Malware Analysis Report

2024-11-16 15:52

Sample ID 240204-rw38xseahl
Target f619f14d19db93c671eb6214a3881d50
SHA256 6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6679f84b342073e78829cfbd45dd44ad2e63dc78c0723e8ea2334a1105265023

Threat Level: Known bad

The file f619f14d19db93c671eb6214a3881d50 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 14:33

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 14:33

Reported

2024-02-04 14:36

Platform

win7-20231215-en

Max time kernel

38s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6036E4C1-C36A-11EE-92F6-EEC5CD00071E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60394621-C36A-11EE-92F6-EEC5CD00071E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000048e938bd8ab84139a160293aab299a03002da7868c7e69021b6a61382f3042d3000000000e80000000020000200000000190a7c48f4f02380e91aed7bdfeb5ab9e7a864416b6d3cd4186ed9a234152b720000000a8bfcf83f79fe2b81d658d70f85689f125e25b88b8dc3ecf0af60b8fcf48ceaa400000005a89b199a55019d32deaf7f4202778450ce2ad7808c1c286d5e104254333e0cc07a663efce45218bf22b4956153cad1c2c3eb38834aee2604a06215115b0bb1d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000071a583a86f3e75170ff5b320038f8c1548fb72f30a2ef1807a11a8957179014000000000e8000000002000020000000960651e19cc05e2c16ff7f2ff21fc22b74e1a183f2f270f7dbe0e65f3d6a511590000000c4b9b3399434f285da227fd96934b40898a0892f646ab30b7f18d98be12df62a9518ca7ab2d2304c029517524f8af83994d558b54f1328da924d77445c6609060a1dc4821e072a346f4377528216b0ec4a218418bf673800ed84a469f863517075a6e45963d4f207c1230c8d2fbbb71028b02ab582060f4be74099dc19379e77a1157b5ef09a7fdc0d7524876e12d651400000007ddfea15e38d7ee3893843f89e2d337745cf0a930599e0a92868acae82f07528ad9cbe1da38495cb674ca7ce618625964ec3a5a817df18249ad112007d8b045c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{603BA781-C36A-11EE-92F6-EEC5CD00071E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08037377757da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2536 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2536 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2880 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2320 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2320 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2320 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2320 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2336 wrote to memory of 2704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2536 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1468 wrote to memory of 3048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1468 wrote to memory of 3048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1468 wrote to memory of 3048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1400 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1400 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1400 wrote to memory of 2868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2536 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1292 wrote to memory of 868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1696 wrote to memory of 1604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1696 wrote to memory of 1604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6ed9758,0x7fef6ed9768,0x7fef6ed9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ed9758,0x7fef6ed9768,0x7fef6ed9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6ed9758,0x7fef6ed9768,0x7fef6ed9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.0.767574619\459848970" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29f2e3a1-bd3f-403c-ad99-fccc6bba69a3} 868 "\\.\pipe\gecko-crash-server-pipe.868" 1288 119d3458 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1336,i,6085041436597712439,13154766317836774284,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1336,i,6085041436597712439,13154766317836774284,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.1.450642881\719415819" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2553c3a-1fad-45ca-9a21-9f358b14231e} 868 "\\.\pipe\gecko-crash-server-pipe.868" 1504 11905958 socket

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1312,i,12667561196424263661,15678188707375358116,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1312,i,12667561196424263661,15678188707375358116,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.2.1298980641\1990046539" -childID 1 -isForBrowser -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {786d8816-6861-4b58-b560-0ed5facf1dcd} 868 "\\.\pipe\gecko-crash-server-pipe.868" 2132 19f18858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2660 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1568 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.3.1615904672\901633884" -childID 2 -isForBrowser -prefsHandle 2640 -prefMapHandle 2636 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {089feb1b-3c2a-4b2b-a883-3d522bc176aa} 868 "\\.\pipe\gecko-crash-server-pipe.868" 2652 d61b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1852 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1312 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.4.477194996\667329358" -childID 3 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d74abfdb-0b95-48fe-95e3-6ddff3dc5978} 868 "\\.\pipe\gecko-crash-server-pipe.868" 3816 1f4c0258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.5.97247326\570307815" -childID 4 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa6ef67-dca7-4d5b-bea3-9cb1f4507490} 868 "\\.\pipe\gecko-crash-server-pipe.868" 3912 1f4c2658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.6.728454465\1248933261" -childID 5 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7376044-8a65-4e3d-878c-d639ba71a35b} 868 "\\.\pipe\gecko-crash-server-pipe.868" 3816 1f4c2358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1152 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.7.1263587591\317090980" -childID 6 -isForBrowser -prefsHandle 4336 -prefMapHandle 4340 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a4dd961-65c7-4907-a54c-aba6d43f8fa1} 868 "\\.\pipe\gecko-crash-server-pipe.868" 3632 20ddd358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="868.8.1535542038\888831323" -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 4344 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec7db888-35a2-47e0-bbd5-d273a2799a68} 868 "\\.\pipe\gecko-crash-server-pipe.868" 3836 210c7858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2332 --field-trial-handle=1468,i,6986984683814022070,16337675934558227224,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 34.216.128.175:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
N/A 127.0.0.1:50032 tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:50123 tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp

Files

memory/2536-0-0x00000000009F0000-0x00000000009F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{603BA781-C36A-11EE-92F6-EEC5CD00071E}.dat

MD5 cc3b48157efab962f9ad40c962a73587
SHA1 fa44ac61090b8743ad3e13c2fa994635541d8cf2
SHA256 0c13f7e13770f0fa2be488ab72650d6dfc82c7ec2b2cf73f865a11c1031845cc
SHA512 4e93ad691bca6e02cb817770dd7d5145a361f2328efdcc24ded293d1cb4d5e549c040beb4d3da8ec6f20af9f5d89ffa64c1501a6103a3f7a3637e09d4a2b2d70

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6036E4C1-C36A-11EE-92F6-EEC5CD00071E}.dat

MD5 b5900d0a71122507cb8f416075cc8bae
SHA1 424436013962aac5d549fa4c75ab5104052764f2
SHA256 0812c13d6943bfc6d2a2fe302208c8092b4e8221d75391741cf65b309c83ad68
SHA512 d93005c1c645d0c2749bae6c30847699ded97daae922d775667032a90bbadedd76330a45d764b49a5be43e5b82e15bde933b135eac2344b79f5d55489bf90416

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{603BA781-C36A-11EE-92F6-EEC5CD00071E}.dat

MD5 95eec7bc9192a2eef6027e97fe658adf
SHA1 9220380f015e8b196070d879bc46b3c2f7afbfa0
SHA256 5c120d4a8f5f2cfb977bf78e4f8e93db1e9cdf4d9ffaa011c52cb42b613df6f1
SHA512 5eaf53e29cca21f33b0bf9e94d6960b1f5c83976a58d3608d9ace7a60266fb0b9263083322e55708242d7a2b0169dc1031d1e8a73b8cd3fe587017ce272e621c

C:\Users\Admin\AppData\Local\Temp\Cab6163.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b68fe463c7ec10f2571f6b452b5195e1
SHA1 0a735214f8f38e3ff4de9fc072879cdd5b830836
SHA256 d416fa3f24102ef5802842473524183d7e4808ac0ef819703569fdeae2ec142f
SHA512 e4f4640d59050cab6e690b9c2d7973992be61a87a4110876700ea8cce644c1166301bea83a4a1b921325c34d39f0df9ed6c94981da9fa8eeb08a6cc62ba91001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 20a7c3fc3a070e6f3dfc298460e05152
SHA1 b3625f2a93cf49b9db6f06469f89c634f6be6816
SHA256 7cfe940f206dfa2168a0fc90aa220951fe450fc5bbd3e1266c11f179145e267a
SHA512 c168e8cee19ee6b4ad8316bc3b0bef4536e886292de3bcbd89b9329c0b6cae981224f49f1a5021ed62b577b65836f8efa43fe861be8e4795d959b69f25c9f0a7

C:\Users\Admin\AppData\Local\Temp\Tar6251.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a8fcba2c14242607a406338011b770c
SHA1 eb1709d633d762d3153543eebac8ae7e16e30045
SHA256 650c5fd92c48beacc9d48f44e6ebb4e4cc35c2148e63b4124beaf136488bbbc5
SHA512 2b7b5eac268f8f816243e2a021ccd289310c2d5fcd30355ea5ffe4ba8a8910026eb4eb156282ced60766f080bd65221adac8cc6ee41c0affc7f38b6db1f5e902

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6bb4aaf80a7a2d72846bea1ea544f589
SHA1 f0662dceeb6651e97e9554ad3cf7a661c11b51a8
SHA256 7d2224d8003b3b58eb9d2de093e5a8950efc8486f41ef72bec8f9ae699e6afc3
SHA512 6b72613eb8fab5426c0cc3faabbcf947f2ebb7901b46c6769f419877ff9ee789eeb2e8647a1e244fa594a8b86c6c0f9f09007052470c7b81c6d607124e2ae4d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab6d5313ffad2b8c696a5fce78b12bc6
SHA1 af6581bb74ce8125295636d18c13a7e862fb26fe
SHA256 94805fe12124e550cbcc84246d8a8e3534133bff00a97a670287aa0e065316cf
SHA512 caa4a395c7d476c71a89b9a22434dfed91a473cb265eedeeab59311465bd44d5c9c1b21ec457b7d161e238bc77f479138d5df82ae1e4982486e8a8970d90cc4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 589fb8044b8609b415b2b31f78df7d1f
SHA1 247cb6bfd7bab51a14e4b01e23855ee194c3e6d1
SHA256 f5e79a81f11e9499a4d8e07882de399ad9ff1c9e352511095d3ff4e8d4e1f9da
SHA512 93d2ffee27103bf6b438e931e8cc6e426424d534d3fc4cdc3dbc17f2b25a64d8a99ef457e55a2e2a7db09848f9146cc2e4c060e4a68519bf4f0d7b73b932057b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a2c2907ae86eca520e9efbd908016b91
SHA1 edd4a16e99c3b856405c3c18621076b957c02cc4
SHA256 86903ca3f540206475d72496930de70142124aa04012cdf8e2fe67001a6f3dc9
SHA512 9131b0fa447c46ff0b5b72d9ceb5baed77bdb3ba68aa2a5e191c26703011ffa0227623a47d0cb5d513b6608c7a3feafb6a235a3e63548a6ecb459823b717fd6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f2d0700bd7e9f92e1324ee651cb075b3
SHA1 6c44af9682dd9432fc80aa528997e529b73d2e4d
SHA256 7b79e17d313fce604f772855084ff5106fe267533984e8bd523fd5c5575353d3
SHA512 0584191262ada47d821ed6f0f70bad8b6f86f3ba85352d192bd7e4980c134c9d70cdb9fbbe54df324d48ad15dd95e969907d5c44f7adf9f33f5f9bf9c1844919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 3cfd6f43af4a223026c09416567ef972
SHA1 c3c1865485076e3c0d139791e4fe832f899398c6
SHA256 3af5dcb0f29fff5a4c937c832e9a5629fc538de07a94cbe144ef70867807a91a
SHA512 2e2d6f737848ee77947c19f04c171cd4e51cfa7a6c4433a76348947c15cf89f6a3a8407e56c58593ae513904062446a2fb620566a229d18dea6096a75ca6da90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 38ff8efa79bd070dce4f859bf3925593
SHA1 836338bf9d719e6d5f32469c557bd07829aee5ca
SHA256 cbb6e9ca75a2a5f9505174cfdcb79ecb91547cd8a9e8d5caf7ad0b908001e33d
SHA512 a1f707f20d162de305b6b422c81d6a8dfdf9ca998abfb92c84317849c149c8f0719bbaeffafbef0ab38e54ec058a2a15b531f562df219917ccd95bce2fadba14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 c73a602829ab062f14829aed6de7bc85
SHA1 83eb6d6b96315a9cccdd9b286be993c04955da7d
SHA256 38a06fb7f5a1d7225301eb07e51cd6ed486b7be6c43e49a400f8e0485c8b0572
SHA512 26a571a6f7c598e671e0a55ab7fdd5ee7fef0b89f482bb6929ea877de72312d19d0981a82f3d1c3b1b50a690ff0479423c25f09e2ae5136fcd4e91c7b572ad3d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 e4e3a66c978263627ee3cf2caa139ce5
SHA1 9f831b1a84bee306adb3bed82869858607e3fe12
SHA256 5694436c2c9594c8a52c497ac83db2b416ced1e32a9ab5f064e74b3ebc278e62
SHA512 a769c8ac0e8d8c225efa9345db2310d5076fa1143399a5159831661b6370b7b2d65df9142a12cbb9399f7eeacb6952d0c3ffc7ddcdadb9c0df41e7fec453d4b3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VT1ODJO7.txt

MD5 7805f5b88e81891b40033001f0127b5a
SHA1 4e36cf28f1c9bf765c806485e922f1189e07c6f1
SHA256 31aa101efef808eaccfb06360d55dc86dd630d99de5c51533c5af3a560421e80
SHA512 b16821fc4783512d927ecb890414c371fc323819e68256f000488a4031f6cc14aee23b16d50c26d9cf00431e84c34d1ca929006359d0072c535e23a9b7143010

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bf098c223b71ac93b114a14be1555032
SHA1 5c9f61ba32868295cff0f5383495bc4271a27b8f
SHA256 e1e82d0a02f9424a3abc7b5ee173429bcdf35202026556bddaffe9a6c2c3ed3b
SHA512 c399f92bcc415751c2ee507d53b0476937438630abb629e80e4a69873d586e93412fe1d009bb7cba8445ce5995520f95312b124f7bbf97e7de1c513e3cbf4c65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 85e3e9d173204594327b6a27852018b3
SHA1 0fbfab51d75b741fee22a4cc02b58757d594aa2f
SHA256 01b02ff087d99b681074afc17e0cd082be5c42bcb773e22a3ce8c1d78f019093
SHA512 ffba2f1f4604ebb4997085eef0e4cc0c8ea04ed635f08e26941222723b5c39887f5ee4557ac53bcdf637ef1a448c19fa0bbbf0b5a14e824d68c8c364bc1eda52

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 fe2aed13df140c878a590e1e7ffed443
SHA1 a11a85db72742eef13bd0eea8c1a35a656bbe0ab
SHA256 e06217897f652683a34372acee8dba4eb6bb57caf0b960ba91941ad631a31657
SHA512 535b100403a47f5814a191e9593717b28ce3880ecc591ed7dcb54cf965a7dd4483bc3e5e4d2c530f7e4ee1a44143396f5ea32d7d0f33ba9e6ba0d571b4a2626f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c64e88da56f5c0a389ebd7050b0d8ff5
SHA1 8c2daee651fcf005732e31a9210ceb43f4d25340
SHA256 79f481de45d48624273c119c25ab244c194103dbc7b2448fb8a0341c2dc20c89
SHA512 7e810257e6a89da2680308bc629ff1a307df9fdef6f264a62d38883545b2703aa5d1f14cb4aa64c0628d178a63594fd26234a5f131b64840044a755ab6fa92b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 484163d4d9f5a470aec172364bbdc580
SHA1 aea840b598f987908c16a9c553d41f3dc8aff644
SHA256 d368ee3a4ef8bd29f1e749710f833263831e44101ab604273389de9df18709ca
SHA512 71cad189e30ac0320c022fef8ac24804ad1a074de6787c242c2f243767a15c2657b0264df33fbc95cdefa1b2956535c89aec1a0cb6b52d6360c6da88e4698375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39cb868ce767fb158e706f87935fbd62
SHA1 54c8c78c12852a5b7bcb7af0e472c914012ec4c0
SHA256 db859aec7bcc7d38801b74b12e5351eaad804c29ba7d0439bd6283e0b794d80c
SHA512 ecc73ec3db37cc3a98ae0d0421da5ede0e20cd7529e9ecdb45ae5b4e6462c77b8655f29e667c9062289a4b1c225f96771e76268d24697afd3a18eb47f3c35513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 175a0b2d14adebecf4ffbceeef01f25b
SHA1 d5a94da9365df06b11844336483eb048564d91bd
SHA256 efe585b1e6c503f6bf27f90b2611f6b0632b8b59d817bd3968475ef4ebd78e4a
SHA512 87ecd7f267c7dcf3ececd8c5596d417fe6fbca475cf148c32e1b52db4a299435d161de51c19a3a7372cd88c0e64c82e20af23d54bbb6eaa373298fe0ed6cda67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 987ab1d5064c7e6914b2e06327ad471c
SHA1 f58cb3fefee882d31eea64efc59fa53a10e5689d
SHA256 db47f1d1a75e72522ba5a93e4382437c42e4629f499760502f2e2185e279c4a9
SHA512 fc8e1e818fbf887874b0eac3b641fc64a8f9e80e234b69661cb032b80e7a511edea87fb0e5b285d8c584b08587a27ab69b261605fc2dfd9ae0af31fc750155a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bddb395eece1f12997aee68fb9151b4
SHA1 58080aa3b25680a3656287b550572c43944fdbca
SHA256 50561cd34db7e66127945915d782358d4db1a28ab2404278b2f6dae71bf31263
SHA512 77e73b66c0adea38f87910b5e7844448df0d28b9b1aa7c49b6e7e4ca782da8d104f4f2facb859bf54e556e309d385352fa95e589217b454ee8d8816334bd4a32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b563c78496a4a2ae49240c61c49d5008
SHA1 353c4f85c48763df1da9d487eb58b263df120cf2
SHA256 53cf04197b45f930e819164d46b3044cc92e031f0ff7934a733fc1838cc57108
SHA512 9df657e4d420c430c1b1b030802ec5b4715c0461d7ca13648104dd0de4aab86790ee188205245b23d6336de74998eecf360664b1ee708a9fb4f7a49ece0e35bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98afbe0027a56f36d3cc8600641b98b5
SHA1 9e5660500f540b46d5f77cc809ee371921284eda
SHA256 e40532e9c18bc3c7efc7c1ab1ac7ed93272060559471523b8a3539173196808e
SHA512 b25742df1b5f3bcdbb11813a445a6c780cb90a79eede5b82aa33114297b36697563164fc7f03165d88245bb5e890c0c07df7642d335ce4dc6cc60d76fd9545d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 839c37c85d56d792874cca30c770ff3a
SHA1 81a91819e87ec0e845c0696a2e131697ec4ff299
SHA256 43e8248cf193f0657e79b36d2dd05834206d42dc3088f406d869a96e31ea391c
SHA512 399fea16d1182201c88d89dffbdbebdcf7010f66eb79debf0ddcef82350abff9900298fa43590000f6ad6987c132f336c98bf417ce40cb4f36dfe795a6f2b36c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7760e5ccd419ce1aeb4d5976fa48ce84
SHA1 f2b045ab7e7f88374e7e5bf371a3ced516b40968
SHA256 aa45196fb3fd65f57fc3f5f3b086a51792d40aa68b3e8bdb722c62bc9b601688
SHA512 76968e202a24e85562525eee1dbd08554fb51ee8c9fa393c4bf89834d045cad4ffcd73d8f89dcf1ad5f547a6ae3cf01963d52607b662f3e380fedd48bfecb16c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10e108022a82ce4dac7e80e00c300d56
SHA1 c430da329b808f18c90b2029917b210f02c8cef0
SHA256 f1f77f18e74726111737c22daf93e2997779ae6d97623e159fd2395f6df1273a
SHA512 405bff96eb4d282c264368ebb369d9310ff7bfff6b370be60a8581a0e3f874d4c23731bf4ca9632e9c3dfe5d69d7a8650ccb3660b2849a1501935628d62bd42a

memory/2536-779-0x00000000009F0000-0x00000000009F1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c6969b129900fb90d31dab364862d870
SHA1 456ceafc86e70382b2070382ef2e42263cbbd927
SHA256 0871a5dcfaa91de843fe3ba6daa4b926de5f84d9072219846df043221439d2d8
SHA512 8ebf456bf06ccf59ea3cb6e508429a7b34e522009a04876288c83985a0046c738fa23786ff6e506d7a8b82ed8a4b61cd741ffd635f793cf4761d789aef57359f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1696_GRROEICHANSSBZAY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23745ee7-8965-433e-8335-0d648f3fb7ad.tmp

MD5 979c02d836140411b42e2391275aa6a2
SHA1 e5250067cea46451c11945a01cfbd8179e6c763e
SHA256 a5500f9fa564a95f9cf4ab7721a2b3b121ce99110f7813af856793218e4dd97d
SHA512 638846184afd48b543f2e6561964f82d434f0586f4e66078174425e234182198c5273ba2f2fc50d4990ce7b65cc6de5f3e38db5b5965d368e41336320010c4cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\336bfbdc-f8b6-4ec8-b87d-d80ebe5b7672.tmp

MD5 0306b8241535cf28c15c66dbb83c2aa7
SHA1 df617792b98d68cf1dacdd8a3818de49cd299924
SHA256 5cc1fa84b56bf192ed118711fa52e59902bc6e36d746bb1bfd0a3455355defb5
SHA512 c39313b57990464476472d8158468254300ecc8f5b35ea3018fbec44bb4c3649b2f4db3ffeeac9f87f256f6ac9a7e5273c90ca398de8dbb68502c5d3c77859d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\413fbf76-a262-4d70-949e-3fb97c80ba72

MD5 50538eb0044ec745f03c480e77f1a270
SHA1 1f16dc4dc68f69f10745583227c5976ca6f98fc0
SHA256 ff860aec9bd693110810c2b66701ba6929797dabd8d39972033815ea69ea7347
SHA512 fe4675a4561177ab771c4d5f46a0710d0d9c401d98558ae6df2c2ff6c90fe7807e59fb9f647d57e6bc853d6ad4c749a2c4126b9a21663bac616739e4be7ec2d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin

MD5 04748fa7e27aa17c20a08b0fb7752e11
SHA1 acaacf5579c1bdb39d025d2a18b0d3c7bcef3233
SHA256 0482bfc6a157eeb03e064786bd76b25ee6c267f08a067c34286e73255fa7cf8c
SHA512 10cbff1e1065b520961a3ff920c3b47416e04d7595afdb412f5049813cb602ea4c6e9eae8f0bccce4527e5d10f045bb30c17214f7298c185b20d62294e6a426a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\18c384d2-78d6-4588-b3e9-5a20c8cae5a5

MD5 90abe87ade8d63eea02f212523df29b8
SHA1 3df00ce40ca440c447aa8db079b36d36c3ff4d3a
SHA256 9facad3d3499abed9f72ad120426431f6429744147115048b517a18276576ca7
SHA512 0dc343d89f28c4479901ebaabc5717d9f2e575dcd9ca84812467af915f091974507e31640c57bed831d023db4386078524ad8866b3b8794b378474abc69aacf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_532C75D1712657719080E16ACE23E930

MD5 3b64f0d8ac62e00132938141fd2a7e36
SHA1 a831c3fefb00465f61a16630c8bb1ce139f03872
SHA256 7014ddec6aa2a45bc44e922e2c96933e93570e344a729d53aa5b6e48691d114c
SHA512 b172d2fc0a0a85f1daeead9e6db3c3d4488ced078f95fb19757e50ce36658cfd31b2107a21bc6839fcb6dc64bfae266f8e46b4c5bccd2d6ef57da901669f7e80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_532C75D1712657719080E16ACE23E930

MD5 89320dcf5d0327bfdab1a30e99dd500f
SHA1 8a1a886b413c0b97b0c8c3d63d912b8994005279
SHA256 23f673de52991b70095c20db2e346cf5a7b380d5e727ac517a3c212d6d0ba7ef
SHA512 8ae07beed0ddd0db44ad80fffd924ca9718b0b4b24a793a38147a81c6e1746d6e20c8a8c56f4b53340ff509a3dd6d16209114cf8014f2af212942db980575260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 c9f49b76aada4e388634eae56581f623
SHA1 23be00c9940040920a1fea7ec71e51fdedba476d
SHA256 6f1fd2dcc9d0bda22b5967581240e5bb56f269849687db12699d967a67dc7135
SHA512 235538fa739d1c944cf6576d0c3eac2e926c14e14eeadba51a4c523bf261632bf4d221aa66198a9cdd8b3d9fe520dd635bd39056ac164ac3b5e57e691d4840a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 842c8e710a92b8e343bfbb8ea6e992b6
SHA1 674a08768c74e76410d18df22b839cb3de200c1b
SHA256 4bcae8194577f6f4740ea838400fc703fcad5d31a308ce06454f82be08fe6764
SHA512 29ac491b8d29d05a394e3c3fd98a7605fe41860bcd0221617b8fb70b3bd170131ead107551bedd864b3524396b314d8085bd4ae443b46fa094144bb59c28d555

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 76cdd5021dce67685a93a915847f5a33
SHA1 302dcfc6b3ba349d85e988090b9eee73c4ce5a71
SHA256 d932e45434943f320f3657b8e43bdec5d86690317e412682e13cfcf25362efe6
SHA512 36fb9125ead5e934f0e91255c9276c749ffd97274b2ef4a96dab2ed497aced99587dcc2a5aab8d53238207ab73cde78b0ec6cd024c88f7c7363e51e9d7f29ddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 d31baab38619bccace9c115a7404a0c9
SHA1 26324bc4fec50acffd5ac197db496d09f7513821
SHA256 48ca1ebd401284834c03721bb7e207890fd770a7a953a544c1abd062ed8abccd
SHA512 8cca50ed50af2347e1d443667531e08c6125305f51978ea85130dbfa18845e9b4a6973f4aa98738ff48d12dc4e5d6cb6f297d6b956d66d6ce635dbf521446260

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 dfd7ca76f3c4fd4663284e8922ad9c4b
SHA1 3cc9a9045ab9b77c462aa154ec7eaa6f77c6c041
SHA256 d1caca78e9e24fdafe324c080be695aa29647254f6e188a45f440a846512cb50
SHA512 e7da182caa145e069e6e77ff49a7282cc7a50530df441e4b2e295f308a05eef92381ec69772a882239c5265d8787d46c9b34abe5c8cb50119acaaf274ef38b3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 7daec4087246f3ec14c48fa3d95c6063
SHA1 d7f014f4aa8d988cc9c83cd848845a2d152dfe2d
SHA256 253b38e4f3dfb6df37e434e462652393617954cea78601404cdcbaf086f91cec
SHA512 0dccfe50e64a3d5178fe3a6e97717bb70d95b449556f395ba1e48e39a16f5818472badc6b2ebe810944ee9a35eedbe05125f312ddf144fd365737f1a2b014a8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 be1aadf6c82748bad5d680c324e56135
SHA1 0f1189804221d7a26cfab86d023fe7d75ff78e3b
SHA256 250457a4be807a6d8536e57f4a05449a6219bfef351cd07ab85250097090e884
SHA512 27b10aa37046a7220476a36585a37276d6451c94b8e73a98f2cbd75b1c3c3a2fbc1f5a70a414c60e9f2a19f255e7eb82cb23c7a056f5ff869399024b99418977

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 be6376d12df6b6f3a36689bbf967e0cf
SHA1 77285cad71c893b0cdc6f68f380f4cb641b07ac3
SHA256 9bc1f5521c642fcf68105da9ebcfc0fa790cdaaefcfe9ca7b5a612897c410306
SHA512 491e974deeae46da44d267205bec5df8a01373a41e2cd567b81c058e504430d1f91800b5ce084312884d62232e23943e31f5f298e90e8ddeefb9c6768f9db982

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 480021d9ce2f62f970e290a90f88bc28
SHA1 9a50f5183557e118a8bfde80decb7b5050a82d58
SHA256 415fcbfa2309f7c6730050210962790eaa62c88bdcd12fed194520f0b3b5662e
SHA512 53b58fc5bf56ed04c49fe4008d331c44422c8897f94898391df50fcc12e6a5d7cf089cbe98790e3f16b46a2df3174fc60ca77c2cbdae343fa966f3c470470a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 903028187d6dbacffa2173cb18ae549e
SHA1 a175867791cf4f561bda29ee9bb8d3b5770e6599
SHA256 2466cb6edf6e5afa6c291fa04d52f4252c3dabc53efb0ae4034714284cfe36ae
SHA512 40d0a0dd6b9e93ad41812e1c66c50db0c27bdbc26fb430515b194c67c8124b149f5389b47e84b68a204ffe5a42447ed9d3c13a58c15d9b7170e2f428f91c9303

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bdf4aa5222eb2d3e82b26e31416df6c0
SHA1 21df7ed874cc7a35bc33ff844513aea94cd9a584
SHA256 20b095932ceb9d785bd78e1a597aa1c264986949d8c2a6c64b06468e359f937d
SHA512 f071c879bb5c9bfb2ca8ae38b7f3af012db17fc6aa9a2f414bc12bc8626a4fee041286f233728974d2f3e889973070459c7ee29212182f94508caab0636d5492

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 133e6e972f2271a03dc4d1447fe5c945
SHA1 46f5747638d55009ca8e015457488c4bca88b332
SHA256 ba0488ec5339b0fed2b3d2fe7c3d175f55ffd347242b9c8adc387ce6f7cbbdbd
SHA512 8dc12b47b34accff36d9665e61ea4c6d528fb4bb167078565c426e1557139c6e903074f3a88d01a9f4990fe631e5f114a5a0e738a95a1beb90e5f93e93ad7b92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b4407a58-3c7d-491b-bf99-a7188e43e5e3.tmp

MD5 97db50d5845f84fdee3ada5f57b19738
SHA1 2bb7dee00e318c7f07c995bc557ab6f237f42955
SHA256 1cdd941c381d981e10356ab3ab27f240717696a5a48ad413f95f6b6fa689a9b3
SHA512 f77ba57cc54da890850da7840e98b859163b39cbdaf19ab056147a700967f1e40dd244d080dec51838fd1ff432215a129d92ef3b8f28cd49f09d532146e5f8a8

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 8b90cd3e5b378eb6b03f1c96557e11aa
SHA1 ee0545ee1fcf96e15df0a6b286fa264e72eae06b
SHA256 fb11e8933628a3bc4f2409cf493ff9a520efc95d84f520b4da75e6f7cfa5c00e
SHA512 a5f3cf61a9df6a55506c93c96cbd24388df556c1ae04a3babb26dd49996f9f5f833c8abf4ef1c967750f62ae6505f97ad69cc58e2e44e7312d8ade39e608132c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6c3da2b20991aba19e3adea038af286
SHA1 7bada57a84c6e268e196d8c400919c63379adb39
SHA256 6013e7b7bae971870eb32a96375ceb310b825c244c9795727d35f8bfdb6cdb44
SHA512 cd3083b758e10c2eccac1d9b6f32db4912bae31dbc700e146bc54d1dc3a961f8e56bec51b5aadad5c1a93db6e31bdba90a46777485bdcaa61c2c82e78bc1e154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b397b19b98e22f4b3863c8362915e8f2
SHA1 3a16cb209db672ca70a750980b61a4e03e417806
SHA256 bd9d8922432862a3bacbbd51742687606b3a60c41f89029a61d9c5d8a1539fcd
SHA512 c3bdfa5a31f65891b61affa09b54b3c3c7fec66d011fa27e979ad972fe23d8bd765c905ad6e123ae329bf70467eeb73439660972e96c2860e66d0c747959a10b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68c285467ec0307cf9651e8b86d43a7b
SHA1 a955a3be423e4fb6dabfe6c584dd9d6e3d666ff3
SHA256 a54bb9b4a50a0c97925543c2069c76f684c2892eb1fb9e39a4655db2fbda5cdf
SHA512 88630be20a9dcc0425fdb8ebfbdd88d3e80e2212ed7847abbb121a06f5b4f86d78afe8e942932439bde5c176348362b326189c4dfdea0959144006fd752b50b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c55876bd7a390ad168853097cffa070
SHA1 4a9d5b889a82171358a0ddaf6c3898faeb8cbf85
SHA256 968e8636cc1bf2f67676e26dc5d4e082e284d5507ad416a6b659ca73f071a653
SHA512 d387eb2eeb9ef239c6c80f93e4a4cae48f8efab5c5e50e912604030a1207c8343b344bed2a4486189e52f35430469eb951c17aa06faeb9cf5fa98cf0e6c55f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e80d01fd290cccdd90f697a0d1325ed
SHA1 e3e7f8b29a708fab41830242992dbffa9869e412
SHA256 61aa4c0217e90673783f80791a744d81d55f04d7bfd0c64b6f2ec5a0fc10b91d
SHA512 34d916cd97c62099b16fe6f9889dfdc8f0dc8770a4030a6922475689845b1d9050d3884cba569afde9c9d50a5a66a2bcf4812e12c7c7111c45119951b34d33d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 979a27679a0db59b7a741acfb6628547
SHA1 e3c85c9a83e11aafcf597b1af06f483469fca086
SHA256 b8888519620dab173e84dd466d506e416f6bc52b8d2d161185c7d9f79d0f8c71
SHA512 bc9844b3263e3737dd606de76bc431a73313f3eece3b84e91edf66f33aea23be80c006b97830fae7d115b57be9768e352cb52221125ce4abd6fc07f1b8efea68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e190e6732a67716d83e5d09f9a4279d
SHA1 190def5d265df667ae63fd759bdb17926b16a929
SHA256 caffc18ca2d3c35ffa3290e5a6094d7586b5f71c6c158c5795f37186501cdd62
SHA512 981a7608db8183801bdfc7277289b4fb5954e4e535a634c26dec3527a994fdd64d7367641a295bc0177bac8e9e52f397331ce4f2c89477f4a2c0a59832175e6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 17edffce74a88aba4f7104c0f0a32daa
SHA1 dcbd1f6584aa028b7139589cc433ab92ff9d0a10
SHA256 6754629c29e3b96ccc36b2bd3920c301c144392c5b65fa8891a59e1867c9c9c9
SHA512 01e2953587af329c1d3eb98ae919bbd6b10581bc25ebb23111af47717944089f373bc93b437a78f6a57d3f212ec1fc5aec85bb5cc23a4702584464775daad81c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c42fead00c473e9e8ac804d5bcb8f101
SHA1 f04e08d1e067b14f6e9d0c1987a07e22546eff56
SHA256 0f1d51f01dcb8853464e01531dd9b50f71c2da0cc0ea8dd1392e5de7a7e8da2f
SHA512 1fe51dd23725765954d0bb9ac1ae8adc8d092d5f5c7f70c267eb6ebf47b97b2226f3ea0728487d87ba6af582061b00f4b4f461835300e11d3a9963ae8ee15a42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 336a92dd75880252f7033458e9653589
SHA1 9d232c71745a0f13275a9691ca32c738d53a6169
SHA256 a2322a41ec490cc0ea57574d571d664fc586d42a92d735a150f7e5387440e559
SHA512 d7f5ffc79fcb06dc348d1cf0a877ce77d25030431e6ec7d4031a32068dbd95e6a34bbe3927cb50d5209daa0cd1912c0c6f6fe2c203b8c06000ebe5cbabeb9592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 110b03cb9ff081db050aae4e65bdec9c
SHA1 9e35fd5f8525a1955c6c020e2de12d5d8f4b6818
SHA256 decf7aaebc72b2d4d14e87caa60fad0d67c0b7bcdbc54e73b1cf88456974ec52
SHA512 e0f08542e3b39daf112cd31a75680dcc328e49eb9d86a7d8f2d5152bd0364a0b8e283266e70a10f321261411832ad02721ce89780070890a85efbd9ced334e30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b34538417437ed8d434cca59ebeac1dd
SHA1 5097e956d141c77ddd3bcbe375474220af4f48e6
SHA256 f465e2dbf669b0f4c1e6ac335f16cf43355d2aa41233d2701f2e85cace229b4e
SHA512 9e7192df8288718da90723ce144a19751fe78041f21daaba82294d8f036499ca59b5f5cc32c22da2c246ba7bb8351ddfec8af9776d77e9b977776dadf97ecfc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9c42b0fb41bd4cccd5f07a0b722fb535
SHA1 e8dcd57f496646f8a829ee46ae90bb5732b694d9
SHA256 2a697f6f424013b03840bc8736e10b93c3f2897b2dfaf33dc98b7ec4f2b8eb83
SHA512 ff284690d08c88a588a1e8806ef406686427d0be64468b9619b50015bcb8023171a755fc0c64955cb5e366c50d3f7b687c7562045225cad99fa6976b9717562b

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-04 14:33

Reported

2024-02-04 14:36

Platform

win10v2004-20231222-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{011EE4AF-D244-4757-9506-FB329C7ADCB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3020 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1640 wrote to memory of 3760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1640 wrote to memory of 3760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4512 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 436 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 436 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1812 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1812 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3020 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4556 wrote to memory of 4908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4556 wrote to memory of 4908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2188 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2188 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3020 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5064 wrote to memory of 628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 1932 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3020 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe

"C:\Users\Admin\AppData\Local\Temp\f619f14d19db93c671eb6214a3881d50.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffae5e946f8,0x7ffae5e94708,0x7ffae5e94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae5e946f8,0x7ffae5e94708,0x7ffae5e94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5e946f8,0x7ffae5e94708,0x7ffae5e94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5e946f8,0x7ffae5e94708,0x7ffae5e94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffae5e946f8,0x7ffae5e94708,0x7ffae5e94718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5d39758,0x7ffae5d39768,0x7ffae5d39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae5d39758,0x7ffae5d39768,0x7ffae5d39778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11000399038998797139,3715606741781978379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.0.1158616637\845629859" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dbdf707-40d2-4e61-8c9d-cc66c06ec3b1} 628 "\\.\pipe\gecko-crash-server-pipe.628" 1980 207527d6b58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,11000399038998797139,3715606741781978379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14658818690098453942,1752289965258033547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14658818690098453942,1752289965258033547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5d39758,0x7ffae5d39768,0x7ffae5d39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5e946f8,0x7ffae5e94708,0x7ffae5e94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3311611083344918126,2508560542241507135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.1.1433885059\1184708689" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1912f8dd-9bfa-4f09-affc-e1cca3efd472} 628 "\\.\pipe\gecko-crash-server-pipe.628" 2432 20752330158 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17896501844558877105,9538907151080843747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7249729247819356004,17356049183536486532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.2.1578721910\213650708" -childID 1 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7905a855-80ac-4be3-8d50-4d5313b39fcf} 628 "\\.\pipe\gecko-crash-server-pipe.628" 3080 207568c8058 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2012 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1916,i,12972891009358483093,2427754018695610339,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1916,i,12972891009358483093,2427754018695610339,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1992,i,16377526667353100082,17213963779994839405,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1992,i,16377526667353100082,17213963779994839405,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3932 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3752 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4880 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4892 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.3.2071248564\1771063404" -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4cb5dcf-c018-46f6-8ea8-a022f95388c6} 628 "\\.\pipe\gecko-crash-server-pipe.628" 3712 207569bf658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.4.952758965\461602291" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bace13e9-5f68-433b-8066-e0aa9d27c278} 628 "\\.\pipe\gecko-crash-server-pipe.628" 1336 20754d45958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.5.1447469456\829372835" -childID 4 -isForBrowser -prefsHandle 4564 -prefMapHandle 4560 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {824ef8ba-fb10-4ca6-b7e9-52ad3ce89785} 628 "\\.\pipe\gecko-crash-server-pipe.628" 4388 20745e62258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.6.402210043\482718178" -childID 5 -isForBrowser -prefsHandle 4208 -prefMapHandle 4348 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f686a64a-3964-4634-8fae-ba510827f446} 628 "\\.\pipe\gecko-crash-server-pipe.628" 5272 207590d5e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5332 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.8.1739942715\550479907" -childID 7 -isForBrowser -prefsHandle 4272 -prefMapHandle 4256 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5d46f17-dd18-48fc-bb5a-8f1bd8241fdb} 628 "\\.\pipe\gecko-crash-server-pipe.628" 4284 20756827b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.7.1251996675\839220990" -childID 6 -isForBrowser -prefsHandle 5712 -prefMapHandle 4496 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af5aabca-2886-4950-bd3d-c444d5a3a197} 628 "\\.\pipe\gecko-crash-server-pipe.628" 4428 20754d43e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="628.9.1907342314\1102786264" -childID 8 -isForBrowser -prefsHandle 5844 -prefMapHandle 5848 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d58380-f172-4b4c-bd3c-a562b33776a3} 628 "\\.\pipe\gecko-crash-server-pipe.628" 5836 20756829c58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9214715092713874465,2455845665720165071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4368 --field-trial-handle=1984,i,12174172422762593292,14530801930889551940,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
GB 142.250.187.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
N/A 127.0.0.1:49200 tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:52915 tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 20.231.121.79:80 tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
ID 34.101.5.67:443 beacons2.gvt2.com tcp
ID 34.101.5.67:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
ID 34.101.5.67:443 beacons2.gvt2.com udp
US 8.8.8.8:53 67.5.101.34.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8a1d28b5eda8ec0917a7e1796d3aa193
SHA1 5604a535bf3e5492b9bf3ade78ca7d463a4bfdb2
SHA256 dfaf6313fd293f6013f58fb6790fd38ca2f04931403267b7a6aef7bfa81d50bb
SHA512 51b5bec82ff9ffb45fee5c9dd1d51559c351253489ea83a66e290459975d8ca899cde4f3bb5afbaa7a3f0b169f87a7514d8df88baaeec5bd72d190fd6d3e041b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1386433ecc349475d39fb1e4f9e149a0
SHA1 f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256 a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512 fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a43c5442720748bc3520106b9b6d4737
SHA1 3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab
SHA256 0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c
SHA512 9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_1640_DIHEONSVGRQAPOXA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99dfa7473894c61f32b857140b181ae3
SHA1 623d730b02b440150ffd5acce8e32ff78d040bce
SHA256 5f62f4569b89d6bf3cbc132bb1a8b08f698e493ed9b84b4733596ce9f46c3cef
SHA512 1669307212b74e9df65459abb098de2bdc0364bdf4d4cfd4bd615d7c5b216857202f4da11f9d7163154b1fffd737ef7dc3e511fcf76518dca6e86ae3b264c5ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de5764f64a930930cc456eff2e196545
SHA1 b0eb7e7e6eef3e7d04b8b6d8add4e023ca9110a6
SHA256 8ff71e15bb5b4eda638a6ed8a1e17a3cb7a3c6675483a0be8f16bbe18ae73d9e
SHA512 dd1ad67cdb1a467a4c498a2d57018fc090e688349b53b59586c990d2c420551f7473845893ce09bb659b990b4b5d84d4229fcb7403c96ad20e1b3de39f380536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f1c62a7c9857bcc8f2aabf0cd452fde
SHA1 4370c602f48ad20aed18e489241b3cb3df18567e
SHA256 1b0e779bf495f3ef1a51e21aec304ad524ef99e8ffae38fb09735aac0c48f565
SHA512 b6b75955b4aa8b3aa9b49f30ea50d56ae2a7975c0822c570eb62284d1cfd34267bc97fd3d26761c23e6b7daabde41e823c4da0172352851b6c8b95394589eb70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d5d9ffacf46db77e478bd9ab786277b
SHA1 9ae9543754583a84054bf0315ac516219d524dc2
SHA256 35963be7106e9b4b41e98617be7af84f74ac47eac5f52b4dcdecf1e4a604e265
SHA512 ef3e3318099945e90c9ffc9a5e2b80e1967ede64165358f6d3eb2038c12153e5ef1b76a326397262f5cbf9d0e3c7a0369189a963993c8f35af023785a5875f95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddaa6447aee3b46775abc18b3a758484
SHA1 1078acc6abb4fe54bb4db3b24eadc9b0839e56c3
SHA256 2f61daaa58a0a8f0ce2796c66ee55fd8c6f297077018a9fdab2f58931ec10b75
SHA512 068b2e5652465abba7fbec3f2be80f06afe1c12e092f078815d365e26a745bab8a610aca5c5e76caab6ecbe207cc8c78a47a47a3d703451f169bcda0e60942c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a773503f55d41a88466d92722c873b8e
SHA1 ede6f110d1fc165d22815eb8ea2db5c60e6d03bf
SHA256 ef61d5187f71445c460f87bfc5362c2e61457cc407a9791b4ef35ac0bbe64af1
SHA512 044b53da6dc2b6fb1735df9797a55ace3753cdeb1042b05686cec92ec905eae572ccd9d9e00568500358afd3cb5871bf7e8112d91a2d72481aa9f698286b2155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 68009d189646db4b4e8098675ea93451
SHA1 7ecb1e65aee94866aed42111cd9dfb8483668450
SHA256 9baff09ba8112dd1b08b931ea059771e04e4fd008b7bdb68b3e1fd96fa1f0d8d
SHA512 ff94562ea4559d7f2fc85cc9d21b89992aeb25d4b0a8f2d589b86bd02a13484337cc2f57f161ef0af38a6635b39eb19cbf9e68655a9bf22d4d6705d5bea3b3d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e8ca975d18038c00a7154fe9d1003a14
SHA1 19ea5f1b42aedefa02a6fd847139c39ca6aa86bc
SHA256 3f0db715df4f9ca86a3a726d4a8b725bfd0834993e1f916c8199e0e157285ce1
SHA512 fa69b7ed9f7efb70a06956ab9a0c7b5733a027884d42c370246e6a0bc335026b73a2383c05daca1d4afdca4ae34d4c0aa023a326dddcaff97cc2a149794ab0a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\1a055005-562b-4b54-bf8a-7478fcfbce8f

MD5 f6c80e5e09c2af5e455200a695e7d2f8
SHA1 b2d48b6819ceffe9a3323996b34dad0404965bcd
SHA256 625f6fd3afe36b9c66d5436ac14b595c266f0ee18c48c273707b1e3d43628238
SHA512 d7f35145353bacfa74ac5729976c1151202f36b4a82e593a040c003538e630ab169c3ea73fb1af9b7bfd0f07e8c521b61bee423a040abffdb4f038769e92373c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\57f9ae46-56fa-4da0-8d68-293ab40339ae

MD5 41548e76b454c1755257d11dd34c72e0
SHA1 6cb2b63cb9b20ff0fd47a13cf37431358e475dbd
SHA256 e0f0d24b549f0214ce9d7c3e9c90b38c941da54ae680631038d81844843eed19
SHA512 798ebbbf4b507ef62a2fcb0acfd3c2aa47640f8ad7c3a2bfeb0db35158a27f188101c679326c9ace11ecdb6f7d6030bca5c42d718421e245e5b229bc392774e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

MD5 ffdee7f99bd5fddd642165abe84becd7
SHA1 62599cc0369f4d9ebb8e3018798c893efb7134d5
SHA256 dbd542f565c7d4088d74f585bc55c4d98937d76e34a661ff1e9aa28bdab7f1f6
SHA512 c7a6c81860315164131b13395dd9b18b07672b13600a109562c14b60387eb372977019e09e27b2024db9050dcf78eeeb5555cb353b63c1202d04374a47f7f812

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1e551f77e9ba8e4e72070809d81a6ef7
SHA1 02a60a5f8c406cc1083629b267239e7a5e955d46
SHA256 48c4e44407894516c4d7264e4ff9fca0d500dc7479d24e9fdd39794931f719f0
SHA512 5143b0228e927de946a58b7b39b42df89d64c0b9fe5d7b640b3944674fb52e2045c91fe6a42f8083f5f011c28ead0e3ba9f49d1da8165afe611b4f3e01d8e354

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

MD5 4a8d3d0b0b6c46a8b3ae8b68a210f708
SHA1 201f113d218add5855183aba124e94680ab8eb9f
SHA256 621f8d29b9f90a873486224de12afcf6feab418568417a16aba50c6b43b28462
SHA512 d894ee6ea147b612a248d364283dfe0be3e2a4bac051a60bba7c9059f64078cb119dea32bac98a9ddd4087fa04a752f149614af7757a059e7900564a826e2b49

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 75de857e1a812ce522dec6ad61abb53e
SHA1 318b6a3203751f32b621e289f99e0e2542ac3487
SHA256 5e13da9a58901328d2ddc1b96c76c4a58e3f76fbcc1f2d2eea9fb9969f25ebbf
SHA512 d6a97d8bd8b0b66fd2939abc2af9b53f35c45cf97e19235ddc535a0b64e1ae3d431439659c3a576dbd385730db67ea66e50a26308bd3d1d97d79189316b94125

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 886a6905806048b27c80d95d69c7876b
SHA1 126d09893715f2feedc937bc7c82248f6917f412
SHA256 fdcd1609981b9ea50215744bec010006cecb56758531cb0884be6feb1df80462
SHA512 fb17cd2382827900d223a079ba0d4c0295ef67e3cc7ee0b04e1bbdbf381ccfd7c9cb212c54c32c5329c8ace44130d86dca47c8a592c975f79e48eb8585750d51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 659c69d3b4495531097400a41bd72803
SHA1 4a250e429d700a321c2e92ae1339e3e57aef2e01
SHA256 737e4fae5494d85eef37ea3430bb7200ffe493508423662fcc18060daa0ae06a
SHA512 b13e1338a66f0c75975591bc85dfe8266549b60206e0879043f49fa94908c5d6c87095a9bd6b2c29a9bb64103d8f44733022f031d4a2292d6695fa58106660ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 0f25e9ae7693dcac68f70df214f0b832
SHA1 9948336ae2575e5017a88dd366b124338bfa38dc
SHA256 a3e80d6724cad3988c3a7af5a2dbf6a2987aa2ff12acd23502e22d0b537fb448
SHA512 099f2f3d1f77654a1943d6b4b5eb2178f7db9eec968806789aecebf889b608feb20d1cd27dc9743bb9daabf8433c89bb7a1d0d1e43d286b46e381a05958ef3d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 318c95f6a88af93627734cbe28d772d5
SHA1 63aa68272cfae46f13616790216b07449f8160d7
SHA256 b168020d44780d73b54b785b5f28dc3dd8d3740ae2c46b1ba0309be7888b5f11
SHA512 e0dba35c17e248d529c9f2c2fb9ac2744c9c3c041a429289d758c1cf88c8e418bb40deb02bc6ac36b5859d0f2c08072d468813ba757521367988a868f791cd95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 6fbacab6ab658d4bd4b7cf05246ee4ac
SHA1 3f18690a9c4d204180c2eb898b8ed17feabefb52
SHA256 4330e722b8bf45f9248622ca985f59547809bf5f44a787c6817c4107878c6046
SHA512 e8fbcd898270d03d29cb00951830f9242ec48dafb0f99097a87c02a8597886647ae80fccaf3c784f520c0a6683e04dc159eafdf8d2025fa0a8616f8287f5b89d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 09767280c6be3cc0d640642a9f57c02f
SHA1 dc745b23570a9712a60402d65ebda5a3abf78d5f
SHA256 48340432df3c3b62dbd1696fea8cf2eeae72e83db7a714442789533bd1860913
SHA512 31992846615c665a5a3d16d3b7a829cbb61fa60e8d5503d5617d65755c80e1e8ade32068d810636484d949bf2a51a7a0d78e0ce8daff8d11a290ba01e87dee5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 ca88210f142c0a0f6ffba766e7ef49d0
SHA1 a7c1d37ca54ed1910b1b5e8ba15326de25ddf4a4
SHA256 2bc9ec061b7883b69f164a16f0f9d19b25dabdd4d59360142a829b24f935b700
SHA512 1caca302e0fc016e19f9e47589745f8dc4347d0a9cb6bb4e98db360481861376af2b08e15ac1c12792445630edb6928c0b820be83eb22efe39b41d978718f28d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 5a5c67772d44eca9ecb08e0ead7570af
SHA1 93ffda7f3ac636f88f7a453ba8c536fafc2d858b
SHA256 eef62541016d82bd804928b0fe0123d9ddbc20c2f4c0198ce98ae3adbf9a9c7a
SHA512 14a649db943dc9a756e24a043c5a946ab0dda3cdecbffa090bb71996ca3a35ad674052895a496195799def768ea318ec4ce8b97e4f2350106c84a6c4f50affb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 92a1fa032d4e41ee8c2693e10872f580
SHA1 673ae4ce53d6923d82ad135f2a86294898a5dae7
SHA256 252a26c6b36600861e848d1711f73683f4e86b2f82334cf39b89065e8ffec5c5
SHA512 cd5bd38cc6e376a3ab884173f379e424cbc4016a91c1b7178629ac799d0528156e227047e7425941658a25d19f935b3c585b2af15dd87a7a0cf438262d40470d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f86596c4db31545884c61a413fa22e33
SHA1 0712811596d5962ec4c0a76377be4bf74fcb9d27
SHA256 e565a362199905b1392df97be6893b8a6d7af05a990883131a78c4fc0c3f8c3b
SHA512 84dcbed053bcecce54928a5266b5f66e2c3e5cce0cae9f56761d366eea077b43255b67cd5aed6672c7cd51242750b7337f6349f01f1f801f96a0afa05531f718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 9dc4649fa16988ec78278b9c920f1755
SHA1 39deaa15c46963f39f7495fc3071b8fe73aeac0b
SHA256 7b8f0c37f1c3a657d5aef5d898406bdc1abb324e93dde0a60864f63f298df48d
SHA512 f387f1a16c1c3299c5e7d55897ffd561d55203477a72df2251cd8f7ddd7b5180337f6f34ff7d8d208e7cba0f22a414c72f5e3cf04ce1accd39cb80e2cb2854c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\A3977135D9AB2D3ED3338BDF11E1A80A48EDA0CC

MD5 59eaebfed37518eaef7f4e2f255b137b
SHA1 d76032a2fe54e67235b2e0e4a01203020439202b
SHA256 b6bcfab5341e2191c707b1057af56d2a01871387f0bec34b70a208bf41db0100
SHA512 6e633e4513230e78a8317450082b08d6d37d338575a94eb81452d63d8fa1f4bed9206bdb487287166d2be73a534663861a3a24d479fc27a0db2f65a6548acc62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 db8781d7b824ea71ced5faa21521d5ee
SHA1 fcf164a0d7a30887d6a394663872c85873e0fd1e
SHA256 b52c5f9ccbeba0b0198a258748852a6d82c5fc602b6524a4d5c22902f65fad7d
SHA512 171ad5bc57c9979b9d755c611a0520c350dae74986655fda42819abbd0dff3654757ef441d8df2b732e9311e6fd220979dbe953c71338d37b3237fc7abc29927

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae7fb827431eeb79b2f5c58dd490cfcb
SHA1 250a0d54832040b88bccc59dde1dc7318fa08bdb
SHA256 72edbe87a6c3588cdddee4dcdae5a883418b404c283c9f8704987dced1d5d5a5
SHA512 3ca886585d46c5cd825fb32d5a9bab47910aa5d9cc2134b2396bc264d2fcb8eaa3f49d23c36e3666a24e2b9cf63317ed90dbda1f62d0156333e2c07cb168efbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e664066e3aa135f185ed1c194b9fa1f8
SHA1 358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA256 86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA512 58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 a10ee24a1ae7802b3f2663f8832206e3
SHA1 33c313822b61aed7fdc216a61551f1a0511e5428
SHA256 2fd85b4910fefdfd20958ae40bb95b27e97c18d22baf6e1a9d5cf4eda6c2cd74
SHA512 0eeaa72caae875888ab71e30529091df4de86ccc1ce0ac3160e3a7624a5ab643b5cec27f1f120d1c7c9c4fff7b097eb93fc1807eaaa0a2159d74cb410d8e4f56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74ecdf7ce478d3d6d363fa229e0de505
SHA1 6b0c4f6573d4278617a722284ecff60d05c59e96
SHA256 9f2e8036ef69c0ebfa2506e1e60b69904476d90579bfa8b31a0004d68f8053d6
SHA512 367d8172bb5cf8a82709fe01c7f3efb075dbfa1c731a9510fc5a547868f4b7bea71b445a0e7eb454444c859295b3e5ccf418f6a13e5e9f812f4ef56a802ff93d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4ea9a175c417f4d54509324be9d7235a
SHA1 d73f143c396abf90262651c719199d7a2544db10
SHA256 5106107d186e064b0dd0595531395174a33fec6bb27dc94f77af9cc87647eee8
SHA512 b7b54f95923ad2e7de72d2c15b39a24289966d20f61c6debff99559f71c1a7e0a87e7ab7d2fba1090f47e6a92306d8ed889941d3fc585069c335a1ec8a570d2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 8b19ea5b581aec448ebadc45d34405b8
SHA1 ba6e7e34c59112c59834d8cae1585dbd5507a4d0
SHA256 9cad18aee33f869eab1234a9baac4bea70750f7d085da9fbdf4cca86e7708a82
SHA512 69636a775aa9d12886f0595786781b847d04fb06628da1dbc076455129b0c56dfe7400b486f6cb2c89cdaecc844f158e8360d423a0fe13ec272470e559e7228d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 54a59b1750585f19e9fc657c29d863d9
SHA1 14d9006f4f3a97716b11056146d4d8c77c3596d3
SHA256 3ede124922697dd836943eeddd77fd1c12a45214a781489e68b149b98e29df62
SHA512 dcb72d59195a5e8fb47be0c9bdfcf2dd2882f6cf8db4991fa4242222b5f5755b8172f76e97c2706b4c30d19a753baace708e56d5bd34b802cd54d7a8f773e16b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 59f025c8752dc0cf314f2b9c1d26a383
SHA1 b7d7a4bfae1a75949b36c1f304508eace461e936
SHA256 47f797f2953813a004986142887ec39d909f9c4d400ced2c4a5dfb28c9d4a135
SHA512 317b6761310ed3358e88dcb29fd83e2e4bbd268cac08d1d8bc7fd59000d4c7a6cc836aada9eee8298421d1e5ffae5a1d4fa8435dbb6ddd03cc7563f550fbd94c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 2c09460675a81f993ab39040090c0f89
SHA1 04b66c275abe212c4f06415b6f31f904f2755b96
SHA256 719ba248935e887c1851f1aac3cb14addbde3d9d753ff7413b790656d185b68b
SHA512 80bbed62dde49afcd16d0a12bda10e97b5f38ef670440ab6403480d60b43c66064ff4a7a5c7cc1a43378467f5c1619b7a0cbf3f096b680e03195f920c7a730e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 fcd660130e5be002c938b2c0f759ebd3
SHA1 d4a04536db32b44d933ce6aa95537eedd4e04c8c
SHA256 ab38030f5530d8dddc3da7e9e87d96db9a03fc8655888c15d767588f48b1362c
SHA512 a805fdd6476cfda5849b9beded9deb2a352d4d223fabcac700adcba7226beb2410e9506c78d9e5d44a92f79388aac982f3ba2ae6112e88108dc9f46ad5cf02aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 5745b838ab245b63fff1eb2f1d993f92
SHA1 912e56a991d24a2fccd18b7c21bd1cc9c410c904
SHA256 1fb1738724cfd431a6838c2db1966ab39c2c7da7571d643637521552a4c7ee9a
SHA512 e10245a2d930ea82b73a47454c66022e25fd7dccf55e6929c2310b8515d8faa78090ecc5d5a4fa8ca62185f4dcecfe81f2d99c6ff4bb6b2db6b73e4f239bf325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 f419c846654d3adedb7209c346c1d6aa
SHA1 25496795bafbe90f8ac93cb16f14589f7386277e
SHA256 14f579268a6a4e96da5b92f0ac0b1dc941958fa4698257dd0f0c16d907cfc9ab
SHA512 56337d7b080b41b542778acf6d34b3da13a48b9f5041c7424e15f215314df9a02d15327ed4967ed584d0babf05c6c338350f86144041988493f38938bd151fe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 a78eedec14850de06d8ecf4e5f83af14
SHA1 67d57250d37068018094818bb099e30bf9ddd653
SHA256 e37563793380f93d15f6bcf3a5f3f3cedade06b9e8c3a147fef8e278c9ffe550
SHA512 9b6ef75f70b1a450524d98e17e56c2924aa67e0a6e9a57c810e8e25aad17a85a6e3c27d5ada7b57e91c6779f95403ca21ccee3c5494a9bdec1b28c8eee405371

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d5e6a84bfe02040572e2126dbc747791
SHA1 36aa6fd1262ab0c85e5bbb04c1217e6f94b7976d
SHA256 0aea74821ededc0576919b2b8038218327373777e37a3d22cd84a1dfa314d468
SHA512 8d272ee1d6384e1dd9bf62153cc3c54ce8a447c9d20bed45738f1e176dca45709d8642c9ff7e6ea7af9ce4a68109a10eaa27ce33433da98a67d67da28dd90e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 fb738a583cf1855b5c7150a5facf0007
SHA1 19c4877c4902db2da5d95f779bb1861946816556
SHA256 31967e4ac397c1dbe0b2f82f54b3e60aff16ed57c29570f59481792b2ddd7c6b
SHA512 2748b1545d84efbc26272f117ceee03926bedb12998d1c3ea1036d96c5d1945d3f03e15b63a4ed96a1393201c6d6c01fca1523c5a74645b9c85250148fc27243

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 481d0e9bd72e947acde0d25e800e07fb
SHA1 73e6eb2bea32d96be96ca0fd9d44aaa0a9096246
SHA256 3a82a8aea7bb51ed8da01330d412cf3d1ce87d715360aa5fb57e93fbcea88170
SHA512 bce401c37e86248f3fcf675fb1dcefb2b350b16b86d2918445a62d376a0f3b2c54b8078e874ef209309e6c1c823b8519017ae7e914200bd96a39ea2c2389775b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 fa73ca97d3955fcb5bede9b92106efed
SHA1 d91c89456c75216e8d947074e1060f65984c7256
SHA256 c4c8a0d26a9047aacbe16b1bb517b706a1880ed80bb7453c4e13fe8f1098a9ac
SHA512 db1618d074c7802d6221161fdf424f8c206998c0699477de11ea15770533fd9e7ab48220e0406c6f15156a80b942e16f11c2878350f71279c12a4a2ff055368c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\DE806E1808612DF10576B6E06F58BD67F29D9FBF

MD5 c98c3998df368c0a39d0158bd91c7140
SHA1 6074246e55a7e2b4e52143416adbde50993393a3
SHA256 3ee6fd02a7f776c3478ae24749af55c8ad05e7d5f007e320ca5c689c3a1144c1
SHA512 043cced221da8e6d73259c147985f6dfd7c344faea43e18e7b66486485454fd89ce110cd10e3331243a39d12612a261d162da7d3ad85fec5e675abafa99f63f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 78ce549b8d64efda33cbaa5a46cb936b
SHA1 e6c31106d79831cfb19cfe7428fd2a55a74e61ba
SHA256 0d01246a0a1d7784fb185d9e359fc23297147fc12797def181e80c7d09e0cea5
SHA512 eff856aa4b2283de9c23f9aff58237dda7afe3eb088326c938db962442ef387d0f8cdde713ab17284c52a65faecf272122a561fb59676b872e073c1b0fb9aed6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 a261d489fd63782c64ebe51dc9d23c2d
SHA1 034bfee585fe3e166dd34f8a96676d6bd97ff078
SHA256 55ea77d14548d9749edf0730aa8f8bbd398d7182d40bcdcb4682003168a0a7eb
SHA512 65e79f559f4acd87da26d41df09023f5d1405440e70306e9a85af6a129787c3a31a7f69989f8558ac6afa6b8d0b108349b2bcceb58365aac2a96c2ec2bc95361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\91327050A5D76DEDF98ADB9E359869511B7AF892

MD5 c4f210f8db9757d35070f5caab268ea6
SHA1 4c73528b28ea884bee05f7b40cbab52c0c16cb61
SHA256 b439d9868b4437165395a440567d396440481160cf0c208788501a2968b29b1c
SHA512 7c917070017b5e5ec0305022be22c1900813e530a1a71e03982584797d4157b76cf0a4e772dc8338ed02afddc922299529b4b9af6228a3cc3540731e218b89bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\1445F77B0EC9E1240A7B6CB742565EECCE6202A8

MD5 8c7656be78fe4fc8e627f2567ac09232
SHA1 109790ea549d29f41ac022311f441c9af3ee4960
SHA256 26675eb28714c87de5c71291df323baea851b7cc9875862b8ce50dd181e18aa3
SHA512 8499a26aa06c96d71b9baf6750a64bde7964703762ce295feb25fbf75e89589929b6a9a20296a6391fa29bd04253fdd1f16a974c284f71f544e3b20261be3bcb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 457e4f3a9a7b611d1c0d27fa87e0042b
SHA1 221bd32a0fa1ebbae2b57cb504f848dba0899dc5
SHA256 12736806fa2b3969575b8f9e8e89fc16fbeff5ccb52374073fcbcc194a0b9975
SHA512 c2c9e6542f5dd6c8ba1a9916dd619f982af8522b3aec81e0a8514d74b6e8a5bc3e0e9ce749d177501d66fd34b98c9611b5e145562ceb481cbdf99a6ede7681d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3afcd89939dc83e6b56ac60a9910428e
SHA1 c6a8cbf527ff9e5a38c20ff1b1c9f9fdbdb47db6
SHA256 b250b1ad719951052abcaf8314fb201567d701c69f1b8cb7d60a82a466318ae7
SHA512 9a92371fa52a526b226430fc78b200b53a74a4067e4b7901524f74a3b9c556d19fa0d80e0aa6248a275387ce70e63d6619266d0c268e3390543fa529a9b92beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 587d7be9e92b0860f5749ed29fee9af6
SHA1 dc9cf58037efbc6cc225d44348202db80937b356
SHA256 03ca5fbfd5d63e07f61780a1ebfd1add1b7699dea25b2e58def5f72a829204d0
SHA512 68fb0aa19128183acc27bf860b67e542148734c076e40ee7ce2d2952adce519129831d02e1121b20f0f36b4a82d2efadd53a6acf6767416963433ae45ab99a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5799cf.TMP

MD5 797824fbeb48f775b96a23de8c48dc79
SHA1 9dba6e27c8dca837bb62a580ff8e8928f760b461
SHA256 a52bab2e4dac8a2247999b56dec0d42c1599769940ec405f743e93d95177fa62
SHA512 dabcf6f376ce477444d90f5a28115eef87de186eef8b5c10b241e405cf0acb5c82132d03d64f2d467f150e3359d1fb2b4bc16a397dff3384ab7d2ed012388733

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a31f0ba71586fdb79088553f79591d0
SHA1 48ec6171ebb54e666a10963aacfd038e53cea188
SHA256 0774babbdf88b71ffa31b3d1a46b204eee16313fe3cb40c4b336cdc31d080585
SHA512 aee6e80eecbf326d58d671c52cccace234520b6bbcb4a8bd6f92cb5853f6bd3294855a2948adf692be75b3bdf324ba89ffac7dcd32cf744c45c288c2bb1f7c99

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 e913068c7e6a7784a3917bdad74a8f56
SHA1 7d1de97049a5bef505133d6e75f111119fd786f9
SHA256 7e5b778a96b6675bd323b27b96e1c5b4d2673fe6520fdae5942045ad113f5776
SHA512 c08ab9fc9d67f692ed84a9c8d5601d938984380034c9210ba631e65d387451c1e2d0258a23aeb398b87a2a570bbeab33ff52f2079dbe20ac5d1cac87fc9e2520

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 619b2a2166f74d93ccf434fcc1dbd235
SHA1 3db1458b964e5bbe501e2d2140fc892439433bc6
SHA256 a3f8df4ff4c0da35802a00995e3037cf08bf83b50b40f0acd552f03a8673a341
SHA512 271db0b317a0b8f6d0afe2ab48af0a85a3a6d1a2df7d5f83861f5877011b63576c8f09cfa672d1b9d8b7814e96bc4bfdc7957a54dd57bf04d5f03d09e2cbc267

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9ffb5826dbe5f021266f12747292b7af
SHA1 88cb282aae1587354b1772fc14a1d0345599158c
SHA256 ecb004a35d995e55e45dc509744cfb9603d119db4defd8527210ec2eb7400ca5
SHA512 04ecbdb9b18bec55b79864ccf972c7d05f143ff9155caaf00621141d5562ec8dd4bb5ecf051248fa455044c957a0b8f40d8f5ff6378a8e7b03f37fa6d2404d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21f9e24c691098e3f001da1f9fd03caa
SHA1 06dafa27371f1277dd83ce009990f543157db170
SHA256 35b3878a0d2af751b92dab588929f9bfb217a32d1e2e0fd8ef77c7f8816f2703
SHA512 7faf6b778ab1c0a51acfa8268d84bcca643aeadfada400b2e8b51dc944474cacaa7d4a453283c4526d29c437deeb55c264df4edc3d3209b63d6a96c7c6202977

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b9de8be88fb659d5e76e142178a61c1
SHA1 c86c63e48df6a57723b9c298c6d265a958a277aa
SHA256 a4f84ddc2e1602756e223453cdeabac08cb179ae5556ffb7d37e34302c0e58d9
SHA512 df672bae8e935590dd2dca8e305ccda7bc4ec162f1f0abf93a18d020ec81ae911e22f146b45c1d157de7f8fc151e300f0d6bdbb3d4639b6219ea9fdb1ca6ce5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3105f73ffecaed7784dfe8e15873c735
SHA1 c6d723a69589523ed529b1043a24fcff367e13ba
SHA256 14c4d9f10fe5968dc351d5d538547ae9a9afefcffc5f22c98f01685e52b5edb3
SHA512 e5e9f9c7f84fe977c0c8b914b00534ea65d14ad6d4172431748ffdbada34ce13c253ac621dc43c62229a224f6a302c3c59bd915fe405ed70bf04e36a353cd378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a806c576d03fddadf6c9f926db0ca31
SHA1 af4cfc2fbdbec862256fe3d9257eeb94eb716893
SHA256 35a5716acd4175795389cf29eb3427b0bf6a2c3843645fd10fb4acf0e5622f66
SHA512 07eb6b63421c2eb4d226ccbc457e0159e6817d029e707a81505b9fcec0e5eef4520b2d08d3881192bbda4da9a32a260615089463de3c1c24f0462ef115f3cdf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 14a8e84b4e5de34f730b7560ee38aa32
SHA1 022c37b345f9efd40586728d1e67d0467d01f868
SHA256 b9797b1f247ebda1fac39bd615735d91a03f9ed8f7c2244fde4a575945f5fdf4
SHA512 1626414a38a125dfa7b4b5054a8aeb218191d53d8e838dab48529f48010613192c587715953ba6d9671a0ba421f10fff24202377f75c6f5913aaeb6c8d45682b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b33b2006499ea5345036ec36dbc100b5
SHA1 8bcf7366c0bf0f76f9d555e96aa8d18e8b275815
SHA256 10a09bb07a06679a8167f6c1a6c40caa0f25a2cc617987e442004f2064021c94
SHA512 d899743281d99bca87de211880113d71d8994059fe98acf5f0e285836e0677962aa73a1edd020f9dadc614543d4ee293cbc8e17d22a0e32b380102b1adf7d2c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1dc603a2b9b1cc2bc7d6f4e6f18262f
SHA1 5de6b507d1aef7f6d120f7cecc0164e736aefe69
SHA256 229a7d98307d80cd8f907ede04d836bdbe6e4e9980988eecd3693651618de8b9
SHA512 fd37bdad1d868b487c927cf66b4c67cac239006358d5cac05dd02b5a36bad76c73b308e832ab1e0edaed041de49a8ccd1a3c4ae2917c4d496edbc9995a8f576a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b6ed87b34da24effe9672f4157dee54f
SHA1 c1852997e9ff71b952b33a095d5e17e98a9d241b
SHA256 9101cc3ed5d11d3739b3cdea6e24dbbd8ce5907fc9051515a4354f515a86f239
SHA512 78bbb6650c3218b5f3256769e9fcde083704eea7331ff3bda83b4ff8a2fb0747433ef046f1064d14157a768c42324c13c738445867b4b1415443f4cebda99fe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c82dc49a66f49c55bbbca2d5a426b90a
SHA1 966eb352e5eb0e656abb44d6d155cbfcc0e2c074
SHA256 1b751b4c38a8396925aa5261320f519c9402142e5cb71a5d59eaa1a9d55f1513
SHA512 ee4c433f4a9b8c5d7d0963ae7cd3b4118040b2e3dd6c53b7160c6551778349330ae25a95c8468ea860964e44c49262efbcee6fb03e695c31cedc9b441a4db089