Malware Analysis Report

2024-11-16 15:50

Sample ID 240204-rv9z3sbhb8
Target f619f14d19db93c671eb6214a3881d50.exe
SHA256 6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023

Threat Level: Known bad

The file f619f14d19db93c671eb6214a3881d50.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Uses Task Scheduler COM API

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 14:32

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 14:32

Reported

2024-02-04 14:34

Platform

win7-20231129-en

Max time kernel

41s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BD224B1-C36A-11EE-BD3E-4EA2EAC189B7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000003d740fb0f4a59571030c4b4d9662a04107d3eb463140e73fa603465d4d586ec0000000000e80000000020000200000002c44150b7a2467c4b1f8994be4c830baaf5a43005404e0f1ff211effe3c33b56200000000a5cf0c585c094da62495e645d471cfcf1f9efdc38d4589b599ff0168c1fd86c400000008bb91719c60a6ba1c10422441e484742a8c8216f040afce776224ed5e0dbd5df84fc332041b64b10a398e68a49f9c1e7eb16d29b4c36adf0448ef2dfb1e88a72 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BD48611-C36A-11EE-BD3E-4EA2EAC189B7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 776 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 776 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2868 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2868 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2868 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2868 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2208 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 776 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1152 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1152 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1152 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 564 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 564 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 564 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1856 wrote to memory of 772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1856 wrote to memory of 772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1856 wrote to memory of 772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 776 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 776 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 776 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 776 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1128 wrote to memory of 3020 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 776 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 776 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 776 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5ce9758,0x7fef5ce9768,0x7fef5ce9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5ce9758,0x7fef5ce9768,0x7fef5ce9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ce9758,0x7fef5ce9768,0x7fef5ce9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.0.364180871\676501890" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7ab912-1afc-4382-8e7f-4e861a2305fd} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 1288 106d9758 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1288,i,6869349424199831824,3361741762542772291,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1288,i,6869349424199831824,3361741762542772291,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2556 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1324,i,3524742040568242171,2957907833030607719,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1324,i,3524742040568242171,2957907833030607719,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.1.2120336015\2048205671" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48112834-f2b3-47f2-9059-2fa89e19eaf6} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 1516 44d9758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.2.69916977\1326091259" -childID 1 -isForBrowser -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5151e70-2909-453f-b310-ac8407560da8} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2364 19e56458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2796 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2948 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.3.1865706666\1732576324" -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a01bcf6-52de-4a8d-808a-e671ef9bd916} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2848 d62b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3736 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3456 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.4.1070367471\1963917910" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3708 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5ff61e0-e89b-4eef-aa87-884f1a5d5e1d} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3720 1e12a758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.5.1849870729\1111978778" -childID 4 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f08150-9b0c-4277-b20d-24b5ef0e0906} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3816 1e12bc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.6.902434691\1471103655" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73ceab1f-fabd-4365-9079-2c1ea07e0cb8} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3992 1e12c558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.7.540080822\648436244" -childID 6 -isForBrowser -prefsHandle 4304 -prefMapHandle 4300 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b1682b2-817e-42fc-8ec3-9bbc604ac682} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 4316 210da858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.8.1531995955\2414101" -childID 7 -isForBrowser -prefsHandle 4424 -prefMapHandle 4428 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36f54ecf-3e34-4c0d-b901-007ebb79e1fa} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 4412 210dae58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2492 --field-trial-handle=1300,i,673615302045828090,12379874373678949214,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 92.123.128.148:80 www.bing.com tcp
GB 92.123.128.148:80 www.bing.com tcp
GB 92.123.128.194:80 www.bing.com tcp
GB 92.123.128.194:80 www.bing.com tcp
GB 92.123.128.136:80 www.bing.com tcp
GB 92.123.128.136:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.238.194.110:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 142.250.187.206:443 consent.youtube.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
N/A 127.0.0.1:50171 tcp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.202.35:443 www.facebook.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
FR 157.240.202.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:50266 tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp

Files

memory/776-0-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2BD224B1-C36A-11EE-BD3E-4EA2EAC189B7}.dat

MD5 2f3c68f4b946283b25779d38ec08cbd5
SHA1 cb4392199bb4dcfa4d1e7768d36f718e14d78460
SHA256 be966cf4d5ade24941f8c0efaddf90d435b9038620272cb3865ce192c78f2597
SHA512 09d9a51bac4be01593aec7ea73cb7e191a4bf882310be73f0d21de3936001f948319f842bf795dfde977d404530979e8bbb31c8dbb0c5a1a25c791a83f36cbe2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2BCFC351-C36A-11EE-BD3E-4EA2EAC189B7}.dat

MD5 8641c95644c1035d5acd1bf2a777cad5
SHA1 d2e55fd86f54d58e3dd58c099d07ac81c579ab12
SHA256 141e8031ab9262cd6694cdd56ef6f92c0083ba7edcbb6a574f813d9699ef5102
SHA512 9f949ec0d1363f569b9f6b0d70bd5581e48114da5f71997ac5aeae9935ac5b3818f1bef20fb3f783b8ba4812a74ae899915a2d40d5e5a49ec8050780c383d2f8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2BD48611-C36A-11EE-BD3E-4EA2EAC189B7}.dat

MD5 ba87a5d9eef1e4ba237cf186d5f522a7
SHA1 0ece32bf3fb4dba9d392a1f8455c2cb6e5b79a0a
SHA256 c63b748d8061abe770de7c58753cf643815b93e748b17ee5e1cb20032a57b4c6
SHA512 c51ffdcebd3af4dd123530839f89cd31d317ae677f0466bd014b28715eb7766ea8259dea07ade06c62a918240a5b4e90cbafda569ff3a57f4597bb584ee2c15c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 56a0caeceeae073a6a455aa9947669a2
SHA1 63a5fa530831d3b90e9535f02da9e1bbd3b17354
SHA256 4d4887565f307f33c222a0df4a5f91af99aa1d2b0e5cf0a2b50b40371fe4f84f
SHA512 340ef9e6c379097748f52228161c7e6db5c2874c91aab9187298368b084f5dde50c78b98c9d63fb140addc1347d39dfc32636e6694566ffdb2657bc02c7290cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\Local\Temp\Cab1586.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar15C3.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9971cfcc179128c4cad4ff80b5f9a45f
SHA1 c0153ac6433ba3f397138e9569a79aecc8fcae4d
SHA256 2251353ceb2f154ce07552cf8d69d453535c38cb4b6390db3766f41f700fc5a8
SHA512 9633febe66be13029ca89bcd147127498247be9fd625241d4c5f78df7a2a5365b17ea8d05b655bb082fbccd9e0e4cef6a9ed39075b214514d025bc27b35a294c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dd3609385fa72fbc3ac01e7b556225b
SHA1 a47cfb31784c401b788f79b76fb66287805e5653
SHA256 e0494ae47c35b8e21a076557f52fb472e9501e36fc0436d671775b1c03d4ab7e
SHA512 44a2390bffd101c5e15a2e7da7b0bad82f1f6dc26bdcb1d4e947e008db20cfde2fcf7f2e5b78d013f306ce8b80ac40be019832687e01a75daad9bfb3a6045593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 067f0d9f0b56382fe7323f282bf46a20
SHA1 587200724003d2f88eb1a702d68e79b5a948b315
SHA256 55ed3ea6070c051212c766c56f2fc2bccf151e8b0ff2b13020b890359317f2d4
SHA512 2b2b5d081ed864f3376d0de08a879b969182b0359a32a6b0c94e89e3b0333280abb03842d57c33b1ee49149f001717bc111849cf6bd2888b487bbce7dd9d75dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7191d0f7965bc6f7f1942bac670db13a
SHA1 cb5adaf38dc503252f70cc519b49aeca45082683
SHA256 f863a4209426a9b783cc5fad308c266ee074de316793afbb95ab37bf7e597dc9
SHA512 4db1c98c656abee071a989bdc03db26033056f3072a6769b7980a902a9f2a1d8871e007b752972aad91785141a58eafbecbfc7256613cac13a22e7eb9dc730fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9647eca5474842d46ce3653abef654e
SHA1 86965c495b67a4dd0bd461716e3c76f463ac2fe6
SHA256 cbcfc09c9baffab348c002e472360d6636248e84777128bddf30b036939b02f6
SHA512 13efb75269176dd7568800375e688464c8eeed09d618f70871ecf03925357e443fdf1b265c0fd9e53fc107fc819eb3f8d81cc99e36d3f99fb5199203d841ec8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b68fe463c7ec10f2571f6b452b5195e1
SHA1 0a735214f8f38e3ff4de9fc072879cdd5b830836
SHA256 d416fa3f24102ef5802842473524183d7e4808ac0ef819703569fdeae2ec142f
SHA512 e4f4640d59050cab6e690b9c2d7973992be61a87a4110876700ea8cce644c1166301bea83a4a1b921325c34d39f0df9ed6c94981da9fa8eeb08a6cc62ba91001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0be66d95adc34643bff7774b4aa2dbee
SHA1 3b8a018b0084f1746f00b938b0b68626356d4772
SHA256 458e0ae9f50745e34320e7e028c846a69b27ec4cad429d96025979a58179a98b
SHA512 d439da486fb2a88e0e304326ec725ce5c5b563b9922295a8cf57d6cceb9f6b235e413ad0e4ed474995f23980509ec80ac28ae1105fccd15d9925fa5281e59509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ebe1540449c0bba6f6f45af3d890c8b0
SHA1 8094aa919b8eaffb12ba4f251ab612ee4ee60ff1
SHA256 2bc8a2b8cf96c55ad05ba44a5d72e4df9240be59a573fa476c1b0d3b39b16264
SHA512 31b88ca0b2f7f6d470578c8db5689b757b56dcc2acd9097027b8befabc4cdaaac0fdcac66c1c3a877dc6b7252cada2cc02ec06e1d53a8f6e8387683e52b4f7db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b4db3ff311f79e6c4a289cbbd42a8099
SHA1 73769a40a6ff4edeaf16741e66937281794f4184
SHA256 1a3f045a48b85335c09621ee08ea0d73e1dada40656e71e396cd9363c114573b
SHA512 7924bff3f5233901c80adc6cb61440ab851179ca32cfc9f90eda79493cf2223d17dd0cbe3929c40bb6f0c87be132272ce4c2ed6727d7a51791034c4486bfa982

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2a28140ded5a138ce812ee980b213827
SHA1 4573d5fe8e8b4dd5e16b69e6d823663826e12847
SHA256 95ec97c1b4d32dd1e8cac0fe013efda71a842f83796ccff3e0e0328bd77d0ca2
SHA512 27e12cba71b7f69a1bf12ef38f27131bfba0ef890ff597c4d6860091e08a860eaa25d3015e6e285d53f388cd021b828c514eed1e62300a6aa52882292eff051b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21845e77a41c31dae8ffdee4bea6f8c7
SHA1 009bff020c41966c07f0c7ee03cd859de5c9a74e
SHA256 c6495e1ca2ebeb4a80bf5a2c98f8fa6837a1a0346f343702e0df46ae0761c4b7
SHA512 5b29ea6ffb012baff1631ff1ecc8054b00fbf5f27b26b3c963486329ca942858c666687e803ad4a04916103fc101eecd7aaa6c55f63ac46933e4e07964f9ce04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 376a62a594816c823259d83fe3c16b7d
SHA1 761bb3aa7b0d3bac019c2fbb38dce091f43668a1
SHA256 b69ce8f21ce4176ba8488c33ae7b202df3f85c59cb4649045e712ba931037780
SHA512 beecfd1a02ccc7cb99a208ffcbb5b4d058d166361a09d3ad70311736c5ad849c8820ff8c52c3a6911669e4aa34311ae50d3ff8e283074715c14f1ebec3210901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 1327b6137c01255ca0443688419a2486
SHA1 f24da250d685ae7685bc9dbfcf9970e9d46d8be9
SHA256 9ecb006fb2633ad2e362da1845b4d13541f1a5f403aba4cfa19e9c7c3aa4016f
SHA512 16ef5fee3c80f6ca06ec784861779ff302f876c6591d35e99cc34f5ae0930d87fbece6d58da8e473d1660ecc7fc7065c242498f6cba556f9c6594ea113ec3ce3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f2d0700bd7e9f92e1324ee651cb075b3
SHA1 6c44af9682dd9432fc80aa528997e529b73d2e4d
SHA256 7b79e17d313fce604f772855084ff5106fe267533984e8bd523fd5c5575353d3
SHA512 0584191262ada47d821ed6f0f70bad8b6f86f3ba85352d192bd7e4980c134c9d70cdb9fbbe54df324d48ad15dd95e969907d5c44f7adf9f33f5f9bf9c1844919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 48fa5365e440bbb66855ae60760c79a9
SHA1 d85676bfe5ad004dfb2c0e0cadbda9414d5149d4
SHA256 05a256bb1e7db0c77c7e87460142e7eaaf2c32dede13b1736f0c65a0df81db43
SHA512 70ef35065bef0cba223f73fa55b1b4a5e38a242c68524aad09ec2f673192372eaf0ad1dddfbc2a2ff7ddd4859f30e1d1cce86a43abe21d9924cdb2a26c52aacd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 4e8b07f85a07adb975726fad4cad92ed
SHA1 d531c8ff35bbd71cda229a92da55b6b1637d8b0f
SHA256 d75b98794671983b24a5470a49e8a5dd9fc38d7bb0236cd24d9d7f1812d84311
SHA512 f48bf12464f1df928044264b636838c612dc5ad3e46fa6c6bebe8e8780ed039c47c4f4be5af033fdb0515a8650df047d147250518c6369926cfad2e49c0d9d87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 fc6ef469743270f18f394296ad2afb78
SHA1 8a9e43ac1ad1936628868128caf13c1cb2ce97d0
SHA256 36977edf5a738d6950729d72d664e0ae5e6a41d08cdf0c6cd378d6cb5ba07bc5
SHA512 d54ba7a2c32efbf33d2161ca9f56d42d4d4b9643cbd3efcc194c366799a413a72ae0ff726372e3a4030bc9d2e60223624693352db00435291750f59311d9b4f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 5a85d5d210d1d328f074fa566f75683a
SHA1 827caef1f7f8901dc12e14fb6368296e7708415f
SHA256 822838a7f88a26cc2b8486c4b04abeb51f826417659f1f90443b9bdb2516aa46
SHA512 3632e4e860ca4fd5b85314f5be6aaa45a7b58f7927bc930f96e066374a282181f41e280133913018a2708457cd1c804a97e7a525c8b22a2ce83c3d864fd0977d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIPH406H\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 01caedf0a3614966c767648f0322fd97
SHA1 60e03b62756640cae01a22dc1805c13c7470d0a8
SHA256 464606b04e0849595518dd80251c9e23c71ba23ac14c4986c5c0476bf1c0fc86
SHA512 5b7185e9ca0bd0157319ee14268aa5db72a05bd9fe4ea44515f1501cbcaa8095b94e84fb7e870f701e466f6820056860400fdb0ae9d9941d31158836812fb7fd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TXXNHOCU.txt

MD5 fa58eb8b92dbc34203c9166cdc7cba92
SHA1 9ab441acc06637ec8b9008890ade4e3cb3ac0473
SHA256 ffb505e7591a5dd176988c4ce90c475e414bdfaf20b6530007e269c0e5f821a8
SHA512 f63d3e72b3469fef53380d2c5b2d16d04e51f587cd1d8897d563135a13c7e0ca343d1fdade66f36d14248835c3c68d44e7511e297ce0f22065ac87b5cee5f2bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bf098c223b71ac93b114a14be1555032
SHA1 5c9f61ba32868295cff0f5383495bc4271a27b8f
SHA256 e1e82d0a02f9424a3abc7b5ee173429bcdf35202026556bddaffe9a6c2c3ed3b
SHA512 c399f92bcc415751c2ee507d53b0476937438630abb629e80e4a69873d586e93412fe1d009bb7cba8445ce5995520f95312b124f7bbf97e7de1c513e3cbf4c65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 c7ade1acba9557dfbfcf601c05936a0a
SHA1 abd46834c5c8dadb2ac2d1f4067e42a963f2f41e
SHA256 cce4048696c1e9a690a031acc258e027cd1418803302c04b7baf376b68b1eb80
SHA512 b348e55fec1fc802a8392f7c9922fddfd69b593a830808d66948b8fbf68acdc80382651086d657e2990cc14cc864f314672c787c8bad1751b7d42b861de8ac1e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 627ec67464a625b1f2ecd2599baf6f70
SHA1 85e1eac7346303d7d65c44a4b34f6de217834ebd
SHA256 2875cf647f68013ebec001f8ae81b48b40684c253e2fa5693d9afd82a940c361
SHA512 7d379e2ee4d4d36e73faaeeb81c8ef2210e36a46006431bdd306dc281891d1fcd316b4eb7ecb77b5c42acc52b87c3274bc3fd12efdd190b050aad7cadc72bf75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIPH406H\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 00bf53a10522120960f9fcc39b32af65
SHA1 ba8d7570e3a5b407a60008afa997a53bbf0c0075
SHA256 5a6274508a357aeaee2b6f3df1c259011878ccc6e4bd4e8605fabccd2985b380
SHA512 1d56e42dd8443389e4a7ea5a12d9e47edb72e23542728799fe2b450060c5298cab9acb6e5ea6305ed2df341635f7c6e35e1f4bf1c9b468cbf503a810efebdc1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f071172e25a9e0faa96e3dcab513ca08
SHA1 168b83d52e741cfe918579d5d617650af63731b6
SHA256 655ed5bc599f3a2f7dd9a7b7103b6fbdea84fdc97c0a0ea090e9521b44a3220f
SHA512 57232b3874fdd2402281e07d01c16e2941ed7767cb0ca63ee2043498a606f6eb9e69762995e6283c9b73fe1ee73e68c61b6386a6f7a5b5bf9ffda21843db2e8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10dfe2ce290f660eab84344da1e3dbf8
SHA1 629ac79032f1dda6aa1669408b764dc939484cb4
SHA256 29d4e57147b5a3ebffe7d02953129b7809fed837fb6c245c03fffb0f9cdb63e3
SHA512 90221d3fa5ccfccf45c4bd3383d4b3442432038adaabf66fda6121c9152bc4f97c9a083a9417590c9441619e9ced07b85621fd61e87eae033c3e4f6c53e72462

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c9984fb3ed601b10855bcc976d0aa8
SHA1 e2ec69cb3893a718bf109cf21b14546302ff9b1c
SHA256 75f90076f420b83ce1be0042929733a2381d441b89a4add2c02aabc7f90993d3
SHA512 bd9efb1289f8e0854faa8ad16e4fb7624befd1f98b9c14ea866aa0a3c941acf1d634a345d381997442e49ebfa63415ffadba1ae213d0f6c6924536cde661ad57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b505a5e632ec66da48faa1d24e01eaee
SHA1 ba50aa9d286cc948d978b66a05a8545ca263710d
SHA256 a67f9ee7a13ba80df091afcb2b63dda1c3e61fefd7b3a183fe368a83088939a7
SHA512 e0b2a00865ee7300d8267c28923e1fd6a801d445dc36b78b266f0fb70872769a99d38144a9d11e8fa44a15b28210f50d035838088c51d71d24df1698000759c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a71a1bbe926cdfc98ca2dcfb3f202750
SHA1 6be79fc8974521f64ec52ed6200ab3d9dfda22fe
SHA256 cc1f4a7ca3b0afebf00434a6384a4cf77398aaaeb0e2f96efa691d6f10920639
SHA512 9c4f05499a8a5713577b3ed5bd66b2509ff9b0529a1854b095d0472f59bb627da6d5a7ec617f8c677674e8a245e8e9f6e3e9f4bc46365a210eaa5a924492e34f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7edd7806a3d2d19f1a33d7a91d5859ae
SHA1 8561cc63dc64d737bba3a744af518111041828ab
SHA256 54c7b809effc41163a27fd8f7f015fb544b0023694c474243d6f4027736dc973
SHA512 68fe9f3e9cde6cb9b0350f8877a938774c476fae8f7cf03d8645ca28395f825baf21706483852cd4ba639dc340157759982da8c0ea33ca4907a3cbe9d7c8ee9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c80e16aaa267c466786cfbdfddd3d87
SHA1 d4cb3a36f04891f24ff2069d95ab2ed143f2ceb2
SHA256 2fa893ede6d027a1f3a3f46be223ed571461e9e5771990a2a5dc9b7041168031
SHA512 521ef513f28893ddea324313da7e14e63e169534d065e072cccfc9a0e45192295d7f537f551484e25ae2837aa78d24005be0559d8459c83514ef55309e60c9f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ccddaebcfe39f92173510339943b8bb3
SHA1 66b9f2f66d7bc7fe0a973502b76bf8974bbf7e63
SHA256 f8177167d56602ff685b9d7592f79461373cbfbd7a1417510516f8fb4ebaf9d3
SHA512 c350f1ce220a5b511f91a6dd534e8661234f18e114d81d32db8f608b1837bf03f93d72aa5d81a61724eab89dc9088b1c8872906c64eac29800261f418f7f9572

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 7125f45e2b64561340f80f2df51ebda9
SHA1 82f3193a53474a5d83b4ba627d61ec0197cfccfa
SHA256 31054f95f3353639a6564567278cb431718fbe3c9bbf1df6a015ce5b0626c31b
SHA512 becfa9c67a6b9dee5f30aaf8b4a8699b2ff4af652e86fa80e55136f7844863bcde12249f8531ac8aca085538d568ee96d15223c8d332ad2edd9dc8902c1a6a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/776-902-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 15fbd669e6b73813725b0fcc7998ed57
SHA1 dc2fea06783843ec90ae2a4eb5dcd421c41288b0
SHA256 69e00c4bbcbfe98eb66969749c9acba1869345c5344273a905f821a1385ae5d5
SHA512 db7b6e282949857354c829c49691112f36e57ec2209c78ad97343ef5999ea3e15cddc7cfe8e0180de78c9a7c3517354fa6b6c4768cf8da25139651b97356b9a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\96de99fc-31ce-47bd-8b1f-c9ba4d3078e8.tmp

MD5 2c05e40e16e48e51870306b9460b1adf
SHA1 292a10a9fa22911a90007c83b236f4302c2dd593
SHA256 6131ef28cb424a5db4c82581f68d40b90f7731d9c0ca5fea164d24e7d101920b
SHA512 fedc121a74e6e208cb6ae7b02c26d92883bae02addd7bd44d02fe8c6e6536aba49b60fbac193117f1935847686ea3d80b19e386fe53382fa1b4d4e13e29190cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 e17b1d0c2b47baf2404c483453962423
SHA1 eed0afc8ab8852d289d01322791ef629b54f9f9d
SHA256 c6549d73cac7561d5d91066cf1079aca3db1b1f76cebbd9ae5f96223a691fe9d
SHA512 d4953bf4a56d38bc64f3da882c2a2ba1fe0f1e0f0941e4dfd9398608215ff8ddf1fc8452bf9eb32fc1b828c08e3a1305ca8d2bc36a5f2b2c45767890972ab82f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\6b7496bd-2905-4e44-8a3c-3eecdd27750f

MD5 4c1bb0c718ff3d8c51d60271ca85a2e3
SHA1 1a89fc62619566b0c46769bed2ae492822e6575e
SHA256 456bd03ffd63125e5a9bdc4e40fa3454c0a341177a2579778086072e071c3dd6
SHA512 96a8a266f0f9dcfda41459144cb71cd9c990e3ea12b9798ae84426347bf4ecdec9aa8ff8266700c6eda2734a1e6b482a2cc693364189b1f8e6ce7a78c44f39df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\4ab73d43-2bff-4e9c-8c5a-5f970bc57bbc

MD5 aa66c525276a8b3fd7c64ffb128a5dc5
SHA1 1ab2eec85ed4464aa512ba95e67dc8f3888abdfa
SHA256 3964b1bcc84ef4792d40eb8aa50c651d8b7306be8de0a08ce68a81b6d188aee4
SHA512 b3098c68d1be47a95fe684824dcdb4360ab089a0104d2425a56afbb361218c4b7fd5ccf98bef017e61c843d5c8efa197f8c0e8a54e77fb364798dd52059ce1ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 9f798bc1a60de4adc02e77f1795d2eb1
SHA1 0686ec0c6ce228f7ef89d1bc83476069fcdca86f
SHA256 4524a833d116c4c52aaff981df12939df1dd5f97a0b541cc0b27b6c6ff73d115
SHA512 ef3ea5debafc7bb077e65da444c3e4b85b90fee8e8bf018a062dd4feb6833ee771866f8523651631d913debc502ea5df4e3c67246be7157b7c9be3cc1a080471

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 e6494402bb5dbb0b8e2dd928d6d034ac
SHA1 eaf6f3b5f6ada954930cf126b14105c20d7313f1
SHA256 283cd24af425880f8dffa42fde32b4ced57d8099b676f8d593bbb9d661eb4069
SHA512 86dba60d92a24c1adddfd73d42f61a79c5203f46c1cadac7531c16c1c1e354515a4e863908ba1a2ae9662a72b7999c05d02e618bba8808e898ff27e224ea9ed5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 854ccb54a9b4240994fe57625f932e91
SHA1 01fd60a26baa573d35a560fbb0d4dbb9a4a95e95
SHA256 bc74cc13a37801f5f30fae5c0b7e03b301de28703ca691534497adb5fc0e52dd
SHA512 0099ee2032251f4bd3ef8bd209ed9f30e70eef386bfebdab08fa06bd0de5add8a0954959dc0f2cfeaa6da5ae475564200ac97cbd3c18ef6c19afae657d65fc9d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 7bf78a86385357bd30c1d637bc144a88
SHA1 005449ee14de0110c8aeaf477c2f8f9a60f01780
SHA256 8d13cdddec469f26fc718c67c970a0c1920479fed7521c600bef7563f59c87a5
SHA512 cf2c110328f61ef10032d1179ed72d364b2af3d0545bfebf85b3add1be0e394adae580286055d4819ee4f59e7993888d6344b855c146640b22b0cf2758e365e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 3d1e7f2ce121fa7d1046e290e8d39579
SHA1 7d37baf32681325b5d71f0e558f5d155aad3e615
SHA256 10304c99185ee678bbff22037305a31b42542510bf2bebda77481d85bbecbf27
SHA512 d9f844f6e1e1a4daad74035fc6bec45e74439eca45cc119f506f943b100182c95d6e3a335204e330273256b3376e407bc2b50a3c1ded6fbf5d64fcdb84baf77b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 8b40300b47617ca896fbe30bfaf8194d
SHA1 e31a18bd1322dcba859fda69c0a2e5ade2bcde9e
SHA256 48c8c218209c792d38839812848f3491df030533cdf49c1ab96e72ea45d1e683
SHA512 32a11ff0e2840ea649f4a5afc9f662d991c4413854b354b5a104159816dcb6e43f58b3ffac6c10190fb4c8be1558916c1f2b96956ab6ee70c7f96b238c68183b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\olrckem2.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 f8e363788cf79788b52fc06aef4a24b2
SHA1 cc02043a4ada8fad786bb188f57a9efa67553e2b
SHA256 e6cb9cc10d2df2ec2d70b2fccfb8de269daf3269197037702c23c3b3f3cf68fa
SHA512 60710c02c2ea8734e07785ed1235fc6f3e095ec3204e8f0c51889b5e421fb6f5267fd75582319e2b6a2bed5037bdc65f9787262eec528aebf0f05b47e85731e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a43ecb863883833984bc473b27f0fb40
SHA1 fcf1577370f86fea4bf2dca10ad4beb034197bbf
SHA256 bc940c8d9f708f090d885aaccc0dbab4ce0aaf900c2f7658b2f5b9f30c4ab81c
SHA512 4bbdb3456d3d6c733977ca6c6264bdb13ea03ed5bd2e9740d20e17cb4b47eed7c664ebe24147964c44a3f88d2fa8cf18e63908e2a3dd3e84ed4c629b07055732

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 ce3ec330494bee0e89ae693cd14d28da
SHA1 bd8674c74f5f5eb025f93db74fb9c906085aeedd
SHA256 dac14a76b7ada9c8862dd3dc4a51b83fd841315c3dbeb4863ce3ef8684021a9b
SHA512 4c8d438615923c4827369489bb787d92e1eedab2fc59c0baaa5bdfc068c747e09a82a065480d18a3e0d2f6276ae769744c5384be0523b18b784d837332c99caa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 490bbce0310a74b75845eabed02d3727
SHA1 ffc52064bb8d8840f32163faddb7ceb721c3b371
SHA256 fa2a80185cbc70b034d0d69abe9b1e904b5961df19f2ed230e3e09f8e6f35f99
SHA512 62889d3c5c95519846e2e3a574a3df2bb626f28882aefa499b275b0fa8200d7c91acccf4c6e2251522751e8dcd9dd38ec3c3a62d1a70c5166dde4b6671e12c4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9933f8593838f9c49c2c0cc2ef7ca09
SHA1 5dc3caa7cb90d4c5957461a359ff50c1b12ca388
SHA256 ab811a7f7834eed975559994fe781aeb645b22edac721b62832ee44505db1b93
SHA512 39cf1b0fe891252ec366c9e14e479da1a99ce0b94f8a12a56988d4b4bb1f218cd576bc59923f9224c98902d8d9f62591268d09f00fbca7263df70f2f441175bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16e16acac9be927b6d4511eb30c69fe7
SHA1 4bee907b6c9f06acb818456b58a8696ce43c455c
SHA256 940f4445b8830ff9005171a6bc840b903d6f21032f0c98a30d6adfff1ecc63b5
SHA512 6db846e382ef070dedd829ff92012adeafc4f81136b2f2f92c48bb902125480ed9176d97944745fd50bc167c66769e1b6d04f7ba54a5848f97c4ff370632e071

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ef0265c54a1a842673964a79638fee4
SHA1 85303d0c5cea1edcc15ab160c6c44948c9398788
SHA256 55e37e9b5ac28af529e73274dca83f34c5bb67a598636accd3e08077b6d7e20c
SHA512 b7f33c6a694e48c6e43afcd520f760812aae836b96e02a6ef6873d81fe15d2455165972a06d5ecd7ac9eb348461693078462aa14ee87c7e259fa47b708b8519d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22aeb72f0af4bff6af05b6a95871c87d
SHA1 3633a6a08663cc6a629c8491de9c7465c26ed718
SHA256 95835def36bf6584fe7b0eca669d6dd492e4b10c7ab9d4b439ec3daa1530625d
SHA512 e812201f65fe7e5e8cec2eb4c0adb8d637ed577b1d92f882e51c28a0230704060ee490ca21cca06f9a6c3bdb2776b2623fbc72de91bdc940dab1cd799119e379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b4df6043bf32e92391f84724501825f
SHA1 01bb997aa58371eade95ea2d8454965623edc467
SHA256 4b34c557f935e3e64ef4956ad8297bfab60aa5fdd23e07e9a0cef009418d05fe
SHA512 29f97fd629fda06373c9a0e7fcded3c6257f4f73e59146fc489541cf7cafa6f55a4e5c0aef1b8f1398adc143e54af113b139c2295de6aea12ac4d6efa2a2b9f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae752c409d6865f936725717369c9651
SHA1 c65a4f0fdc4337d4bbba420971379e6a8052ee8c
SHA256 38d8c8a1ce4938865cb6c034e96fe63c89be5b562a2dfedff0b2566f37526cc2
SHA512 6f88f8ad0add6b096ba1036f2b3b64c4de2b66bed104a48b69563a33aebef51cfb91d4d221327faf2300c718923896f28f8c9cb60ae42e8b7cee40d0515c2f7b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c261c5e12fb179f7734509de73587f3
SHA1 6b21ebf29d96b78b55a6b52e5193369685c62700
SHA256 d2ed4cba922d9fec07efbbfc50e03ebb561f0621f39f569c8aeec3d608c471c7
SHA512 3cc84058a2a629a0569142506c91e3fb267c0163c682085af7cea379afb4975e23267577430aac8c8178980f20c9b0a72b3a8405254e1f549643f2622523ce7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be215ec41a0d386372cd495c680d9e43
SHA1 cbf951c8f00e87e58365e22397c409fdbf0cef93
SHA256 27dae71cb982a7c102b4b24163598bcde282bfefb7fa1d716a58cf53e406acd0
SHA512 91456a45b06de3ab0ff78a50497bef6ab8f12ada3c2786c4428b556f317c05d4b6123fb3525dfbd38d61c5ca91124e2d286a61d0ed29d767eb881d72afd60834

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc804be09851fa83ed1e5fbd07fafb28
SHA1 20d92ee8d7ee44af35b7059145b0066382d8d0d4
SHA256 370ae4abbdb375f6aeb751860b5f7a7d74fe6cd0614895abed2acffe5f870fee
SHA512 045bad524455feb3b12cf76d1fe0391842fd3147bf918a773d3ccb58c623e2fb1ce82dfc1df0b9febdabf75ac617aef36fc82b61beba2b8b95c66bc7eca20dae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\77756732-8b09-4e38-9eab-07410cbb5282.tmp

MD5 2479089261083a50d1e5d99a49902597
SHA1 babb1581d1a2bee535a3e9083689f849f486ac61
SHA256 7b649e06f12e243c7dbdacd78eaf085721ff39b092bdc5451edc00a7ab9d0de2
SHA512 2aefe8478e7c3890af5c0ac440cfd0e0dd739c7a5149ab4c578bfe6f0c8a4f850c4a70f5c8a0e7b4ffe203407a374177da4659fbca51f8bef3935ab02fc6f5e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a27db2e464ed79bc61ac4e829fb1a8d0
SHA1 1b37bcdfd87b13ccb8f196f8553ee41fb2cc3d1d
SHA256 db6b1e39b58e6e722be496f0bb25a000a1d96718c2a75e00dec7c388f28151ab
SHA512 be82e02dd98782aa59260f13a8f24ffaa7bfafe255908eba3ca29b6a03f05c54e01d530267d83533cc18fae33bc9afa4be399a3c15f61345ee0386272705f343

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 929e86d801a2d38d567b03f7d52b3b88
SHA1 9e81cec99521cd660dae298f932ec774900e0f3a
SHA256 4cbfcee7da6c926207a31633c4f20c080dee4dac4ffb1a6962140138e02415e8
SHA512 692edc25d1a402c5f966d1bcf57c62b3799bf4f46b531116bd307b069ad1faed9075b423d66e9759a91bbef607dca00222e7e6c944aa1e265b2999dbeb4ba823

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 862bd12b0f45e9bb0fb9335516a8a39e
SHA1 bd196757cf943fa3e8e70040a541392b3da25236
SHA256 3d1698f6a187708e44c9d380b6bc47998165fee5278d2a3ea3b36e877650d472
SHA512 1259ea53a51d93994602e167cfdaea9bb9d49b6f639e26407575f4e14df1cd521f57350d14fe79249f18276a828688768afc251da9345f23fab8ea48b2d0c6d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 dee0a12ad6e72fb214540f717ba7bfd6
SHA1 574c6dfd6a5b1e1b94b69e35157f7ee95af79a4f
SHA256 42ac04623d893fa5af0fe55f7e982dc1e73f93465e25146bd051174ed47bd3a2
SHA512 9b93a3ec7b953c4ac74beb714a38dde84c2b4acf70155293ebf81f9c9aaee096081d2bbbe0dc9fa082ded81663f650d2407716df02e1d94d1bf770e314746981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ef387b6a98ed0bb7257accfff7d39a33
SHA1 f8f7808002cdca851e1edc0bdca12a4342cc4d0c
SHA256 4cad5480b1750ae9ae7ec96cfc355e422bbf90b8b70a08526fa63f45e5a8edaa
SHA512 b6264682bc6a736679c90daabdc77c383e57ddb18cafec6b514ba8c2803226d4986e226c0247fe9af4f4641dd70aebdec6edad470fab101fd88d6b8f741509e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cebf9dab132f743637c1cda344fd8217
SHA1 91a5757353c117920051049e4b08ce08adc674a6
SHA256 660b89cb35a50bcea3a65150ab3244a0bcfa613ebec40b7c2a8ce8ebae4ba66d
SHA512 7ec9169c96526dc66f713816320209726dd8448006ffa95c672cb5858ae67c518197f35d449fe360280af1ffe1616aa291384bfa75b6bf34308d722536b8c220

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-04 14:32

Reported

2024-02-04 14:34

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{560475CC-FF7C-48A3-BD73-F5CA29E1661D} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3940 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1204 wrote to memory of 2176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3176 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3176 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 2584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 2584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4732 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4732 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3152 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3940 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3940 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3940 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 4276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 4276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3940 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3940 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1708 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1708 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3940 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3940 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2972 wrote to memory of 980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3940 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4348 wrote to memory of 1896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3940 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3940 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61fa46f8,0x7fff61fa4708,0x7fff61fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff61fa46f8,0x7fff61fa4708,0x7fff61fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61fa46f8,0x7fff61fa4708,0x7fff61fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61fa46f8,0x7fff61fa4708,0x7fff61fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff61fa46f8,0x7fff61fa4708,0x7fff61fa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff61fa46f8,0x7fff61fa4708,0x7fff61fa4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff61e49758,0x7fff61e49768,0x7fff61e49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff61e49758,0x7fff61e49768,0x7fff61e49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61e49758,0x7fff61e49768,0x7fff61e49778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2323813944314247441,9965516977217904292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2323813944314247441,9965516977217904292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5305962224852787464,16319281766050699003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.0.1445201112\781274000" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {937ee3f4-6dea-4f82-bb91-f8b185eac50a} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 1948 1f3c58d8b58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1221916805858985102,3022208890268944176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,14258911169079989238,16944026197702680077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.1.2131124218\1931227306" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dbf32e4-3915-4826-a36a-44cc5c2bce63} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 2412 1f3b8fe5a58 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,5279929129982412219,665125140423999272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.2.156485991\2142435918" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c16751e-39c1-460e-ac7e-c21051aecf90} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 3332 1f3c92e1958 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1916,i,12705229297600737421,3307543619751298985,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3864 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.4.960250588\814876181" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3780 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e40e0dd5-c34e-4a1d-aafa-8693849e476c} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 3824 1f3c9e34458 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.5.1453810055\1020703895" -childID 4 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c56fde2-5bfc-448b-8621-6fbbeb2676fd} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 3084 1f3c9e35358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.3.1155150498\735209577" -childID 2 -isForBrowser -prefsHandle 3776 -prefMapHandle 3792 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e445faeb-a94d-4fec-81a7-12c24783743c} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 3584 1f3c924a858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3740 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1976,i,10977676176152842820,674489853881026144,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1976,i,10977676176152842820,674489853881026144,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1916,i,12705229297600737421,3307543619751298985,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4784 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4804 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3680 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.6.1010850940\479897537" -childID 5 -isForBrowser -prefsHandle 4796 -prefMapHandle 4792 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2678b47b-7014-4402-9d39-8cb1b7a2484b} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 4808 1f3cb076458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.9.1586250974\598925334" -childID 8 -isForBrowser -prefsHandle 5848 -prefMapHandle 5852 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fa89be0-57fc-4263-88fe-1646dde3ff5f} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 5836 1f3cc4e3a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.8.1985745964\368237813" -childID 7 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d82f97-d51e-4954-9595-b1015e9b2db2} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 5656 1f3cc4e3458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1896.7.1739489288\329091818" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5396 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc7dca35-5b99-4643-bff1-9773f8fba06e} 1896 "\\.\pipe\gecko-crash-server-pipe.1896" 5516 1f3cc4e2258 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13573103511414806737,9087350623257738369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1348 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 --field-trial-handle=1796,i,11399239886887871206,30852893947862842,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.216.128.175:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.187.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 175.128.216.34.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:57023 tcp
N/A 127.0.0.1:60992 tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons3.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0bd5c93de6441cd85df33f5858ead08c
SHA1 c9e9a6c225ae958d5725537fac596b4d89ccb621
SHA256 6e881c02306f0b1f4d926f77b32c57d4ba98db35a573562a017ae9e357fcb2d2
SHA512 19073981f96ba488d87665cfa7ffc126b1b577865f36a53233f15d2773eabe5200a2a64874a3b180913ef95efdece3954169bdcb4232ee793670b100109f6ae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d6e17218d9a99976d1a14c6f6944c96
SHA1 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA256 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA512 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bc16ebe41a9fc2938c4060992a92b0af
SHA1 1719af3e339b187d984a76437eb80cae5dc50e6f
SHA256 5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae
SHA512 c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_3176_AWBMKZOGFWEESUQI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dee44369558d2bd656c6f37383ae2916
SHA1 075c142e939b241399bd8a156a7719b55acd2c27
SHA256 19a48d719eeeb064068883cf3df6e4491c116d6e99ed305d6be7933f73b51d66
SHA512 122a5b3885aed2e8652fac8a576efc8618b1ac2f1f2aede6a81a015d79108e4b04355f95562a58f0b3fd980d2fdfff184dabfad5c98ca90c40d311743a180ae1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2982a0e8f32306c5039605b63e2f3297
SHA1 d2226acd53668c8491d435b02e39ea4d3d5b7999
SHA256 bdb0f1a82439c35d89719f185719eb78416bae3e5a94282347f2768aa5d866cf
SHA512 3e9ff85d067717293823877a97dfeabe7deaf66d10c51d1ed035c981d9e74c268111271d1f29eb400f01bae252745b11edd2cd4492069dfdcd334e02d394319d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b0a2eb122ca84b585140b25da0e2fc1
SHA1 520342e909f91548a7e77563f9c9ef94da995537
SHA256 083b6d2e4c7cee9060d25775e6a83cf69f8e1ecccb4721badb49e121a3f7f6c9
SHA512 53ae288b936dd88014d75039986c005d8027aa6a41880a259938be81fc51064b9f3a2d96ce90518b962dd6b2d10e261298a37ecb4ab802fbc7010b8711706927

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0210e30f1275c4f976d92c831fe1d2a
SHA1 85a4617a903e8cebecbe5d31adca7532e871288d
SHA256 f52ba74994a0527a41c2798a8e6a81c6de2c0fa4e5a644ca58fa7f94e9f8988c
SHA512 19ea085fa35c5a3873b31fd24d73af1bb8adbc54f9d8af7556794ef47a63e10aa29be074e13d94bdf66bb5e5cf089573f45db842f44c58c43f9a134e626e502d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0b15b202d0f3529e7613fced9a031e31
SHA1 ae994fb837cd1dae6224290cc7d3750bfb49d3c1
SHA256 b0c301a9896ea5684b752bebac966759e5af5b81553f02d5e6dc08648e6d20d3
SHA512 ee416182d4f22d9be8870b7b634998680553b027095389279d17c7e2ee0541fb6471fd77a2edb6f02cb7bc08889d0d86209b0cd118fa5aa61fa5a0cb22542227

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a71edbf76bc24e5e36d5fcc5a0df67b3
SHA1 2053373785b3eaea72fa98f1a7c602d5fc16ce93
SHA256 22bfabfa0a58a1a88371c334c05ee23e1455c91697f5a1ca5ab3d16be39207ad
SHA512 819c17578f0fcc5e7fbfa581b9f794208bc9487b6ef95f725b3bfcc75b90513da55ebecbb6caeb8dfc91dab8b563e315abb852d409adc5578517eeb1efe9704e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 495d42f244c12a5b2f9f4e67bf99b529
SHA1 b01c2606679606c328e59866fdecc4c746104e13
SHA256 6fc70b24974f5d6a357f6d43b6dfb9515ff45379760b14c0056693ad84dce094
SHA512 14d20c40e569b5914c11c43156028ea5b75443197e3b4ed2d6719a7ab6052a7e9b3c2265f68f0b44eb01d21601bb783c53337897615fcc8962ae2c750fea260c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 07d6f927123dcd21e8cf601a557be877
SHA1 50ea4609075053d113e075cc1d486233cdc094f9
SHA256 e023d26d4df82e532e3e3a3b8e70f9c976b751cf6d53edd854c087d8599e21ce
SHA512 9aa856524fd7ac9bef4258ca5314751dde9969d9c2cfab91e25a2ead511b6e17bc6b85dc26401db3fa5ec3f6e17e00df56be394c78e22418c75c841310cb7321

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 41ba8d7686d699d44476c7a85010899e
SHA1 76a6a2be5d33fbce1417df9fac3729e2ea777d95
SHA256 a1d8ca0307a05fc38c00d84b77284a0b07020b8242ef03c2d77f96494cb647e5
SHA512 eb7607671ab903b32725b36d81d951f586789d8bce0f544ac7abbcec5a6a8bd18e1aa1c4ef0c1fa5621a811ab219eae53c41b0bd1d7cb1ab2f140b880c3f3801

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 0f25e9ae7693dcac68f70df214f0b832
SHA1 9948336ae2575e5017a88dd366b124338bfa38dc
SHA256 a3e80d6724cad3988c3a7af5a2dbf6a2987aa2ff12acd23502e22d0b537fb448
SHA512 099f2f3d1f77654a1943d6b4b5eb2178f7db9eec968806789aecebf889b608feb20d1cd27dc9743bb9daabf8433c89bb7a1d0d1e43d286b46e381a05958ef3d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 659c69d3b4495531097400a41bd72803
SHA1 4a250e429d700a321c2e92ae1339e3e57aef2e01
SHA256 737e4fae5494d85eef37ea3430bb7200ffe493508423662fcc18060daa0ae06a
SHA512 b13e1338a66f0c75975591bc85dfe8266549b60206e0879043f49fa94908c5d6c87095a9bd6b2c29a9bb64103d8f44733022f031d4a2292d6695fa58106660ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 6fbacab6ab658d4bd4b7cf05246ee4ac
SHA1 3f18690a9c4d204180c2eb898b8ed17feabefb52
SHA256 4330e722b8bf45f9248622ca985f59547809bf5f44a787c6817c4107878c6046
SHA512 e8fbcd898270d03d29cb00951830f9242ec48dafb0f99097a87c02a8597886647ae80fccaf3c784f520c0a6683e04dc159eafdf8d2025fa0a8616f8287f5b89d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\9a8a02ef-9960-4e5e-aa27-8a37eb05a3c0

MD5 5201ca00f8c00ff3d0204c39312077e3
SHA1 fd2942a545308822158ae494fe56af65272a78ae
SHA256 d2df1228cfae40125ffcd6b5c346c06285b955b0d09b457ff2ee2eaaa5638389
SHA512 844721e189109608d1dc9184214af90e28bfce11fec5d1e9d661d9b072db9478aac0d7edc0aaca2e8cf85b5fbb67870902e02f26971cfa3522c0cf2c624d0df6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\51ec75b3-a2fd-4221-8ad6-bf442b7db9d1

MD5 1d529bf3db4f3b9ec6a8a31dca9719fa
SHA1 ac29a4e762549fac6cb8e10a76ca40b3d84ed503
SHA256 3c450ab64c0c494875697e16af95b1d9c53782eb375a54e24715a25ea4ded674
SHA512 c347bed9a3a6ba9b9e3bc0b593ea1444f6928c465e6bc15640d0d31240a0160f417697150cd1aecb739442c6d31a2c75d16d40722bfada35879d5562b8964311

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

MD5 fbbc5e15afb0d5bc3467c0d99a4b76f1
SHA1 0b08c8da5b6c5705709d18dbc340447d6ccc8607
SHA256 2e1c309f78d1769abce87172ef73f3b5630130a3bb9be4c9063fd3f3ac62ddfc
SHA512 5a5e89434aca83fd4e39a193a3dbd6942f943b6c4edf14d02910b89388d320ae117655730beaa373e903bb19856effebb73e88d9e5902f980c3179b28423c10a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 8eff070195653e2a131a916680cd18c2
SHA1 7f5dc88fc5d5969b25d5e75cccabd37362b31a94
SHA256 61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3
SHA512 18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

MD5 0cfc56f3a33a5dd015a11f6755c4ea43
SHA1 8913d9d273de2d5dfa2e480618a0e77cdcba0435
SHA256 8af099694f2c147c548474730a53f5462ca3cecff6c3d806099fe279ef410c2a
SHA512 50af3f3d841ac1d4ddcba5b48c17c58d4bc5496f1fd7b13aa7dc83bd3c7d05282a565aa8e295193a23e613d4ba1195b9cb61dbd84ade843594c9ede6bc9c353d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\4EBEC4254A077E0DC44999B27634860DDEDD06A7

MD5 90234ba38a49dbe178adb157c0705c8d
SHA1 fed78b24197915508e27bcafc526f281b0a286db
SHA256 c2c82e9b9a1eaaa5bdfaf6dd3c4702601d22b31b92aedaecee1f933d19b5af31
SHA512 e2626c958eea33562eaf37e89e3e2052bea5b375089ee89e536c9929525c16dd22e44215ff2d6e4a96bc7c6a14e95f1abdd3dd3fb19b981766f1c7d949b97f5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e3671227f5b0240e6624ada92b9cbd0a
SHA1 ed89ca6c6128be183b3757394ae0cf2d2a0dc71a
SHA256 dd044ea24054da03cf2f021ec7943d4a0c7cfb8293cf954594fc47c804454f96
SHA512 5f5da27f96bfd628116e77ce30d3be7100577dd76b16c558cbd41f11bb80e3ef9127e6d1bb2cab046110bae16b89fca7ae831d68c1a9f7e87cd1f3ab90f7eaa9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 5722fe6edf203ac1d6aa61155dfbae0b
SHA1 d346d04e069b71acc41222da6121d2d135e2ed3c
SHA256 0c4941d18a65536c4fdba15bb4c6d3927890437c0baf210d65b65919f6c911c4
SHA512 6fa4ec13fbb656267767612f7179608a12ad5a908f609c97faa8c542989a7131958695ceff1eb64108941f7bd43cae6db58bb843fc7345b22bbfa69e2d17c6fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 bdd5928e744c7bd1e6f98929a86cd69e
SHA1 b485556012614c5d7b831b744c79951eea11beba
SHA256 b6660e12963082d10275a75d1740f6d6502b811600385b06d502095b75ff34c3
SHA512 73c78e1d592c435a4c8e66631b25c52b7a7e45fdb55bfea406c04a9ee6b0d6481587a7d50f1e9e13c4fb7bb4577f3c2999eab779561fb4e7fa20a35bc7c816b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 09767280c6be3cc0d640642a9f57c02f
SHA1 dc745b23570a9712a60402d65ebda5a3abf78d5f
SHA256 48340432df3c3b62dbd1696fea8cf2eeae72e83db7a714442789533bd1860913
SHA512 31992846615c665a5a3d16d3b7a829cbb61fa60e8d5503d5617d65755c80e1e8ade32068d810636484d949bf2a51a7a0d78e0ce8daff8d11a290ba01e87dee5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b0c751869aad3666c5eb7600743d3f1
SHA1 bbe1cbb2445b470f41be8afbbf85655a99af759b
SHA256 29ea30e1f75fca17a40edb7ad8ed94f5127756b9346bce0f05f96d9a9dde42ff
SHA512 3baa39f55d6550e6b4d8ba2fe7cca4facf6b2ff815f2e8cc8de646288da9c7cd025b8c3bc039d3be85f1ab66fc6185b137f0dcf04d0c2983e9344701aed0a83d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 ca88210f142c0a0f6ffba766e7ef49d0
SHA1 a7c1d37ca54ed1910b1b5e8ba15326de25ddf4a4
SHA256 2bc9ec061b7883b69f164a16f0f9d19b25dabdd4d59360142a829b24f935b700
SHA512 1caca302e0fc016e19f9e47589745f8dc4347d0a9cb6bb4e98db360481861376af2b08e15ac1c12792445630edb6928c0b820be83eb22efe39b41d978718f28d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b8f42581c50b7ef24a8671d712cfdea3
SHA1 9890abb4adbfabe48a90bcac987721b230ff62a2
SHA256 88774afd9a3bd12c53dbe1135c959030ec511989ade304ad9f97172c8018de8b
SHA512 50b03fd7c5e6cd572231845a4c093d331879295c5948f90032be7c7fdad0c2ff581da0c3a41c31b09c2a8fc61a8d504533cab1bfcc762ec2bf0deceb2859c069

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 5a5c67772d44eca9ecb08e0ead7570af
SHA1 93ffda7f3ac636f88f7a453ba8c536fafc2d858b
SHA256 eef62541016d82bd804928b0fe0123d9ddbc20c2f4c0198ce98ae3adbf9a9c7a
SHA512 14a649db943dc9a756e24a043c5a946ab0dda3cdecbffa090bb71996ca3a35ad674052895a496195799def768ea318ec4ce8b97e4f2350106c84a6c4f50affb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 9dc4649fa16988ec78278b9c920f1755
SHA1 39deaa15c46963f39f7495fc3071b8fe73aeac0b
SHA256 7b8f0c37f1c3a657d5aef5d898406bdc1abb324e93dde0a60864f63f298df48d
SHA512 f387f1a16c1c3299c5e7d55897ffd561d55203477a72df2251cd8f7ddd7b5180337f6f34ff7d8d208e7cba0f22a414c72f5e3cf04ce1accd39cb80e2cb2854c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 92a1fa032d4e41ee8c2693e10872f580
SHA1 673ae4ce53d6923d82ad135f2a86294898a5dae7
SHA256 252a26c6b36600861e848d1711f73683f4e86b2f82334cf39b89065e8ffec5c5
SHA512 cd5bd38cc6e376a3ab884173f379e424cbc4016a91c1b7178629ac799d0528156e227047e7425941658a25d19f935b3c585b2af15dd87a7a0cf438262d40470d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70fdd453bb3ba2148d0b700b146469d5
SHA1 c1d598b4f940e38a445155b964e260420f449133
SHA256 336a1ce490e92856633744b7c4b36bc2f86b3125f5bc073430051fbb56a8c4ff
SHA512 812d4e1ba0d4335acf137a96a4a1719731e80ba3b6ac7ebde68e6701e7d593fe39edd3d01f55914df172385dbb1a5b6e512e3c3ea18aa582598154f652a20002

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 54a59b1750585f19e9fc657c29d863d9
SHA1 14d9006f4f3a97716b11056146d4d8c77c3596d3
SHA256 3ede124922697dd836943eeddd77fd1c12a45214a781489e68b149b98e29df62
SHA512 dcb72d59195a5e8fb47be0c9bdfcf2dd2882f6cf8db4991fa4242222b5f5755b8172f76e97c2706b4c30d19a753baace708e56d5bd34b802cd54d7a8f773e16b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4ea9a175c417f4d54509324be9d7235a
SHA1 d73f143c396abf90262651c719199d7a2544db10
SHA256 5106107d186e064b0dd0595531395174a33fec6bb27dc94f77af9cc87647eee8
SHA512 b7b54f95923ad2e7de72d2c15b39a24289966d20f61c6debff99559f71c1a7e0a87e7ab7d2fba1090f47e6a92306d8ed889941d3fc585069c335a1ec8a570d2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 6b908e4993418ca81e52be1e2f1f9a94
SHA1 f578ae3c8845f8baa7b455e1f5c81a2fe510bf35
SHA256 e2166988f50cd01a48c4a553714cda882f21c707ff9bc77c683f7b618cf8f237
SHA512 b504234b0a1a669325decc04971437b51d9ea4f8adeaacefac5a9dc004a7ed8919d5d4ef645f2b56fd7056d49ef164c0d48f5e4b276ccfc9ce3535c77265c073

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 2c09460675a81f993ab39040090c0f89
SHA1 04b66c275abe212c4f06415b6f31f904f2755b96
SHA256 719ba248935e887c1851f1aac3cb14addbde3d9d753ff7413b790656d185b68b
SHA512 80bbed62dde49afcd16d0a12bda10e97b5f38ef670440ab6403480d60b43c66064ff4a7a5c7cc1a43378467f5c1619b7a0cbf3f096b680e03195f920c7a730e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 59f025c8752dc0cf314f2b9c1d26a383
SHA1 b7d7a4bfae1a75949b36c1f304508eace461e936
SHA256 47f797f2953813a004986142887ec39d909f9c4d400ced2c4a5dfb28c9d4a135
SHA512 317b6761310ed3358e88dcb29fd83e2e4bbd268cac08d1d8bc7fd59000d4c7a6cc836aada9eee8298421d1e5ffae5a1d4fa8435dbb6ddd03cc7563f550fbd94c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 f419c846654d3adedb7209c346c1d6aa
SHA1 25496795bafbe90f8ac93cb16f14589f7386277e
SHA256 14f579268a6a4e96da5b92f0ac0b1dc941958fa4698257dd0f0c16d907cfc9ab
SHA512 56337d7b080b41b542778acf6d34b3da13a48b9f5041c7424e15f215314df9a02d15327ed4967ed584d0babf05c6c338350f86144041988493f38938bd151fe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c2ef1d773c3f6f230cedf469f7e34059
SHA1 e410764405adcfead3338c8d0b29371fd1a3f292
SHA256 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA512 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 5a0516d215986d65c403ae0bbaa9258b
SHA1 07c2f364aef7289468b83f81416ff0db8342e737
SHA256 a5c0f0030cf28507eaef142086fa859b2184b5eb5b4b655fb84533d8b983a617
SHA512 cbf57cc1f426812cb36d09cc47777711ad2e14d96e39079199f7d313d6a020b7243fa2477ee5ed64a61b328b6eb00e053a8ed276fa6700a464966c45fbdda8e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\325E3ACD0A312B8D293D90A7D9C7FEA95398ED9E

MD5 5896eaf5135da9df9770cc073c115009
SHA1 1f3eac5903f18e4971b1c203bc434395647aca0e
SHA256 10a2e2cb22a0df5ca29076dad8e48683c905823341e34f1c0566a7554b2ccae0
SHA512 10938375bbd1f56fc0cffe3e86e8e77c2f61955180f13cb527b5062b55a94e60c4846437708eaee889d042dd71581c09238843808733756be04c90aef499f433

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 5745b838ab245b63fff1eb2f1d993f92
SHA1 912e56a991d24a2fccd18b7c21bd1cc9c410c904
SHA256 1fb1738724cfd431a6838c2db1966ab39c2c7da7571d643637521552a4c7ee9a
SHA512 e10245a2d930ea82b73a47454c66022e25fd7dccf55e6929c2310b8515d8faa78090ecc5d5a4fa8ca62185f4dcecfe81f2d99c6ff4bb6b2db6b73e4f239bf325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 a78eedec14850de06d8ecf4e5f83af14
SHA1 67d57250d37068018094818bb099e30bf9ddd653
SHA256 e37563793380f93d15f6bcf3a5f3f3cedade06b9e8c3a147fef8e278c9ffe550
SHA512 9b6ef75f70b1a450524d98e17e56c2924aa67e0a6e9a57c810e8e25aad17a85a6e3c27d5ada7b57e91c6779f95403ca21ccee3c5494a9bdec1b28c8eee405371

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 481d0e9bd72e947acde0d25e800e07fb
SHA1 73e6eb2bea32d96be96ca0fd9d44aaa0a9096246
SHA256 3a82a8aea7bb51ed8da01330d412cf3d1ce87d715360aa5fb57e93fbcea88170
SHA512 bce401c37e86248f3fcf675fb1dcefb2b350b16b86d2918445a62d376a0f3b2c54b8078e874ef209309e6c1c823b8519017ae7e914200bd96a39ea2c2389775b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59fd3e92b6a72802c7b5d13c3acb3bc7
SHA1 f4a174952054320ced4bf15dbac1d438f596c52a
SHA256 6fc153b9acd7872f7cabc2d7ac75c319d577f7ab3d59c12168eb5833365fc9e1
SHA512 a5428cab6329db152f8d1ebf516453c566b4f4b88c297ac378df8555159e874dcb04e029064ffc2e1123c7faedd67e836f7eafffa081dd0911243334f28b60c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 b6f01665094f591959070d3870861ed7
SHA1 81936345538804150862403154b87b385294b44f
SHA256 1467ed303ccdf1c61339256169dc871674ad8d696938f85d8180ee4232891a55
SHA512 f14c41a53d69dccc344e49e87656cbc35420636baa03c3164b0965b17719c2cb9c85b168ad617db33ee195500f1e4e88a132a4cf1a51bce785eeb99444d00c13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 8878ebfc10ff105169c502145430a144
SHA1 c6566908d61243c47dc1003031f5f2dca1881591
SHA256 f721385ff47347c5292f5b0db774ffe645be3c5914e96accbadc233ee6718fa7
SHA512 8c957e0f8bd234a1ed526a32bde2da529eb11c28f2a891a09b3eb973ee346e9ccb6f1bb836d33f71489a4a3bf02dd8232f430619f783d9fff8cfdf5532a48d8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 48a023096a31051162f404b4b8f56e42
SHA1 e452a1dff72a64dfe7e740f5a72505e6d5231e12
SHA256 50cf2c7f302782a8658f48f16f930d814d280bec76e179f1bda28b00aaded299
SHA512 ed0aa7ccb3e6880ac4e20d12e649599e54d780c1b317f5c0993bc55b99a01f8228d2cf8af7d60d6733525fc634be920721d0fba7479d846dd666113cb85933ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f01e099312c077db8a0ff75750d1d4d0
SHA1 38c0a8ecf8ee72aca2aba5ecb1988035ead2d706
SHA256 ca30e091c17b8c75d88954df3a018171a0af2caff7eeac24e9f4cb81b9432c9a
SHA512 8c9d211a992c9a3cc0a482640e68ea3b5501406de867a754afe08bbcb3d0c1c19b848e07797f7934d49489995b46364878b6de181dfbb655cdf939ba310cc03f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a4bc.TMP

MD5 290d8210c90f83dd20362669be3ca7f5
SHA1 0d7fdc037ac39ac6920235f3531bb786480e82af
SHA256 35724188bad3f6df15438995e11382eea82a6099a5c6ff692e38fc57513235a7
SHA512 874f8f9e59f4d2c2c156f6c694745771e36cf43f1a7d19160d42ef52e30b1fc7cae4a10a510bc55c3ba02e186c94baad8a6ae39ada6ed45ee12d33ab48ff53de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3d0f19014d470691ea69f6b5d1779d0c
SHA1 e76380fdb8ce60d47239748f561274a89ee96a8d
SHA256 1c22122d2349ec015a73c3774d781e67a0248417934f0102e4102b9e7eaa8a12
SHA512 4a9a4dd4972212c0f963bed96d513713f9145de7ca2c171225214cea765c1c0ef12bc00732e5e1ec06e2174199313607605d7e12e0dc69dcb34944d546cec40c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d9fa3fdf078b7085bf5b8a3eaa60998
SHA1 a757867e24eb41059ff4056d7ec2a7ffca221cc4
SHA256 8069aabee31cddd7ca8ff69d59654c564141e3d7ec2444f00c740c5458267971
SHA512 cc53df89bc5cb244adb07ec5c332f459b1d4baca92ebe1688e43e5f39a1f4b2f8569b34a7f129a210b9b802b57a6657f1288a4a5b34cac44d00c88f2c606d3b4

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 6fb0fc84acd453c07d2932a29f27f6c1
SHA1 7aa805b422e13354214756fda89406c5eecd2490
SHA256 00d79e4e11fa7eae9d290eaca2e421db8b4c81a8f7a5416687ca3737fdabdf72
SHA512 6c7e9d690dfe3e3639ae422fe265e6c44806fdb098b718589914243eeb4c8c58a04ac11cb225f788ddbd4299489c27558392da9eb52b166255cddd820f989b0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a1932153cf58193498a5c96e443f37db
SHA1 07960cb0ea5c5dc0a8267bbcbc3c7c31332b8684
SHA256 be5d68d37334796010098164275f09bd86dff9f7b727858d4bfe31042ce05ef1
SHA512 8c6a57ebf97de30ed990cb8494afd121b6a8fdd3b93789ffa40ca7758e3d96cdf4c04f29eff36092577e2e66b66b46888283a407dfbdd298b54fef70686c2ea9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 6bf8e3d5cfc72c5fb0810e746c17eabd
SHA1 4f3e1c46d40cbc66e973f24bf491488e55a4026f
SHA256 edf960ce3a2016efdd03b2a8f30053fa9daa48d3310e102997c7836015586180
SHA512 2feeade53164a7e1bdffd464d812dd4424366f2487147cd1e3bbd1a1cc6d7c52903bf693f5f99bdf019e342402c2dacc0a54e26034db9ab14d2ab0944d986f05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3095d40f42c593016ac6ffc7c820f123
SHA1 0680e25bcf1d9cc9e27fc53e626798f390e7808e
SHA256 fab169a887db3ad668999acbd10cf0ea2b90788dee96a4899cc13b1000a7564b
SHA512 a51ffde46d33573006504dd17205ed83aeabcb6da52dec070a909813e359be8f7e73704c136d77ffa258f83b631d6f9d863e3a0c2dc1f6095af235216408c161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd0ef0b4e5c80a70e3d587d33d189bf4
SHA1 b3d21d5d3b46170183f5532d11c92b1071e53d6a
SHA256 78895e6401f68f31c853d435cb57ac5066aecbb75bdc69c1cf7c276c8fbfdf28
SHA512 267a8343ee73f3df52ea54e26d88825cd873c659e8de3f047c351cf720e7c135c834b34ac8fac3050bc6c27afb04b2e2027db532619ebf9d754129a0a17ea75d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 95a7c2af2dceaaf3bdc93c18abbebe74
SHA1 0d3c6251a3efcc28487e409d62ea3fac2a226366
SHA256 0ee25e65bac0efc8e9ceeb60a23ed60a3348e8fbf1bf0424de7edf52d170f2e8
SHA512 154ca40dfef359cf20b7e72fd98b29866ca7c28f6ad12f927c195bf000bf2542fb6254ea3bb445954378f56519a59e7537d4b39eff453c841e10cdf721abb406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d6570e2310af8e2f56297f0f6f818e9
SHA1 ff3a00234a392f9c9b013d34d43a74f60ede646e
SHA256 499e7a84882e840c3c8bc1676f403738da52e814a4c3267250cddd53af67de08
SHA512 d1e6795361402c4c1016f401c376b0742133323de9ad9873f8c72364b1376249f39d12ebb3cd1351eae303ac7993b4955d18888bb6bb2ea92d6b7d72367de863

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1645c3ea960c6fab32c779e123006e0b
SHA1 444fcf2ee5c5d9bd2926017ce9cb0453c869d0db
SHA256 b96c3981e51777d32f1d9a732f69429fd6d092b71459b40b892691e8de485145
SHA512 504ed7d99e17e540c89ef5abc1e839834a20aa25fd30da881983254dc2ab06464698f9286664a341740378bb0544fe6fc89aa9bce5802db860b679e00b8a6e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51f69e84ab820f09dcb5511e643445dc
SHA1 d4141690fdd1233226525354835d386cc1f750d1
SHA256 6c1def0ad8a7a5b2c664d0f065fb87c45e6d84d831241de6eb5e30652c73e1fe
SHA512 a2f76048fb749c8b1f9c927d978698ad7a3374ec1a5d230bf13312220bb33bead319e12199724ca99016d625297cd17097b384f424442fa7a64333a98e33ea09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bbd5c71245fb781854e4eb18fafea6a1
SHA1 0e4ac530002a36068b0c605c41ac5de9f9a6a6ca
SHA256 991dcb8cb9a3890a4947713c890c7f2e11f032df27febb0084c731e112a50673
SHA512 70b595da90b3fbfa190df30d8ede30386728e79a924cbbfd86d22991867c9d0ee46abf546490e436c3f7902aeccdfa5f8bd0208944429c727f4ce3637f056683

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dc58a4369e5965c61444e66894f86821
SHA1 f6da09f76e8fa28e15e998b4dd76e029b1c65c99
SHA256 9d33c4cec9db4962f2e9f390e6f8375d030d936035cb0b39acb6a42d1b3a6994
SHA512 af5a759d9cef992d1378a0c207c89b0b4a4063549773ba71443834c7ace1658af086aa129063b38786c749ae1f8c2616564d93a96ffef1841b46cafca97ac116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2372c7ac76fce79aabca857feaeb9552
SHA1 9c667562a691c79e24b1ec8a766b23e8ee8b18e3
SHA256 cae4e62d3328f37c5b554d5999b6148708cf18679061c1d159c49a50e2c0421a
SHA512 3c77d38b2cdcfa0d17cc0de5f296914cc38d1a041de322e711b49c1f3437a72c8db7c82631d63df75e9e05bff93af64fd3696e9a3b374a43e7593b0d9f92d84e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4bf3f13a07dd37de26799faf7011ccb
SHA1 80ec221a64c3ca3bdb9b19fcbf017eaaee6e16ea
SHA256 dfb642f7fb16b71303716ca921131bea15e99d110963e3eb40b1add5d4c0e862
SHA512 5a889348e623c7f3c9abb63c8e4e8e54963d691781dad1758b8aade1b30787f49e5c2522ba76a52703495729dd324bbf86fd7b8709ccd2309fea8059c7701319

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf21e0e48e9c4d3e8738f0d9511989d8
SHA1 41454541812437942ac69c99b5e733c24a1d4dd8
SHA256 c4ce9d359587295b9c80312df4240165f4162f54c176aa8da021f01cd7228418
SHA512 dc601a84681710d38d053089ddecaadf8c388ade7491769d2172a5bcfdd505db76cfa438c95610e9c3a2a8f65889a522470f6b13b5d9483e58f66013fecb1312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4a0df6c62054b23444fe02ed62fcf99b
SHA1 1cdff87cf85797a6e12b18755251c410787a9a61
SHA256 b9be78432f9eb7168b824e6b5ccaed25bde7aeb3abd991f937ba1a474485db34
SHA512 6acc973a0b827e49a24617f0b90ab9ac8c4f056792c582f3fdb74b8653c30293c662698e8c7939483ec256809635bad86e409d438b00e1ac73be998d4e1532b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 196ffc0b4ccafffa2e8e762e6c8bce83
SHA1 c390e21b297735616bdb3fb7852568a2f2fbf973
SHA256 0cfbf8ec1bd19be83b3455b5b6aaeb9780bd40ac3f733d5883a43c6083f568bf
SHA512 6693f57c0d9a1ce32d682d2b5c3372b922d152a625976b77b6a762749820e3800ffa54d7d04e77346178385762755715418a654e444070aa4b39e53a7c7d1749

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e9912e134d8be8965ab8272587219976
SHA1 0ab2fa13174dfa5647ee33b5d4d8f8b262183366
SHA256 ad1beeace68686d7e38975f53b5fd7a51a86c4d579d474f83990e1c895a2c8d9
SHA512 4276703fa0689ac4b1d4d29ad378be79ca06173b45fd8a7a896366b838c80788bd4ac7db1e1966d06f1ab1ede91c6bd3d4b57131bdbd2bc4a3d748e6c1a7ebfa