Malware Analysis Report

2024-11-16 15:53

Sample ID 240204-h5htxacbh4
Target no.exe
SHA256 0b70a2bcddfd035871adbce755b88113eceafea5086271c64f095ec88b85b98d
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0b70a2bcddfd035871adbce755b88113eceafea5086271c64f095ec88b85b98d

Threat Level: Known bad

The file no.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 07:19

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 07:19

Reported

2024-02-04 07:21

Platform

win7-20231215-en

Max time kernel

45s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\no.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2271351-C32D-11EE-AD90-6A1079A24C90} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B226EC41-C32D-11EE-AD90-6A1079A24C90} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000075d7a54f241a099ff56868d6ed5dbdc69c1876c276d57f43d27e519c8f6e1e03000000000e8000000002000020000000bbf282c534fa07a9fcb614af94a6e30fafac4fafd2034de850a8e7803ae5b18e20000000cc378e81db4942522654b0976668056a88cf6124a2bc1c39bf6123a326e6471640000000e525352ff6aa6a630a0023109332f1511273a9c390d9fb8273b20d42ef94e777389a995de5aa7af01da93f4d259f7414e351eae81bc114416b52a93f90b44a01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B22BAF01-C32D-11EE-AD90-6A1079A24C90} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 812 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 812 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2456 wrote to memory of 2788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2456 wrote to memory of 2788 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 812 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2292 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1584 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1584 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1584 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 812 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 812 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 812 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2292 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2292 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2292 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 812 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 812 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 812 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2860 wrote to memory of 1672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\no.exe

"C:\Users\Admin\AppData\Local\Temp\no.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.0.1011695180\60933275" -parentBuildID 20221007134813 -prefsHandle 1164 -prefMapHandle 1144 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe7c07d7-7c4f-4c4b-a664-00abb4addbe3} 944 "\\.\pipe\gecko-crash-server-pipe.944" 1364 115f7e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.1.453842284\1269778850" -parentBuildID 20221007134813 -prefsHandle 1560 -prefMapHandle 1556 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d156266-c09a-4262-950b-9ca51aef824d} 944 "\\.\pipe\gecko-crash-server-pipe.944" 1572 96fc158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.2.756851628\1158009440" -childID 1 -isForBrowser -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e95dc90-8a76-4b55-8fab-0be03464e164} 944 "\\.\pipe\gecko-crash-server-pipe.944" 2132 1a595958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.3.396581553\40160389" -childID 2 -isForBrowser -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee18abd-c49f-4dc3-abd5-da9d6057f2b0} 944 "\\.\pipe\gecko-crash-server-pipe.944" 2828 1cf5cd58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1312,i,11437146028805949139,13673686080452269033,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1312,i,11437146028805949139,13673686080452269033,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1296,i,12636688141876264429,5358013951952757481,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1296,i,12636688141876264429,5358013951952757481,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2040 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2656 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2700 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3032 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3328 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3584 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.4.1347121076\1752507527" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e013efbd-dc68-468d-a750-ed75d2aadf8e} 944 "\\.\pipe\gecko-crash-server-pipe.944" 3772 1c89ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.5.1461595519\1080402246" -childID 4 -isForBrowser -prefsHandle 3728 -prefMapHandle 2804 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a585480-c856-4180-a2a4-b97c15c2f08f} 944 "\\.\pipe\gecko-crash-server-pipe.944" 3896 d6cd58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 --field-trial-handle=1316,i,6734698189810967181,430951952422052756,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.6.940132405\703264081" -childID 5 -isForBrowser -prefsHandle 1916 -prefMapHandle 1960 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {945ad63c-83ab-4e22-8c76-7f4d5c4b410c} 944 "\\.\pipe\gecko-crash-server-pipe.944" 2096 20bede58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.8.326056366\1172884223" -childID 7 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a549078-df20-4e5a-a2c8-de42a99ed97f} 944 "\\.\pipe\gecko-crash-server-pipe.944" 4440 20bef058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="944.7.536357707\1868605621" -childID 6 -isForBrowser -prefsHandle 4280 -prefMapHandle 4284 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b90ad379-a979-47c0-9c7a-8d46164023c8} 944 "\\.\pipe\gecko-crash-server-pipe.944" 4268 20bee158 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.169.14:443 youtube-ui.l.google.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
GB 157.240.214.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
N/A 127.0.0.1:50046 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
N/A 127.0.0.1:50056 tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 www.facebook.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c77.gcp.gvt2.com udp
IL 34.0.72.251:443 e2c77.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.34.117:443 beacons2.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 216.239.34.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

memory/812-0-0x0000000001140000-0x0000000001141000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B226EC41-C32D-11EE-AD90-6A1079A24C90}.dat

MD5 c7084aefea0aecbdb9f99b0d693151d4
SHA1 9ac6edc5ffded643064130cb959da6971471dc3f
SHA256 b4aa080758b20c4e765143d780867da475dccd739c6cd8a307d8ac299a4bcde1
SHA512 c81c1c4f31c1c477d5fd7724d78569f8e7fc3fa6f12e5b3c184ab50145c34fad97f01d71c5de4358cfa49a3d8680293ec0a7fd357aea64c9c97727a76379be3a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B2271351-C32D-11EE-AD90-6A1079A24C90}.dat

MD5 d0ca6ec6ecbfe394212d8271603982d7
SHA1 807c7750ddf340403666b6d5ff92387df82a86b8
SHA256 03f5610155d06e3a7e57763df30bdd3e20b7bad1f4df92e4879bc4467058e04d
SHA512 5f829eb57302619aff73477580d8a47c0766cf8f04c852a52570e1dbfa2b588ea40d9f7904fe00140bd623bcf4b919f0b906c5f23c3584185bfb7bac42626dbf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B226EC41-C32D-11EE-AD90-6A1079A24C90}.dat

MD5 a27736bb1786c3a629a7b1e74dd342fa
SHA1 e35bb9b3511ddcd2895e1f12873aa349c892c634
SHA256 be24c3ff110a92e2e980774a161662592f62229a9e37bb61454fc28b2aea3d92
SHA512 5e03396de4a32392b3000d6dcc3dc5daa022ea1a595011a71a56a1f10e6cd6f4648ef6d4db40c2a0a812972508a38f50c2d4934155c34bfee850fb9c6dea7ee3

C:\Users\Admin\AppData\Local\Temp\Cab8893.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6c08ec9620fdc29eec51afb15ff959a7
SHA1 f04f177b5c577505011e23ec59d45dd35cd64448
SHA256 dfc936a7f8ef3eb610e341026af5dd5446180a8b7e8104ce7a252bf9f165d170
SHA512 b995e6abb918f258ee393caa6608818e01d26b9f3fada6faf1ed66f2e6434fe5cd1bc33b652f533c4c0178e47baa3ee99ae162aae6adf2f19c58fa7edd424224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3769f53ac22cdf6658c874805d9983a5
SHA1 53ba470f9cd12bbfde1d1149bcad0029e0f8a84f
SHA256 87ec66df2ed0afbd05a6094ba5ad5bc5b3ef6807828d00323b1addb6addd1c17
SHA512 56ce76ea6aeaaafac14128912b31e12a16a2ca85b97ece7f3034bea5ca3b249c0cfe974b2823f35d38c46d6b3faa7278732b183a86c85f469c422384f08f2925

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 06efab9520d3661f40d8eee9dc6f3caf
SHA1 eff046adf4284c362ad223bf40ae76e62489bb43
SHA256 91b6bc325ed305dc2326becdcfc52d4641e25f56fb2c00d79beb21063d49d25a
SHA512 95b0c0b34418a021adbfac67b6a7203017457d7d397894a2a1d26e871a91d64614980e77b8250e383166b5cc06b8591136829cba6f6c9f06d212f819c9871a1e

C:\Users\Admin\AppData\Local\Temp\Tar8980.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 616a30a95332c5e6d92bc965de5142ad
SHA1 a5328d3636f6eafa7403a7dea4cffc0e682a86df
SHA256 88b4443682d2c65bade75c6462b6828814ede2b7573fe59e4d3ede943a28587f
SHA512 818cd90dbf482edec3089cfa7f0aabd9d88c58a90cee1432e7784e0b8e70f509f743f446dd1100d00c7a9059919260637ac29a90178a513dd8242b4c1933e6c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c1159c55ea8aa7ca0b6a2553edf818c9
SHA1 26bc95227a51980b72339052e8ff7645d90c9acd
SHA256 b1372e6b8e4b0d3b271a1e0318fd23e4901f56c98f7eb1d96e848166de41e9f1
SHA512 92c525ead0e7bbab553ba924ac948fa55c4b8692954410ae8989694127d8d2f1b8743d4d0fb9a10b402f513585515b74c17d5010b9993b705d26889d51ee25ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e484a982acdab3603013a4bf9441690
SHA1 a519904470803f25d8bd4c5db3b850cb54967b1b
SHA256 457c344e0f056c6ebe813c4c98118b5cc1863a95b80c23253c127df181f83a94
SHA512 a088859de67298d27d80bd3f8a010c3cdf7a159d7cb2a8760e0a7b3b561569195545640dc6ed5045e4b9efe972ede5970ec1aec5034674f423f2d9e2235d2e04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edf7169284ca4221219df5a65c30aa4f
SHA1 ff76788f28e4798cda99570afaf49bc26eeb186a
SHA256 467ed0af6c32a951a15e67a6f1ba19b6220b86229db28908fa0eb5d0824b4fef
SHA512 0b8ba6d7061329ae2d698c809a115fed58a040dad246b23251d06c7ee6c503dbb98588d5a18f02c5bf40c31254c69b2a81470702d86f600da7fd30209a7646d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ab50d739fd0f1dc71db8d6e9cb88033d
SHA1 fa65c0b78627f3faec40eab3956b471cdf8e502f
SHA256 abe1a60d67449674146e29a0d3073c2992ea029f9d82116550393f282b045948
SHA512 d8aa3e6f136fbe7f87591138057f756726a1f3ccabb81e5bf04ecb4dab189d49d1212a32d5dcce00437a599f05985d5da4442a45fb672ec200b2ac50ed84d41b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 eaf86001a0a438e55b04669793a6f7ec
SHA1 b0b66e693eda43f3b903f16de6bd531b58a72570
SHA256 25f544a3c6bcfa484a7c64c1a00a0d5bfa5d4d76190b0b8be697926492c8a223
SHA512 63306a0300a40f250cda7009c3a1043e69a442d355a4bf1ccdb84fa5e7c4ddd40261804172a88b9df5673dff9c758c26c39816324d4b4fece511f46a7f3994a9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 3fdfd276c3ab49826af8710fbf94cd39
SHA1 dc898c797a77f9d77a1f695ff5c44bd9990d3977
SHA256 79422e4c2ef1994fbf0be628d682551212d081fa877e550bb76c79888365cac9
SHA512 856c793dcd557627bb84a2e1c0beae20dd96df3692b2a00a6b88abb1adb7254fe9b8786d8eed9fccc654c9bd63e0f8004f60f3838377864797bdd0e3767c81e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 1e518bdc04ce05e62ace8061fef82198
SHA1 09effe35933d796f29adafe58333ac389d43b778
SHA256 8656d23f158be1fad860ee1da925ba755fa4166852893a160af1800d0a9b4e60
SHA512 c9c90333d212e3897f282ce695b27aaf2fb55afb3f87a2e89357936e5cedeae0493d20ee6b38b445d236167b205f9a619eccc9ae43ae0555b6d08c1332b014f7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\P2RJ3MLJ.txt

MD5 2b609db0e08131df6a51fc0fe4356a9c
SHA1 ba0f624ca029c763ca75c1caf161ecdf9b6f00ef
SHA256 651b3f28b32044f143567a962b299f8d268b3a8e3d5540960577404aebe01f3f
SHA512 bf6b38c93b5b478bf78f181e85f4b9a10fdaf69069f69401d902c2c1be5415bc17f5a1f1fe9710f5f17ccf0ff51d59cc94c620e69a0e9ad210abf2e46400da7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 c22c6234f33e441226eabfa9cc597b5b
SHA1 3e3a6e76ff9c68aef15b898e88600f03b1041ae4
SHA256 c37e0872d27792fd24bfd4d98f51038a9f49358349d1f427149c6bca79f10eac
SHA512 9f4c944e08148af58e8b44e9723707c768d2287d1a2c4f5f65e50764febfb60a6ecd6ee06371fe48793be75d6afd274cb4445e37fb758b9aa7d7ac7fd84f1cc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 92338026ee75448d792e8bc7ef870e68
SHA1 2b774bc3a61e70e83322fa3c2499aa5a00b56136
SHA256 2d38cf29831e7680a5e0d568d2ad67bcfa22f4edefcd6b1ca25a1acc417bf176
SHA512 5b9625e3d147a06d3663b23f96297c8af3589cd6cf3c50bcf24cd9f45fb1b48730fdb9717d6ccd3b89c4407c6c51150a34de9c03864eaf3f7bc8204265e379f2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 8f7bf09768d3d84a6ca44d3e8cd72228
SHA1 88f58b96b43225b995929c50c99b21c096752f64
SHA256 8ad972bd0d7463d355e8e9e6969a1f01f331d42ef7e1538cf7f33d45559aefdd
SHA512 e663f03ddc0c3e418b8d249abf3546f4c022eeefdb9ada48dc74607748bb37a5ec78ca528ab27def687c3c1005ca71a5a120e89634017f6ddd00b92ea2d3b639

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57d22d500500b700a4c9681564763e2b
SHA1 ca41927d6f8764d1a92e1879b07152a3dcfb78b0
SHA256 ece07da9a9671ef8c72328c13b3f7d2b64c98fa8860b9ac5bf6dbcdead73f6b0
SHA512 3e36dc579290b3f3b5f8d5c88bc0e789bafbff035f808e4abdbe769269a86293a9277ae06cb13c6dd326537219ed4c67ad83c9abc2432d753047c0500a5cb515

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0360ede1d2ee99f0bb0631e842236675
SHA1 5ccb052fff9593b0345540fa4a4efccaea20d19d
SHA256 936755dc4ce8f76a7ddaaf2530497715cf805cccd9899e7083b5edc32fc7489c
SHA512 17e2471f1f64719173bf20bcf792880747104c781057b660a787ee20b7f7544a96f62b8d5c2a869cb8bc28beac6d91a5e16b9f6f85283e07874caff4f6dedd31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b35fb47f57c6e2388020aeec787fb0de
SHA1 146a09e95274f4fa0eca9116c04e6f67b0745f8c
SHA256 b9949197a448aeb1918db9b051457611addab28ad734fef1c9755f393dc98b27
SHA512 902e6da8e4ba296568ce38e517e589517ca94708196733e7775c038a672560769abed348af1f93d194092b1d72318a9e7f1bdc7976a8ce1260ee052b3eb60c0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b58e990ca865da4624cde35606a34faf
SHA1 369057cb03c3d89344320b465538c0b86cbab3d1
SHA256 06a96152ae1b0fe86af67f8ddfed94f523ddbc94bfa74bf201b608bd01965658
SHA512 fda3802adaa8497d1cc82a5ff8fdab117c405c5c6b698fe42a77bf3988620fa7716ac9030adfb6f05c7073064577ea9173297acfa2819b4042c6d2a0d00957d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 170b8b110538726ac8d46d888f761669
SHA1 a0aad3ea6176680a4e4dc449410f5dacaf3554ed
SHA256 711984356b9499d19c1dd757e0d0e55d9e28e49e9a3bfb315ffa882e660db97b
SHA512 caada2627a935673fe8ab262ba32373ca6c681a16c20620764e35f0bcea846044570501e8ff7b8ea94433da44ae641ea7e2c397c64b281e50f0f53ad90327451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1baa8e6d7cf677c03289eec830070b97
SHA1 20c6be7054de63639d4b37d0a1f3493fbc12f98e
SHA256 a55334d02c5c6b8ec25c51cfd598a277bf7801d49fbdcfa9c9b6726bfacb6e2a
SHA512 54eaacec2ff8be9ef7f4937c797566c93da17edbed8058c4ec99d3837d40710cde3cd69768fa68821086d0e15d8715c093ccffc6c2167131372dc61ed0544826

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 345ef4bfc301a57184039e8136af9e44
SHA1 e82f58d8fe7dca6a26abbf76f808abee3ea7790f
SHA256 beadb6bf89917404d905df51f7edd6abe4507c20859cd4b4dc7b6bfa621cbb08
SHA512 c0370a5be6decd10f862347c2f939003d0daec385fdd155f35b75f3e122083fd7a4749b58824f94f79d228ca362823fd569cb6815ddf73cedb7f7120bf7bbe6c

memory/812-775-0x0000000001140000-0x0000000001141000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6ceed0c88ffab51ae4b831f53ba82b6a
SHA1 3f6500fa70a8f4fa4506551868ba008b23e3d6e4
SHA256 6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9
SHA512 0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 7bdc9d8cb6f8f1fc65cb3feaeb5fbfad
SHA1 c409628274cde7b28b9972fe96e2bd1fa786a155
SHA256 3d69a356f38b2a0ef2f488e71729d0dbe37b726c8b570394c38b472c75333f81
SHA512 7c1289719056f18f3bc71860b38ee83cfacd3d377cff4a63f7af9c6be379b619f4bcb9ad551db0b7438f2e28eabe0891f3a2bd7d614aef18509b2e9518e257cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\9c537181-d365-45f1-91f2-06c6e4c06110

MD5 043a43f0796a08117f71853869c72449
SHA1 c193e215623578e19f8fddcda5da0b87bdd87891
SHA256 a17d21e10654043d9c45b8d100d29413dfd66bae2cf78a680b81388ae961dc9f
SHA512 d6124ee258503f96f4263672af4cb1c96cbcbbfe8283eb972102f456d876726826bfb63053181857a83f2134dd75643e234dd6a7e76dc2b2015392e899c5377d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\9583eb03-e625-4311-af0c-91a38e684f79

MD5 e5d86db1d17556474c6d1e9400dd7302
SHA1 610b74022f3af820217f96ff7fb9b03c5c9b659e
SHA256 88f0ccfad160d384f4d8e4c6427653229a2319ef0c2fe462a8ca1db01badf494
SHA512 0b5377e0d5826d637d3598f26a408ff0ab407850941774c01328fa5f901626019e488ba8745e72e83c8773f625253fe62e163e6eaba0fe03f30f3cde3803ec07

\??\pipe\crashpad_1584_YEUGTOOJHEHEHBDQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 fbcb63ddaccb9f2deb0ad35ad7052fdf
SHA1 c0b684431b3ee3af245112fd6a9dd3256c10f537
SHA256 497126f191cdb63a919733f900cc549ca224056e297851629527bb37faee9c31
SHA512 7694ccdefffd9efd7a90714be87d7757ebe5b6227fc335de766a8ebeecebdbe607a2abd6ac469ebc157e899a47fbca6fa688dd89563b87bd51bcb283e565784c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e44b8551cd62c3db9c3f3da94c2833ff
SHA1 a5aabe9fe279b5f8d0aab9cac6b52c578fdd42c9
SHA256 4fe5b74ac704e034a7b0e23ac9d9a1ce76b1336e2935c72c56d0e34ab5d30067
SHA512 6216b661fe029588b00a2a65bca87076a082b7d930cbb29384ee1d688a8ee53064a43d470a51c1fea9c81cc2f2b53c8a7f77ed80da19d17dc5a2ebc2fc3b44c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2235433dc64eff5791221be5825cbe97
SHA1 a53596c5af0e63faa1f5d5f8456f876a1b3c57d6
SHA256 02a9eec32794b52fa88ba756344a965e1fea03f481995d71da02fa6315bc07b7
SHA512 f1cde8764fca8c649996cb3139eaf9f2553593759437f25b242ace02e982f87fd16bfd92ea74c23958c8ce69f0db9a0034fdbe0f2d1513eec215ea0c2348a1d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 88bdde46c4da945f32862d2ef819ccb3
SHA1 788d67960cbb5db9ef5669e355dc1bd409dc2b13
SHA256 3f0ebee649752e9bf662c66ec7dea5178cdb4681aa71344c2fb2a121a70490c5
SHA512 b21265962b3fc7cf2d199aa1cbf94e7f7394bb60d150295b4cbd630d9e7c803154c11e85cece4fca61b22b613351cf670b338f657abb6cdbd656d00b86980f17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 2717e2c2a07ef782e2aab4060e0c39e1
SHA1 baad4537efe551890c8db2d2a8cc3388dfdc83e8
SHA256 4e0fdd982b6e143862c85607c865357277b73a380ed0d9b991dd6caf37fda4df
SHA512 738caf9718529cde9b9d74b51fe8130f36334d491f79c16c28bab9f8eb3155cb19867c3fb400c6a3ee71a254b8fcae504b86c3d6a2d93f5a89f2f8d31c95d517

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_532C75D1712657719080E16ACE23E930

MD5 3b64f0d8ac62e00132938141fd2a7e36
SHA1 a831c3fefb00465f61a16630c8bb1ce139f03872
SHA256 7014ddec6aa2a45bc44e922e2c96933e93570e344a729d53aa5b6e48691d114c
SHA512 b172d2fc0a0a85f1daeead9e6db3c3d4488ced078f95fb19757e50ce36658cfd31b2107a21bc6839fcb6dc64bfae266f8e46b4c5bccd2d6ef57da901669f7e80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_532C75D1712657719080E16ACE23E930

MD5 21aef8bbd2ddf1ffc3bfede5ee7e902a
SHA1 64d5cd132589dd8bb2acd4e64b669aafeb021ae6
SHA256 dea7c615a137f629eb280ac65a12167237be98cdd4c9b2626d2c1b45a4015f98
SHA512 d22b2baa25110569df6499d29128cdb94e72785434a38f5eba273dc9d8194d3f6c7d4b95082d0734aff021860d9ddc3bad96195a4a1c083888bf7b6556cecc55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 76cdd5021dce67685a93a915847f5a33
SHA1 302dcfc6b3ba349d85e988090b9eee73c4ce5a71
SHA256 d932e45434943f320f3657b8e43bdec5d86690317e412682e13cfcf25362efe6
SHA512 36fb9125ead5e934f0e91255c9276c749ffd97274b2ef4a96dab2ed497aced99587dcc2a5aab8d53238207ab73cde78b0ec6cd024c88f7c7363e51e9d7f29ddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 3d85cc9cfda9ec016ed757c5ea5f499a
SHA1 72732df597e69f1a11a8a54f58a59692eef4f30a
SHA256 8b8884da034721fa6b13a1ca03811d2adcf4a6b71045033687065bdceca744ec
SHA512 a57c3936ccb01b1019cbccaa7ae2c6db762a3510ef31fce4b5605c168789758e0c521283bd4a899f6d1854d40d0a6b4cfb5c24356dcba43f5a5da01b4c2f7601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 be00faca056e42d713c4b9ada4fbc8fc
SHA1 b34e7bfcb8a473a59bd585ec2b3a708e4cbd5270
SHA256 9fbc1ee6e116726022ca9310263b8c09987c6a7c738a98cee9a44186a1f51291
SHA512 03e612ba61b35adb610da9de6053f017c45828018bed8842cd40c61b0d2b3c5e5dd396bc71f3a06dd139a120fb1f271d45ace81ea1808097ca74d5de82ffbc6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 19be8fda4eb91b2b3fd5175a0ac55679
SHA1 b6948b0497a2e6e5231b2cb2d87c91e0a7d21804
SHA256 d07b6f4e6a032b7ffdfee443424903627547707d4efd9d7ccf459e07288281de
SHA512 c79a662e79a0b8532a180f31925d09b85833d4da69f5f6614f0dabf8174579da12c63dc6774b32b8d858b450311f1fa3bf7b33936d52b44a354587f7cb63a210

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 c7c3973019d1582e7aa12e3a6812880a
SHA1 2aadbdc2efaf542cb7bc1825908e72594465a5a3
SHA256 e59fc495b3c016a658c44637af0c3acbe5492214f398eb6f8535bf2122f4b65f
SHA512 d45617da73454e5070a71251baa24eee3dd24cff3471aa327af94630dc9b2ff31a8d77d5177cc81d453c81aa2c07eed09511a7a30654a313f0429079544e2242

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f3a1ca84a82680ae9691ac747a48fe0c
SHA1 277cdeb7183c2048abba8c5ddd13614e41121a09
SHA256 5565ca7c39faf987a61e1cefa436f5f24c2581ab7ef3cdea4df54fd5215014fd
SHA512 17faaaec8bbad670d64dc919b11164260912d6b4edad6c371e16914547620258fa9fcbb3ff294135800d4afc3c7f59d8bc626ffa8c3e24e3ef40a8912e744a79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 fee2312c926de1080d6d28ca0a5c70b4
SHA1 f8d2ddb02fecb5562a935ca1541ee3d915f4daf1
SHA256 60284c4f6a8e7c6feea5dcc6f6d7604b04851c591933d6e1abffba2709165d75
SHA512 4294264292308fadf40481d28654d05844283c559d7df34a3dce3026ee89abd368bb78c3e933af0951c8a6fdf2d1d17c50470110ba94c7730bac20bdba7d4a3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b1fdc9af48a043e14e0943164cb33d03
SHA1 44a3d78073a52218b7847d31cc976627614666f6
SHA256 f50d78ed6bd8af7b4bef4cf32c0ceb917dce6a6caede6bf9e4cc464bc3ff9b8f
SHA512 040d10df563c0964cd88b19bb35419e6fb47e59c1bd3e6ea9b60e4edc590a0b3a815dd0ed5120ffd6fb90b8995af7f57479e80513b2a0fd2150a467c2c8c26f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 139a0da8a93c7785571402562da550b7
SHA1 271aed25e9b0efdfb7547f3b36db568edea26462
SHA256 e28666bc42237dd654dd4c3e10c785032a8aa129889836a04ca29ffe39e96347
SHA512 c2b2e25b55d96c6cae2dee016bde3300405f73e38abcd1b74f98c1ef333cc497f8a72f319a06ffb965b74740c9509b1a2c73c42dcd8071fff5cff13a3c4266d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 02fd8b8fed6d0f1a74429c5032e3cb34
SHA1 de5b70e3bd8742a2d4097269834c28f0c4ef9254
SHA256 fbf96cf40931e5ea04c06973b0b441cfaf2e4fa7de0a9fdb301e2dface42a366
SHA512 bcd09dfd51fbd5174cad23cc9548c0e3594c9d45896b3fa79757d8cd71cdce0834854f3509d28a676f3fb8c5e91ce3d4182b17ab96c7efe3d24f678f71ea0172

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 75ecf961663c02c6c09d390a6b91260f
SHA1 1bb5f9fb9a124b0d2ce6b8f19c743f8973f60145
SHA256 caed00bf960681aaec949b38ea5fbd4e3e0068aba6552600be13c20a998965cf
SHA512 d13c1c0fce66b7167766876fe6a8a7e1c0b37fcfdc70d6d7f6195851249d703bef27892354a044a43a1be818ed4d4a1b124c8efac55c9a8a4264f6b39cc9ccf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2ac114fc7a481fd7c985e318d2096fee
SHA1 a1479255299d4bf67c8dba6850f68c2ca15d7dfe
SHA256 61b44a76a015f8271d1f05ac793d304cb649ba5da19a1e353a7659347d3186fb
SHA512 3135195c5a9fcbbf8af8f94625a340191374923cee7dda97403c291a8dd733641e61c80f7bcff5979c777ac978b6bd2a022e1f48a62aacbb53b36e2dd9326fb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e576efbef97ed46afb5c5ad39b0c48d
SHA1 cb8d4c238cd4e35d3da54b5c7fdea42bf97d1fd7
SHA256 1b1322d40a104e367383e593e1277741fa1e43dda3a0538f8176350cdeff6afe
SHA512 1deb9e794c879bf8507d94d6bf3989b4cbe4e7e1afdc106f6c62aa88cead1b327f4d03886cf24d4a45acc4d5d8d26e7d546548cab9d22deb38895d20ab801e61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99af9a468b26df5502990167d65fb1bf
SHA1 84618f88a0e5dffaa79508c9b5832a3c20654f69
SHA256 a93ed8e019e18a72971f44f152bcca7c304a4f0bf6748af3eecd92c5fa3894c1
SHA512 c85c835d60afaf3d6cb046a1facb562fa8a088e07e0495736e81c8dcb78a97e8a80bc98f170a6b5d20c6f3d2bb5b55dcb870d0b9a36a4cfd56b1aff0f14dab12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2109227e84f8fdda38e116975aa261ed
SHA1 a914144f3b34fee33e0c3c70fc8ffc6d7a5a0f52
SHA256 747a63ddbc0c79b419e404f4e634536723010a68eb89e73fe0566ecf1f8d6beb
SHA512 612495a826e3c3a598d519cee494f551019657d242bc1353c3ed73edb215a3e54ded3164dc55b8af305b2646b3a2bde2f519a2ee187b67551c40e5a96e5429dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 625c236a15958b5998e1c2b54a346725
SHA1 1ec1695af172475b51daf667b371e5a686cd33f9
SHA256 eea8a6131b5ee8ff1c7e9ad3a478ad5644f171313119b5cb380048237fc3d1f6
SHA512 3a2fc02a3c25087e9d3934513f96e4afd276ba6b8fa1cd987b8d4659a1597b9c70db55483bc57a5a0e09380c8eb2475f71fb8e800268581025d7f444058658cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 dfcf51b68b707ea0d8e1f9be24921899
SHA1 cfb7aecc01e7b4e41c57976c7b44dc3c47cec691
SHA256 eb81cfc1ed17c07cc30b5e5a249d766d1a2d68794ecbaa2217f83784a7bb6815
SHA512 e23baa4a76c0335c86576a9c84c528cbb17bba9b6f6a0ee802f177d78903821a592a5ca1a8aa7e9f9817eddcd5c477f0c605c30f63ace87b14b3c5a644c6e8c4

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4173061be01ebecb845ec44ce0703c8f
SHA1 fe828f050891cee6aaa133bf92b15eb77db7ba23
SHA256 b1c0273f1e8bdd5d96118cd5ffd4291a9ada3af7199f6aef697218b8c90e5de3
SHA512 588a143e121a25fd6ba73c53c8737d490763af3c8b8c485b426f7497b9e4645ac873584f64e1101bfe75847b174a77ded791178bfaa177f44cdb061641a73ce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9a943145315d5064fd89c04e85ca6e1d
SHA1 f15b3467dc0d32a42b78098c91e4d0411a34eb4a
SHA256 248f2a9824c437353fe7be5c1534f1dd672d3cdd4e49cc936c7412712efc654a
SHA512 21f2de8f4ab6070ecfa547568fecfb8608b9fb64e7b7224637a783e9012fdcd64cc861b52247ac3cd79162be6b8798dbffc67cbed24e58c33fe8dbdd0e0ab48b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0d0b62dfcfff2998de50f94bb9e6067
SHA1 ba30f7d8e9e72f1c88ef4e3cf7083485f4d7b941
SHA256 12f17645ab8a4b51a6f29aff8e33e43ee69354eb0ea45e7719ad2412ad9189f8
SHA512 423e036af0783a2307e807eff8a8571df631a8d66e68af33e54d8fe6b78e7f904af3372aad2a738433b7734ad32dfa7250f8e70d727ee06a0b9b4e92fd1c94dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9af95ce6-1764-4a9a-8975-ea34485f555a.tmp

MD5 6928001ce43988674920f87691c1f84b
SHA1 2aa5a444a7e6c29c3c51fb1fff237f278148a91d
SHA256 7ff0743aa4384b902ef9f30b61e0a87b7d06b01e73eafb3a859caf3be6532a5f
SHA512 0ebdc140fc29a20458d293e0d8fad777f9123889a34b3bcbf964de14005cae8dbb2c33f18753aa98689dc2911ee774ce436dfab42682f0d9d9888ef898b04c3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd1c1f7a51df2831b7aedee9206cdb0a
SHA1 c5cc06f9d9637cd36243dbe3b5b7592dfc97cd1a
SHA256 d31e99f87595cbd797270d2c5eead98c4faaa548191e918a769ac2f13a56644d
SHA512 842d29952eb48566c11f35e0da195fde2e61f0ede6e76700d7e92b8c14db12f9b6d2d725accc644b002de3be404ea2aa3e68c8f1b6e1c79fc41a38c21cab19c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 377ff2bffb3cf191ccd5d738ff97e921
SHA1 1ea33436cdea603bcb618cc0ad3c0cea7cced2a7
SHA256 fa08d3f47720bce82f9b95bca9e1dca8a2f8e4a191d954f874d0970eba0a8561
SHA512 ab3ce8cd837beb3dee6c255df948f53bbb996938d3bf6fa1a96e391a04191236cadd80c44abd87db8913ea8895bb713d113d2cf2103b7ea5d5f935f0855571a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25ba4c8a6c685724a64f16be3663e716
SHA1 65f07d4acd12221d8281ec1cbf2f068b9e442b7d
SHA256 e4df9a7f158a0c5f7c33e8d000e8566738e54abc119f0915aafcc9d6c6a0258d
SHA512 338bdcd93800eb4751e57484a803b729bacfbfd809617f152c57994acbb7210589945714e8132dd62279618e0342bf9cac74b3047bbf10a1004ba8fed6be16a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25a4cbed47c6c6976066f1e05ee1717c
SHA1 6501e1d4df55743e8b4cdae44e9fa13b515d521e
SHA256 ea2433dc954f40022b872dd7ce0582110a523aebb51625cb2383092589ac1364
SHA512 6d393c331243382fd4ac514e797d6a841a1115456442acd86c9ae4c41d84738f21b0c3ddf89d0f5382558835f3f2591dad1eebcf22c6d7ef2ef63691390e55bf

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-04 07:19

Reported

2024-02-04 07:21

Platform

win10v2004-20231215-en

Max time kernel

157s

Max time network

169s

Command Line

"C:\Users\Admin\AppData\Local\Temp\no.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\no.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{41FF5CCE-2FDA-4551-81D7-00CE503A61A5} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\no.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3052 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3052 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3052 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3052 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2732 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2732 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3052 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3052 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\no.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4724 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4724 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1864 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\no.exe

"C:\Users\Admin\AppData\Local\Temp\no.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921e846f8,0x7ff921e84708,0x7ff921e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff921e846f8,0x7ff921e84708,0x7ff921e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff921e846f8,0x7ff921e84708,0x7ff921e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14825147043565392268,17662157493239158323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff921e846f8,0x7ff921e84708,0x7ff921e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14825147043565392268,17662157493239158323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921e846f8,0x7ff921e84708,0x7ff921e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921e846f8,0x7ff921e84708,0x7ff921e84718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff911759758,0x7ff911759768,0x7ff911759778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff911759758,0x7ff911759768,0x7ff911759778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff911759758,0x7ff911759768,0x7ff911759778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3410085830043647449,1647674340307139004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3410085830043647449,1647674340307139004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.0.492157709\1858284241" -parentBuildID 20221007134813 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42d6d5ef-c386-4792-bad2-72ca010cd49c} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 1908 1ead50d9e58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.1.1164263012\16547661" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87c8f2f-9183-4822-aa6e-adb9a33f4be6} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 2352 1ead4def258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.2.840655925\679147533" -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3332 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f0a7fef-856c-495b-9f86-c2b285fcc5b8} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3348 1ead505ae58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1900,i,9477442802522394485,774840318653450925,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1900,i,9477442802522394485,774840318653450925,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3868 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1940,i,8635259038430908602,3736511944079544443,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1940,i,8635259038430908602,3736511944079544443,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4680 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.3.1332138739\681216227" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3172 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c1c786a-ed73-4ed8-bfcd-cef845f43334} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3520 1ead912dc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.4.547831258\1754566885" -childID 3 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1736db3b-ed61-4f4a-a5b1-298c79fb8227} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3528 1ead912b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.5.214207853\1585992499" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3544 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b58345f-28e5-4b8d-a3f9-8f9738c0f946} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3868 1ead912c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.6.512417878\1158981798" -childID 5 -isForBrowser -prefsHandle 4204 -prefMapHandle 4200 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4046416-352d-455f-aa7a-bec7ec070820} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4212 1ead75fe558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.7.1381901166\1602206184" -childID 6 -isForBrowser -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eaaa5bb-d85a-49a7-a9e8-1a56375a11b5} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4752 1eada58cc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1748 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4275618741317797543,7870065984622738066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4632 --field-trial-handle=1972,i,3585903769702454318,14212824759674962346,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 172.217.169.14:443 www.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:52234 tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
N/A 127.0.0.1:50833 tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b810b01c5f47e2b44bbdd46d6b9571de
SHA1 8e3d866cf56193ca92a9b74d1c0e4520b5a74fdc
SHA256 d1100cf9e4db12cc60cce6e0e2e3d9697e762c219f6068eb55a1390777bf4b45
SHA512 6bbf900b2f7614dd17aa6d5febe3ad1100851e2309ba2cd5219c5aa5af7bf830eec2cc88071d37987aa7e3f527b8df5b2d85e8b21b18fcb071baaab1a2eadae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efc9c7501d0a6db520763baad1e05ce8
SHA1 60b5e190124b54ff7234bb2e36071d9c8db8545f
SHA256 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512 bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

\??\pipe\LOCAL\crashpad_1864_MLHPLEAADPEZECGA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b46d45bac27199917fb549afe6896381
SHA1 fdcc9792089a1716af98854e0ead530b3cbdd24d
SHA256 73ea1897f3ac64752ba9287cdc285925952ccde46a6162a5f98693663d13c55c
SHA512 2ca5b899160a6a46e14ef41c15e4e8b7e335c4ba40756cd1ff18941682f4b45c0c7b2573891a6f08ff50ad0d8c58942aa3342af6eb75ba4682e991a5ac2833dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8ae25b226e0662d256cdb32f2777f840
SHA1 39594f82a6dd98b6e4a341648cd56e9efc6aa16e
SHA256 935b4cba7114f9adb0c7ae6acbc8903ec672ae318ac63c5d5e5edf857b4db207
SHA512 e529649b71c7a7fccaabc2833af3cbfc9bb15b66cc5735fc95a2bd741c502bd11af05853946d045a49d823e3f6899523d050fe7d33c485af5abccc8e2ca02e8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9ed6b862e12efde756b9ffc242a7135
SHA1 f8a7ca044a0a83e5535eb2695273398e957520a3
SHA256 47aaa1702e693168f7387905ab5560f42938d439a455e4fa198b2988c1c98575
SHA512 41faaa66f40abfdd3b4ba0620775322a7c43ccb37fcc876a9b024680bb787dcf2f632ae52363617ccc527777d43338181909c3f1c20bf02e18e6bbeea534bfbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4eefe5b0516785a493219bec3984d7cf
SHA1 ce38dbd2816a566b538a2a4ab7b7ad98d41e8207
SHA256 c0117c410f1cadaedc20e54684304e08e5b683a9161f3fb9cf05ca186d869435
SHA512 e64dc9a0605d7343cce1e347f2b9acb89255d175b3cdbe179587b1c2db472d5044b2d31d4c32440f054a641160c424572c4199b4c748b6ae15ee174ab7ae0826

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 faeb8e911eea0d311843c4c36f556506
SHA1 ea24ae7e476e3f1e02f567af0b64e3a2d4051040
SHA256 ab549bcbabe53e87e2cb90f25b6d93725c0c964931c9d2b566bfecbdafcf73aa
SHA512 617844f347616bc34b4c294b2fb8da716bc70c8b5d01bd0fc3dfedd416aa6f060daff229907c8e09c49b1d49e89d30df1ae5d09b9b2acae83783fd6f32144ae1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bba20426d041223a8145765e971fed58
SHA1 efc881b59b5b34f392feb8d7aed53e4429f9aab7
SHA256 bdaa110a19fd748a92a93be3a50b456644a7a9c66b3fbcd90ad819357d646ce6
SHA512 05e203a1390ffa2831c523bd185de0187daebc01473f42f42d24de620836c4bd06d0b2e11a014d9f3da56fea8348a8774eebca16cbc7f1d604ab57da9805b177

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

MD5 ba8f1fc3bc34ff3f55826b1abf4d72b9
SHA1 0379de2ed6b8f27a01cb23cfac6325329c55ead9
SHA256 aabc56727b7af5ccc729588ad62576dfeb4c941195fdf582f345cc7602d29e57
SHA512 c33b9c35a1110e818b83ffcd74421e9dd32f246a9276d6f70bd6739b05bc9ddfc86d3689ce29e84ba4467c35fe4c722cdeacb59f612f6f0219fe140a0505a373

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\379485f7-c78d-4013-9361-86cca8595735

MD5 1dd1063aacd9938b7602c9c656703c7d
SHA1 0f10a8fab3bdafe17ddd5af2003147640bf6f388
SHA256 48469a04b63b9ee96854be21998e6078563694ad21658341541a59daa6be0adb
SHA512 952da59a61b19d35324f6a92a91678fa746824922f016261af7c0222e48cb51369d6acad8eb30e4a111d421c31fccdc0468e265220ce73820e7c149d6262dcac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

MD5 166eb80ea265b0cc3d3a88281a6292bb
SHA1 0f322171d143e9bb0f88a412f183a1b2ed68356e
SHA256 71263a3c8088475ff6ad2311b01682ff459e33abaa8883f1a973a992feb65d99
SHA512 fbccccacda3bd11ca3eefe80c754e0ebce10c379058ae5a93a691b295b10c0f7d913a5f4a7592fa974d207728f47e56f4e068c0914c86ec63e20e128454efe6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\b87dda7c-4a24-4463-aa8a-6af1fc2e4947

MD5 5b090d0e77f56cb7c65f0101e623be0a
SHA1 e73f5b1c27003c6f526a9a4aaa0df693669afdab
SHA256 92672ea2ff252692e9919b94202f9926a0ebb65eca232f3932752de9986a2cc0
SHA512 c828031adff9db40ea085d9f57cc7046cde090cd0b45f7908695ca3e80019f8999f5735133a2934c505a693314ef310e1579968b7755ec47859b7c5c3b6c2a7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 098b66d2470364f17fba6d3e2703c808
SHA1 f0642024b6c727329d895da2c2b4bbaa6837514b
SHA256 29531bcb858dbc0128adb92c6fd28e50482523ffb10aacd9323628e87b744a4d
SHA512 51f68ec2566e2d9f12664a52ad2244c6d7f23bfa992095c6d01aa2ec0ea8cf261a7842cea9d364a82dd94e41c47e3f9b9ba58e820f3f79786a8c85a2db8d354b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 6209201d8c7f9dc60bb5f2e02f8da2d4
SHA1 e6898dfc1ba34ecd5e5b36f05f2c17cb455594b4
SHA256 898c755b54f9e6cffee0a97b5c54f200f17f3462a54add5a918437a014836b7a
SHA512 dfab9e3b8a6501a7ee9985211db442ae45ec4853250914beff8f5e55bc09c04b49559728d3a2593bde17704cd00e355045516ec09fd35e135063f5388f149aa5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 03cb3706ce7c77c1f451cd3c6ce684eb
SHA1 3cf9c3f81495c01fb0d87ee0571ccd6a38af2c33
SHA256 3edc7cbb625b946e9e44bda0cacba231aad6f1f06b92f7159a0c933022b52df8
SHA512 ff23b07726101495bab88d8094673948482126fd171f94bc710cb5b7bcc643eae39c8af528a49be3ec7a84b459a3916bf7994783fd3c89dd630ce99e51e23721

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 32285f43af25cf830ab6440997697e09
SHA1 7efbb132a52d29f46877487f4dd576ace33711b4
SHA256 540030c006ecd189f2853246fb959691cc6d3df5c4634689d07e5df6a6c97f56
SHA512 7bee6e1d00e16821e52f3d85af8bd3f6fc39a92563329ee56e64953fd94696d5931f26948dbea99161a0a3a2f0c080750eed86e7a6f7b84fac06c0494cac675f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

MD5 045e8c9323af7516b49f7acf8700f5a5
SHA1 91895ee88112bad1d421512bb5abedd9198e748e
SHA256 7ff9c646cc2490981a1254ef7bf08993a594944575b4eba7168141ea863ec1df
SHA512 cf1a78d29f6aed2616d52078c1ebd56f8bd2840330d492d7aa75c732726d7097b1e3a8668a2f4ec18c701ea559def2eeae0fe8ff7c2f6dccec3d93283adb461c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 a88360a6ee6a2881c1d77ea69477d764
SHA1 0e2b34a4f597de53e101a28d74a0aae923a401b7
SHA256 b0cb288244a2ebb4881e51681ebb4ace0e7c19537f237408945c0e8b1ba6329b
SHA512 26651c54b0557515cff348f49bf5fdb2f8d6c1b687d41bb6480e6b11f393ad2be7384b91af132e07470cfe16f4b07af7f33f0adb78f464ee95f572cb9b9cdc31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c563e51dfbaa912d03916bacd026fdae
SHA1 7d72452bbd60caa2d5a135e567010a997440d26d
SHA256 39b7133f6e5bb0be1d70ccf41b9e876d3265897ecc00ccaa59efad2cc0f1edaf
SHA512 a6d79a93d0682fc8a4329cbe36e858aa8744c92e9670d9cb415413adfbef2dd763a97f4bc07ac0e239809094cf7feefcebb97cd64e384c01c815283ecb78da3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e26e0accf2dde6974207ed24a5f07b0
SHA1 4b2fb3a82dc05135e587a435acabb9455586a8d0
SHA256 15152e9f3f599454fb55fe5c3910cad423118521afb6f5f76e9aee2a42155872
SHA512 0e7ed1e98b3096bf970a2b6a205bca3f909401f48663bd1f6b2ebdf4d9d03b9676b7330dcb8bea669b7b027d52e0d0f62dc4d555ce4129fbe0829cb130bd4611

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 121510c1483c9de9fdb590c20526ec0a
SHA1 96443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256 cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512 b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c77135b7977ef34a7237f3fcf8f3cb6e
SHA1 3cee565214842994526cf2ae48f184d48e3da782
SHA256 5b731e16157d0f99c76babb90cf4142e55b525d0377cef0a67ad56c91d7b5d6e
SHA512 319cde927e5ed005df9c26be2e02402c986811cf003537fa3b99a6d8caefb82c75e2497f597612ae21b54a2aa40ac2a53c63083e3afdbb7501931cb444b095c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a00744d3b6efc98117c397da7a3d5a25
SHA1 b107fb9653851b74bbba1e978c1e7865dcb60596
SHA256 27550a66907642702e893b286da6ccc12f8db470444ca52e803bd350c87860db
SHA512 19617f6c5482d0a7ebe47c3f60ac9d9032d8685462ec815ca8281e34c26170127dab1ef7a3c426cea2e286c1288c9bb7489f08c78ad618496408507922e41eb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 659c69d3b4495531097400a41bd72803
SHA1 4a250e429d700a321c2e92ae1339e3e57aef2e01
SHA256 737e4fae5494d85eef37ea3430bb7200ffe493508423662fcc18060daa0ae06a
SHA512 b13e1338a66f0c75975591bc85dfe8266549b60206e0879043f49fa94908c5d6c87095a9bd6b2c29a9bb64103d8f44733022f031d4a2292d6695fa58106660ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 0f25e9ae7693dcac68f70df214f0b832
SHA1 9948336ae2575e5017a88dd366b124338bfa38dc
SHA256 a3e80d6724cad3988c3a7af5a2dbf6a2987aa2ff12acd23502e22d0b537fb448
SHA512 099f2f3d1f77654a1943d6b4b5eb2178f7db9eec968806789aecebf889b608feb20d1cd27dc9743bb9daabf8433c89bb7a1d0d1e43d286b46e381a05958ef3d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 353e3ebfe39e0a8d8a3e82a613dcc25d
SHA1 3f73da4be216e921c4247bd07608de31b3c97fd7
SHA256 9cb48b98dcb64839c8a55a19150ed24a8324debc0dc5c0ca31831464e278f150
SHA512 a84859cfb2c9298424bc8220af38787e46fdba075e7cec8df410267a24d48d640fafe931b6f9a7c7e092f5df2bb51dfef7b39a25211dc5b620e7e5c24185f44f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58747f.TMP

MD5 3bd809f02eeb18fdcfa8f3b90d8e5cb0
SHA1 b6df85e12ce8a1a8c7e6a6bfa022a843a4df3153
SHA256 af63adf80b9d83ee9dbc16467a4f1deeef5a6a40fffd4dc92bf2742a9ad84ea6
SHA512 55719d79ecabcf5b33580be277f8af8121e5646f9a3acbabc4ae66fd3bf56d873cc91b975544376c638947bd1e1c6be29c7bdc308cb85a1de860c91f2f22f88a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4a7e997-7c1c-4fbd-9a9f-222240c2d4d7.tmp

MD5 9cc6a02421e10b9f1935e61aceda05fe
SHA1 fd95c929105e23aa92e6295081e2768e4cb97840
SHA256 ff71a96ec8c6e9a70b1a7dfe6565ff47798295d13cf0aa0d44b456ca75552b81
SHA512 f3666885ae36e1f1adecb3fab02c5c65d6153035070c1c5dceb17d07b18b741c04beaca88ae9cf9d2948d7bc3bb1edd1e919d10863010ad9bfc9518768629795

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 6fbacab6ab658d4bd4b7cf05246ee4ac
SHA1 3f18690a9c4d204180c2eb898b8ed17feabefb52
SHA256 4330e722b8bf45f9248622ca985f59547809bf5f44a787c6817c4107878c6046
SHA512 e8fbcd898270d03d29cb00951830f9242ec48dafb0f99097a87c02a8597886647ae80fccaf3c784f520c0a6683e04dc159eafdf8d2025fa0a8616f8287f5b89d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 09767280c6be3cc0d640642a9f57c02f
SHA1 dc745b23570a9712a60402d65ebda5a3abf78d5f
SHA256 48340432df3c3b62dbd1696fea8cf2eeae72e83db7a714442789533bd1860913
SHA512 31992846615c665a5a3d16d3b7a829cbb61fa60e8d5503d5617d65755c80e1e8ade32068d810636484d949bf2a51a7a0d78e0ce8daff8d11a290ba01e87dee5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 318c95f6a88af93627734cbe28d772d5
SHA1 63aa68272cfae46f13616790216b07449f8160d7
SHA256 b168020d44780d73b54b785b5f28dc3dd8d3740ae2c46b1ba0309be7888b5f11
SHA512 e0dba35c17e248d529c9f2c2fb9ac2744c9c3c041a429289d758c1cf88c8e418bb40deb02bc6ac36b5859d0f2c08072d468813ba757521367988a868f791cd95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 bdd5928e744c7bd1e6f98929a86cd69e
SHA1 b485556012614c5d7b831b744c79951eea11beba
SHA256 b6660e12963082d10275a75d1740f6d6502b811600385b06d502095b75ff34c3
SHA512 73c78e1d592c435a4c8e66631b25c52b7a7e45fdb55bfea406c04a9ee6b0d6481587a7d50f1e9e13c4fb7bb4577f3c2999eab779561fb4e7fa20a35bc7c816b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bed134320acfb82c4935786d5682cf64
SHA1 8c5d42c197326c8c2c3b6435d23b7415e3912c68
SHA256 f24d51fbdb696b529be09186ede0bd66a3656c332594e83c187e8af7066dd583
SHA512 b1cdd5029f98693787103d5292c0a4f042268f9a3df4cbbbeb540e08be304aecfff50a555db3dce046abb61efb5e84aa3b36bcf76fde7224e6c43931d1b77549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 ca88210f142c0a0f6ffba766e7ef49d0
SHA1 a7c1d37ca54ed1910b1b5e8ba15326de25ddf4a4
SHA256 2bc9ec061b7883b69f164a16f0f9d19b25dabdd4d59360142a829b24f935b700
SHA512 1caca302e0fc016e19f9e47589745f8dc4347d0a9cb6bb4e98db360481861376af2b08e15ac1c12792445630edb6928c0b820be83eb22efe39b41d978718f28d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 92a1fa032d4e41ee8c2693e10872f580
SHA1 673ae4ce53d6923d82ad135f2a86294898a5dae7
SHA256 252a26c6b36600861e848d1711f73683f4e86b2f82334cf39b89065e8ffec5c5
SHA512 cd5bd38cc6e376a3ab884173f379e424cbc4016a91c1b7178629ac799d0528156e227047e7425941658a25d19f935b3c585b2af15dd87a7a0cf438262d40470d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 5a5c67772d44eca9ecb08e0ead7570af
SHA1 93ffda7f3ac636f88f7a453ba8c536fafc2d858b
SHA256 eef62541016d82bd804928b0fe0123d9ddbc20c2f4c0198ce98ae3adbf9a9c7a
SHA512 14a649db943dc9a756e24a043c5a946ab0dda3cdecbffa090bb71996ca3a35ad674052895a496195799def768ea318ec4ce8b97e4f2350106c84a6c4f50affb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 a10ee24a1ae7802b3f2663f8832206e3
SHA1 33c313822b61aed7fdc216a61551f1a0511e5428
SHA256 2fd85b4910fefdfd20958ae40bb95b27e97c18d22baf6e1a9d5cf4eda6c2cd74
SHA512 0eeaa72caae875888ab71e30529091df4de86ccc1ce0ac3160e3a7624a5ab643b5cec27f1f120d1c7c9c4fff7b097eb93fc1807eaaa0a2159d74cb410d8e4f56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 c64702e0b5391f53fb0fdb1f4c269fff
SHA1 6ff6627c1e2377e7cb7f4920be5e7091e804b90e
SHA256 af6b3ea249e8de1e2e14663fb45cc7136631bad9e3439af855fade5d0fd20995
SHA512 11b38fe13a13fffe89b56c7ec2bdb2f1efedd86080d12981401eeb89b9fb8e93110d7f2eee09615371a797f6b2236eecfb7bcb69c1f57ae3a6d0a90135aad543

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 9dc4649fa16988ec78278b9c920f1755
SHA1 39deaa15c46963f39f7495fc3071b8fe73aeac0b
SHA256 7b8f0c37f1c3a657d5aef5d898406bdc1abb324e93dde0a60864f63f298df48d
SHA512 f387f1a16c1c3299c5e7d55897ffd561d55203477a72df2251cd8f7ddd7b5180337f6f34ff7d8d208e7cba0f22a414c72f5e3cf04ce1accd39cb80e2cb2854c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e68e08d226d84c0c2c2cd6c711505723
SHA1 12c370ba1501589c7a5d22a6e6dc0c8ae308dcba
SHA256 9ea86618fc1f50e72dc90a10fb09094ae185ef64ef0219bbd04fd3f42806dba9
SHA512 56f69d97a706d82a2abb15c21c7faacb962ea62cbdb2b121847e3008cd8179af1c9528a8b56e945b33c1c5ca27164bcac04067d20b7a8ba14e96cd2b3a86af90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 75321c5dbb348fdaba244752ce4ffc72
SHA1 e1d13381d7d475633dddd4312485311efbc35b8a
SHA256 d41d0f8fdbbc33988982b1e21ba5ee142cabc7c7715de0bd860fe36fe39710c1
SHA512 b236c277bbdde626b1c17610fb9259ab76ac4c745d2219111b4eeeffc2a14f00db122d3bfce5c90eea44300c0cf1d4bab5f37a06f7c87d6e4ba3880369ce573c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4e44769779507c6cadffcde7852a48a2
SHA1 e4341b7ac2552874f280f03d2cc9d1604a34ea02
SHA256 b8131a30a5607abadb82ecffa2f56a5b2a8671bb84ae2ba039bcfa2d360ed60c
SHA512 33df49149f9d3e8a1d4eefbbc3d1bb692768a66f3ff597d66bbfc9b5f765132766fab428eac3b757f6acf68c9ed51ffca0eb4de98d23c843911dd99994ccecca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b063ce32220c9d7ce961c48b89aa910
SHA1 2b853b45af79e385b93ea08592a6169e8dfeff75
SHA256 26aabd0e2cf9d6147c5b71df558484b74799c47740368c63e8c5057e38a84545
SHA512 d6e199da678c50638bf749d4930656ee24348d98b381bd3eaf35237d176902b511818d6fe25898c46b4d478b498fe73040d3ad80b5f1b34e847230b0dad0d425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 695fd5859cfab72f8e62a34c03a4dcc4
SHA1 b12b887b8051c8e6657357147fee721ae897cc08
SHA256 48eb1885d64abb6cbf4aa0edfb3a7fdcbd198fe036643322e3e3e98cf55d9265
SHA512 ebb314bb9ec3582dcad69a1aeafa925aac9c8ec5adde9e2bfe6e8994ab7d40858d7482d6cb1a2089affaa7c7c4e5558feca52e082fe8a0a7cabd95661f478d3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 511590b42b5b21b065b02d0d43950035
SHA1 39e92d15d95d483ac0aaf7bc72ef1000b25bb445
SHA256 28ae44f64831d20be9ad4fadca97a730ead0c7559a9c0252d9e3ea416d2c0a12
SHA512 63239a47112b4bc68dbc23002ea57b58b15fc18e67a9f2faf6bad08fb1699f4acb1d50c7b87fa0a08b4d20ec6701631efb58c8f8e287cdb331cf1a0e04b039f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 5944eaba4087da01c31efab06692f901
SHA1 d17ce6b1331847706d92dfe076f109303e292815
SHA256 e619181abcf27d51966a6841870e0d251d1f3c35082d0b2079e993a73feb9342
SHA512 26f370ff875c17c30f5267dca52a59986efa3a9472ca002ee3e84740c91cf2069207962490cb9991d6a312d80f3efff89520fd108bd92c8062b71cc7901b2440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 a311114e80c0f89fa7916648880031cf
SHA1 56482d6a20db4f3f671b6f0a6c2b618b3a378016
SHA256 46c900f550d6b90630a7df0ea2abcaea86b1c981859dcb79a6008c3cb2f55d34
SHA512 ee151537baa185df215853c37462db8c275afbf33e7055bb78fc20e6b81e6a0545cb163c79abce5fd52e75bf020e56e8d19ca2e41e1047516919ad507702ff7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 3a32fed2896c2eebb5352ec7eb8422fa
SHA1 909adf21ac97a8d71ff5f07b7605358c9e8aecee
SHA256 16f61e506d57ab8dbc2eccbebe52c0e610f7a1bb3a0308cf840383f98a1d5d66
SHA512 7e325b573b5f67c9ff01bcc519332c70c9c96d1ad5edeb2da7ca0e41bf0649a2ef144e085c85b92c6bb07ffcf308a7f6ac4f65d6cea1041ad5280366a281aeec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 9bbaaa119cf9e1203d8ebc607c782988
SHA1 f0ee251264c0793ca7843090df75069e9d1d94db
SHA256 aeb6686923bf38b0612594369df58a3317153ec5a435757c026103effda4e221
SHA512 284fc64ad805a6b1a9cbd33ed7087feef70c7420778397c9bd063f31649b1f210da16d8bcd99a20928e1bb5e489c2eb1b26805442f6f7a27451dd7e26d73d161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 93d5dcd3300c9854138b82ec86402e29
SHA1 9380f9a22819b7f451152cfd134e0c09148405a2
SHA256 e7e138f18f1db23e87a1ed49603170fae372caf4108ddc7f326feecdaa811e91
SHA512 f32cc64670829931958f957c25eb4d149217f66a031130cec66db05afac09b2fe746dc90bd7b1fc477f87229f85885cdc4e91bae2a10180bc8a9519cfbdf6d6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 ce61f1e3022b61eabe9dbc32b0cc2bab
SHA1 23c85cca25c497bf3718d3818027a98c299c8753
SHA256 a30fe6f32ab3a73244362c8b829870cfc67a363f72307124109174ad6bd1f009
SHA512 506037daa802ba5c2f9823514a00eb7cd7b083131322329b8012a4fc99634d05ad9b16962e3160374172242692823165f3b9f7b8d606bac5c38e2f9043124d47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 8878ebfc10ff105169c502145430a144
SHA1 c6566908d61243c47dc1003031f5f2dca1881591
SHA256 f721385ff47347c5292f5b0db774ffe645be3c5914e96accbadc233ee6718fa7
SHA512 8c957e0f8bd234a1ed526a32bde2da529eb11c28f2a891a09b3eb973ee346e9ccb6f1bb836d33f71489a4a3bf02dd8232f430619f783d9fff8cfdf5532a48d8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 5bafecdc639e88140de887e3d69f55ed
SHA1 f3e87c94b67ccb9045c5c1313b65209d3d20558e
SHA256 76f575bac384ed105794513eb47373f1f3fda00f6b9b913b7ccf450f0256a641
SHA512 4cf3d6afe71a0a2ed83ddbb2fa4310d7c2c8c8e070dd0d609e07fd19916ee1704a79072b89b74365d27eb057056dd3082810099abbae7fd58701c4e0638687ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 c71c9baa484f4620485bd12cffd8354e
SHA1 2116c2b1e5f52959a3f5971e98a31f84db9d547e
SHA256 4d1b903081b1f65bc45fa60f60c232905f5329ded10da89f37272767aceff900
SHA512 0239e203efc45d963a9db4f8d5b1cfa5a68077fc46cd78301fe3c1c255043cf2369e2739dc1ae808ad1fc1fde949d2fb87ffe6a00b2bfee099e4c8ae9fa6be69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 99d63546b435b8bd4fee11434985c4d8
SHA1 dbb7c98a944567d0e0beed69d849822df838dbe0
SHA256 05b0948ba7b856c1bf6a7b84d8968f71c737fe176ac7e3604b84c30bfb6d83e9
SHA512 9cead797a5f4334f9c3b98437d244a5982700f1d6c18a91498eca2d972a3a2cdc9c816e92d8ce1816addbfabe705c7a8693731562c77dfb075399c0effaca3f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 a261d489fd63782c64ebe51dc9d23c2d
SHA1 034bfee585fe3e166dd34f8a96676d6bd97ff078
SHA256 55ea77d14548d9749edf0730aa8f8bbd398d7182d40bcdcb4682003168a0a7eb
SHA512 65e79f559f4acd87da26d41df09023f5d1405440e70306e9a85af6a129787c3a31a7f69989f8558ac6afa6b8d0b108349b2bcceb58365aac2a96c2ec2bc95361

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 9b3f3e16824b6bf80d90a86b6cbc2b3b
SHA1 ca9b17b63ef7690e81b578357590570b8832bac9
SHA256 96c063cc17056817923c4360ef39c186640292c4fa6ed58794978e4829c6e880
SHA512 d1768a5b8c2419c8994fee2f3f5e69a26aeedf027d1407ffa7db9cefd411e000bfa76b6ef3ca8a3eef89d0ae5d4df5ddaea887e5bd926ff5a5e6ce0849cc681d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 7d2c33e1b95276c7cf1c4b76212a451e
SHA1 cbbb6cac9f91eab329ed15bddc669d3f18d5f69c
SHA256 36726d926ac501a7d0438c180ab3a053a9c2131565bfffb181bfb2e3a78b68ce
SHA512 ec2322ee6bac20bef9006413367645df6cd97f8288ce641e472d09a40442461e858425b15b6ddb82b5d2d67b31b5f0ed59b5b1274134ac21d348fdd8219ceb4a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 40389ea8c29e3d0c2b0ca32d3f51932a
SHA1 fbb7f6cb262f3777f59cb7af34125fb82cccc32d
SHA256 f8d0b2c3d84789304ba6e82ab04723408738f7e7b8c8634bde0c4391331973ae
SHA512 adcba98f2ef2d14439d7d76470e89f83e2da23530eca051e8edabdab2852495974c651984386d00d6151acd40734ffe1131ac20740e70372f01712f215fefc1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b60a0dc62878102686399d755660036e
SHA1 5ea4b1ddf7d8614321e5c02e77967485dc43b36f
SHA256 1c06c08b58700b713d8053dcd58a5f067a5d8cb20a799d911b8068b083c17959
SHA512 9b4fdf9ae4f560ffcdb157340ecae3e8d8dcdd6b5e6fe1d53fc1a559040abc1a0cf7eb9481658967c3a523a1d1db67bc0ef8707635bc8383df4838676c031178

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc30800b8e52a81bd2dea1e60a4698b3
SHA1 ee6f77b8b2a5fb7fa118d62743a99d8a2de424d8
SHA256 a6c0ee456bd8687672ab97e9fec51ca712023823b9a0c01e6bdcb207505f35c4
SHA512 50c9f57e19afc7f37095d266dbe96e7f835a0ac80a4027dc6a68774d03b16a2d626f2444b0bdf7f279f5fc46b2f773a24b79e6be64a7ea4b5288886e5add946b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 5d1e0af4af85b094886355f0da0ddd32
SHA1 e0312e577a91b6374a89d74fa7acdecde292e1ef
SHA256 e95ab5ddbb7df4b20baff8f917f04eeb4f06a5df4e5ec5319500ae34003ce1d3
SHA512 d53f4a93b8ffbd7e4f636b9e70cec8720e7d009858da03a56667ac470bc522d488946a78a7fa4925ade456bb8939406c6261187470bccce9062400f748c1933a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 59b33d7e7d8543219d0c6d0cdc1ea482
SHA1 1741a6097674d66ced149ffd27f78872defa32b6
SHA256 8dcdb2d7ac9364452f28662fa2242b9f62825150503420949c036b32074cb2e7
SHA512 1847b23d6b9431475a3d5ae2b853e479abc9862a5235c18fa7bbe77c97152f133632d850569a450fcfae8db97b853a6b5b0cc9c19c5d91318f9dfc7b1edb90f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1a8a85e74f353c9640ade837f95f28b5
SHA1 483108902697c0adda26ac71a77908ee2dffb5d0
SHA256 92788860a36e6d555f4eeb2a5c73ff44c8673e21687a44d16846d1b4bc8e70ae
SHA512 945bb0ea5c484c6a0bc32b65cccc9e6e7961c610e08a16ef4c100d358ebeac8186f12f893afdc63361efb65fcb5e8f1db88442ad040244c9d2c1b800ece9d4ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13306fb2ffdaf7c2813ccb083647e4b5
SHA1 20dc92e519f8740d8b2589db58ebd3e3fc71c706
SHA256 de16887b0a7792bcee391ebc6a1a8d41249283c75075643ebd5e86f31aaefd68
SHA512 436d006545f8d7c359b6f19a23601e1e40d2bf53fca5fa4810ff657b59f3557ca4af7d3ee37c6d983233f270d582211098c0697e01a212d5a08cfbddd7ef0e3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 82d52fd4589a8902f8d5188cce0af947
SHA1 f3e6eb55b4b7b6336cbba1c1de100e614c155da0
SHA256 0ca7ea68298e131514c15f867b2e835b9e1619d7520c9845fee4ea63750a1e70
SHA512 47cc2e1f3f92ad845245b77848a02446421541f1d8b9b1109dee93c1690c6164ed7cd826be9e9a3b40b162c60b0353caa11bceb8c98334b408754dd97174f48e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4f99894c554a5daa6d0b2200fd982936
SHA1 36cf23b130e4f8bdfe7c9c4c5d8ac1646c36f151
SHA256 4b900a46366596fe5128ee1f96274a7e90c79d3be6f475cfa26cd48913dd5a34
SHA512 844b1550f55b20112b99b2162c85c5db0a26154365fb562598a4cd7a603e8e5d13b784b71d1230ab158a1786dac829aee99763c51341714a5242f750ad088e7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee97056f8177eabd7fb88a666f1cdb4a
SHA1 1ba7032f8459df61413e40a970e9b432661d6391
SHA256 9f25185b5565d42a132916b3b9f5f717d252bca145edf41f7e57b9f947212e66
SHA512 a92e5dd7916f9a7b50d9ad73fb68608c16d3a87bb7a9db6d143e31a95efece7a9ec1ec4c3c578b13fb037709761b5ceb108a316f1ecc7a49bc3d620942ff3740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a37472cf4bf8643dfa3cf1ec47dfe82f
SHA1 0b78f43ad5a82da4d0092b86eb1b3064b83cebe0
SHA256 c6dc2e6018170284956a20ac19d5fc75e8903be89fd62a40879ab255ee1394d6
SHA512 e94c31836510cc5738c740b953f1831338b0aeeca56be9f489fbb4667070848e79cbebe36c872bc53354c3316c4d323f6360ddfc0f739d151aea60f1fb807001

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1b603be095fec36c25ddf157ada8fc5
SHA1 b48b1203365dfea84417e7b880244f9040057a1c
SHA256 b7e535a7cb6d2c5c89c0892c3547b4f137fbddfe68b7bb399879c1ed00f376e7
SHA512 207cf3d0c5aee0e3f9e458d6da4403deff8a1f80ad7c46b56d54f8c55cbe4d61177ed44fd765c073f80af980ab12fb05452f06e65f66cecd0ef19e3fb5fdd7ee