.","thumbnailUrl":"https:\/\/www.wemod.com\/static\/images\/meta-fr-f131ef6734.png","isAccessibleForFree":true,"keywords":"wemod, infinity, tout-en-un, mods, triches, codes de triche, modding de jeu PC","operatingSystem":"Windows 11, Windows 10, Windows 8.1, Windows 7","applicationCategory":"http:\/\/schema.org\/GameApplication","downloadUrl":"https:\/\/www.wemod.com\/fr\/download","installUrl":"https:\/\/www.wemod.com\/fr","featureList":"Trainers, Triches en Mode Solo, Mods","fileSize":"75MB","softwareVersion":"8.19.0","genre":"gaming","audience":{"@type":"Audience","audienceType":"gamers"},"author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"offers":{"@type":"Offer","price":"0.00","priceCurrency":"USD"}},{"@context":"http:\/\/schema.org","@type":"WebSite","url":"https:\/\/www.wemod.com\/fr","name":"WeMod","author":{"@context":"http:\/\/schema.org","@type":"Organization","name":"WeMod","url":"https:\/\/www.wemod.com\/fr","logo":"https:\/\/www.wemod.com\/static\/images\/wemod-logo-1024-dafdcb2c3b.png","foundingDate":"2015","contactPoint":{"@type":"ContactPoint","contactType":"assistance client","email":"support@wemod.com","url":"https:\/\/support.wemod.com\/"},"sameAs":["https:\/\/twitter.com\/wemod","https:\/\/www.facebook.com\/WeModGames","https:\/\/www.youtube.com\/WeModGames"]},"description":"WeMod est la meilleure application du monde pour la modification de milliers de jeux PC en mode solo. Personnalise avec des triches, des trainers, des mods et plus encore dans notre application gratuite.","publisher":"WeMod","potentialAction":{"@type":"SearchAction","target":"https:\/\/www.wemod.com\/fr\/cheats?q={search_term}","query-input":"required name=search_term"}}]}</script> equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.wemod.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/14/9672/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/149/9807/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/16170/24091/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/43046/132505/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/44802/149491/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/49/9707/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/57522/513833/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/67221/998545/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/77777/905782/460/1/thumbnail.webp
Source: download@title_id=16170.2.dr	String found in binary or memory: https://api-cdn.wemod.com/title_thumbnails/81248/995557/460/1/thumbnail.webp
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.6.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: download@title_id=16170.2.dr	String found in binary or memory: https://cdn-4.convertexperiments.com/js/10046150-10046491.js
Source: Web Data.6.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.6.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.6.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.6.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.6.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp.7.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.6.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp.7.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://community.wemod.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: download@title_id=16170.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.0&appId=416727938524079&autoLogAppEvent
Source: manifest.json.6.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.6.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.6.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log7.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log6.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.6.dr, cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://gaana.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://m.kugou.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://m.soundcloud.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://m.vk.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://music.amazon.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://music.apple.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://music.yandex.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://open.spotify.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: download@title_id=16170.2.dr	String found in binary or memory: https://platform.twitter.com/widgets.js
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: download@title_id=16170.2.dr	String found in binary or memory: https://support.wemod.com/v1/fr
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://tidal.com/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://twitter.com/
Source: download@title_id=16170.2.dr	String found in binary or memory: https://twitter.com/intent/tweet
Source: download@title_id=16170.2.dr	String found in binary or memory: https://twitter.com/wemod
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://vibe.naver.com/today
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.telegram.org/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://web.whatsapp.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.deezer.com/
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.google-analytics.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.google-analytics.com/g/collect?v=2
Source: content.js.6.dr, content_new.js.6.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.6.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: a215a34b-695d-4811-907b-3ed5cb3d0fee.tmp.7.dr	String found in binary or memory: https://www.googleapis.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.googleoptimize.com/optimize.js?id=OPT-53T5WHN
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-K7ZLZSR0WX
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.instagram.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.last.fm/
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.messenger.com
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.office.com
Source: Top Sites.6.dr	String found in binary or memory: https://www.office.com/
Source: Top Sites.6.dr	String found in binary or memory: https://www.office.com/Office
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.tiktok.com/
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.trustpilot.com/review/wemod.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/de/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/download/direct?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/en/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/es/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/fr
Source: wget.exe, 00000002.00000002.1662480113.00000000001A0000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr, download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170
Source: wget.exe, 00000002.00000002.1662729904.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1662308905.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170?
Source: wget.exe, 00000002.00000002.1662676428.00000000011A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170NSERVE
Source: wget.exe, 00000002.00000002.1662729904.0000000002B0D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1662308905.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170_
Source: wget.exe, 00000002.00000002.1662676428.00000000011A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wemod.com/fr/download?title_id=16170s
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/ja/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/ko/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/pl/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/pt/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/static/images/meta-fr-f131ef6734.png
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/tr/download?title_id=16170
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.wemod.com/zh/download?title_id=16170
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://www.youtube.com
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.youtube.com/WeModGames
Source: download@title_id=16170.2.dr	String found in binary or memory: https://www.youtube.com/embed/d2otcZsVb_g?showinfo=0&rel=0
Source: cd5d9567-c5d9-416b-b4b8-d60a504a3552.tmp.6.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.67.25.118:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49778 version: TLS 1.2

Source: classification engine

Classification label: sus22.evad.win@57/306@11/10

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\d52ce31b-b738-4bbf-b124-233750020050.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Login Data.6.dr

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.wemod.com/fr/download?title_id=16170" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.wemod.com/fr/download?title_id=16170"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\download\download@title_id=16170.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2100,i,8280702734010801450,1076502928605854625,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\download\download@title_id=16170.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6296 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6548 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,16353303745652073765,4587380498974727283,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2016,i,14563752989006235143,9510457546782628012,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5496 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.wemod.com/fr/download?title_id=16170"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2100,i,8280702734010801450,1076502928605854625,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6296 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6548 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5496 --field-trial-handle=2136,i,766399260345155842,7192589645065755786,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2092,i,16353303745652073765,4587380498974727283,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2016,i,14563752989006235143,9510457546782628012,262144 /prefetch:3	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.1662573916.00000000009F8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1432191
Product:	CloudBasic
Start time:	16:53:10
Start date:	26.04.2024
Cookbook:	urldownload.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://www.wemod.com/fr/download?title_id=16170

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://www.wemod.com/fr/download?title_id=16170

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://www.wemod.com/fr/download?title_id=16170