Malware Analysis Report

2024-11-16 15:52

Sample ID 240206-js9mjadaan
Target 5f331c660626b947f098a263754d22ae.exe
SHA256 e028b69c412d25e690a2a2bed4d6988496ac6bf11f7521c5956182e6c57a3899
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e028b69c412d25e690a2a2bed4d6988496ac6bf11f7521c5956182e6c57a3899

Threat Level: Known bad

The file 5f331c660626b947f098a263754d22ae.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks processor information in registry

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 07:57

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 07:57

Reported

2024-02-06 07:59

Platform

win7-20231129-en

Max time kernel

80s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0ed7f28d258da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d780000000002000000000010660000000100002000000007e5be70650fedc5a9da247c3d470c17ff706fa3d7c218d6d85f8263a24215d3000000000e80000000020000200000003e1c804b7c0516065289366e9f747a28a880f79aeb0fb4cf9244129e6a76093390000000b9d01fe2de1cb786c769d096ef26aeac3c56f4b8b5f18dd31bc498448204c094c71f7db40dcde688ae8c38858f79009f4a578750a631dd1659e6d9001123bf8555546ac08e8a97f0ba0744f3751cf0fe4190d7dd7f95f564dc529eb22b309b750fb48700055066b685b4a5203d419b8e2fb3a8acf5e7a01d6c099314929d8c6c435fd0ec1c0d98a40735b39edbaea45e400000003255aa72656ba27ff2bb19583eafdb0a6cfdebd02335f4c78a057de9df429073fc4303969d661202a2afbdffcde9c0eaa8ef9ced829884e696b8dd3f3d0faf71 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52E8D4C1-C4C5-11EE-BEA9-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52E8ADB1-C4C5-11EE-BEA9-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413368094" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52E886A1-C4C5-11EE-BEA9-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d780000000002000000000010660000000100002000000031f25eb80dedb286d67ab4c56ed8fe26c0d524f2f7ff801045bcb79eaa964470000000000e80000000020000200000001071e7b4ba69a6ad6420f394f168f947adef3b4a604d108b666f27da42b0e31420000000cad8bd3afde99a209eb9dd0c5c3a7537fc4ec5f57f291c75e00700de9478550d400000000f59b2ec02c1bf17ff1e6e7f76391b44c8e1ae766e993e9f0c2495cc65d1cb4f960cc316a182eb0ce1bd8c5bf3aaa8df9d6e20e07054222d9072687c62c5fc1e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1540 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1540 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2196 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2548 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1960 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1960 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1960 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1960 wrote to memory of 2832 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2176 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2176 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2176 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2176 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1540 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2840 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2840 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2840 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 876 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 876 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 876 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1540 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 2644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1540 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2204 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2204 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe

"C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6df9758,0x7fef6df9768,0x7fef6df9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6df9758,0x7fef6df9768,0x7fef6df9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6df9758,0x7fef6df9768,0x7fef6df9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.0.1355806166\1860967604" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1216 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a02fdbbe-d956-4715-89ee-ce4f6446243a} 960 "\\.\pipe\gecko-crash-server-pipe.960" 1344 106f5a58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1312,i,15239898139894517118,7717063764257188547,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.1.635649365\522598962" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {887fb08d-b2b9-4b4a-a89e-3b6f25c8518e} 960 "\\.\pipe\gecko-crash-server-pipe.960" 1532 44cee58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1312,i,15239898139894517118,7717063764257188547,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1316,i,3669441186641442677,9535587719081832079,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1316,i,3669441186641442677,9535587719081832079,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2688 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2716 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.2.951032516\387050418" -childID 1 -isForBrowser -prefsHandle 1960 -prefMapHandle 1968 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25fdd52e-340f-48c8-8da0-acb73b42049b} 960 "\\.\pipe\gecko-crash-server-pipe.960" 1952 1b005f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.3.1445307154\9555730" -childID 2 -isForBrowser -prefsHandle 2812 -prefMapHandle 2808 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d518b1-dcbe-4a9f-b1fb-a717eda85be2} 960 "\\.\pipe\gecko-crash-server-pipe.960" 2824 e62b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3392 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3416 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.4.1147530142\107412390" -childID 3 -isForBrowser -prefsHandle 3528 -prefMapHandle 3532 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c34dbb1-604c-4c58-b28a-9c93da001e11} 960 "\\.\pipe\gecko-crash-server-pipe.960" 3772 1f22d858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.5.904859474\1752303849" -childID 4 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2803254a-95b4-4359-b5ee-807608abf85f} 960 "\\.\pipe\gecko-crash-server-pipe.960" 3856 1f2fb858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.6.356363696\127360454" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4044 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ec505a-2817-4b75-97f1-fd8da3553888} 960 "\\.\pipe\gecko-crash-server-pipe.960" 4032 1f5ce558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2436 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1428 --field-trial-handle=1372,i,17839542756493993398,2020577216051971518,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.7.975944524\887977565" -childID 6 -isForBrowser -prefsHandle 4376 -prefMapHandle 4372 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f8715ad-3b47-481b-8196-502d728e0c8b} 960 "\\.\pipe\gecko-crash-server-pipe.960" 4388 205ea858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.8.1739891020\1479749860" -childID 7 -isForBrowser -prefsHandle 4476 -prefMapHandle 4480 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edcfe510-a8ff-4908-be02-41e7f1a8608c} 960 "\\.\pipe\gecko-crash-server-pipe.960" 4464 22451258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.9.1678403412\550287602" -parentBuildID 20221007134813 -prefsHandle 4652 -prefMapHandle 4656 -prefsLen 26387 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04aa1541-c8db-48cf-9b57-7d475e31a084} 960 "\\.\pipe\gecko-crash-server-pipe.960" 4640 20f72b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.10.1567312013\254068945" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4816 -prefMapHandle 4812 -prefsLen 26387 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c80ec320-db76-4e7a-8b1f-a7c1eacd2f66} 960 "\\.\pipe\gecko-crash-server-pipe.960" 4828 e60758 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="960.11.1596954287\721280897" -childID 8 -isForBrowser -prefsHandle 4276 -prefMapHandle 4272 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {421157b4-b78f-4e3b-961e-7d28d88dcf83} 960 "\\.\pipe\gecko-crash-server-pipe.960" 5112 2072c158 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 92.123.128.142:80 www.bing.com tcp
GB 92.123.128.142:80 www.bing.com tcp
GB 92.123.128.132:80 www.bing.com tcp
GB 92.123.128.132:80 www.bing.com tcp
GB 92.123.128.191:80 www.bing.com tcp
GB 92.123.128.191:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.238.194.110:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 216.58.212.206:443 www.youtube.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 rr1---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.70:443 rr1---sn-5hne6nsr.googlevideo.com tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:50250 tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
N/A 127.0.0.1:50322 tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp

Files

memory/1540-0-0x0000000002850000-0x0000000002851000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{52E886A1-C4C5-11EE-BEA9-FE29290FA5F9}.dat

MD5 561beb4ebcce7f9dd7c50fc5895bc8c6
SHA1 c8fdb121da249a7a7dc742136382c456479847de
SHA256 0ac74a64dace17ef0a0f9bca18e301a0677e7e069eca812bcfea5391f16d8657
SHA512 622f66de73fa8ef156ca88a5b357c40402370be6763ec8c33b74f9fec44f94c4ebaddfa0f56716464099c5586a70ef52050b7bc5951904d1221f8b787703d0e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{52E8D4C1-C4C5-11EE-BEA9-FE29290FA5F9}.dat

MD5 5521a4e20fd248f924bf5c19b1f21d70
SHA1 d6dfb9d68ac5fd6434aa03d7f5bee7ef5c46bbda
SHA256 227aa78bf918e45afa492412fc2b2212f63e798da1630037b8b4cbbfadb90fff
SHA512 4951aa3015dea10e5f06730b2592a222cb1868cf6b3460d4535a069098619737237e247cfd0ad333828c21ad953289df8a445b2d097ea9a29ff65991dd31e09d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{52E886A1-C4C5-11EE-BEA9-FE29290FA5F9}.dat

MD5 cf4e1088ff3e11fa4f2393549d76e100
SHA1 6be08eff91b0260b1fae466e78849c7467ee8298
SHA256 210db78dea880031cd06ba94234645474310225fbb8bc012ad6d4c87c988b2d2
SHA512 f9e96621dc22e37df0925f68a90118db023a56387f037ea9935c8552413bacf3465cfee9fea07211bae4831645a08018c24a3f603bb1949c80ca59458882d88a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 38113387dc8ab6aa060577f1c59cd504
SHA1 aa1877a5e4da27cca60de4de37f843dfe150d87a
SHA256 cea28eff95b603b4fd3bb6293acf540522738bb009dda40424673b08f1f1525e
SHA512 7acfc8e7500e92aac2197252839b219aa6741c43665a6caab82bebddfd3202143fa865a8a70f2bbf82e69450f962c82944621b7bcdbd9e289ddfab082e999fa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\Local\Temp\Cab9F0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b024bd85af0315d100636381312b8f5
SHA1 a2eb174ccc9d9a2e04db48c049822ae6f2413deb
SHA256 ab40e90abeb80c13c89ab6a803fc53c2684183010ada5f1371cfd3f563bb9f8a
SHA512 ca951bbbeb62027d4840850f651c26eed70b2f46b8e20ded4b006e21b82aeadc98b6b6f84300bda4a05d346668c3087d75848d3b9d372d8a345b6bd5dc1373ac

C:\Users\Admin\AppData\Local\Temp\TarA4E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cada3154d5757d2b5101e7f53df956f
SHA1 fca1196d47ee2e3ba9453b51dbe89164b464a77e
SHA256 8bb97b19e63e62956172fd7e8d70c65c176387d84d83169ed59e9f581a92df00
SHA512 5fadcee470d718718912cf06da186f87bc49c69f22481e0ef41dd9528d707dfaff0558f33a8c26611b1afe3f24e009a85e867afea81813212581ea524c74bc9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce6ce9d238d198eadcb4ecd53005bef5
SHA1 882946fe1019f74c9dde404270212442303d0b7d
SHA256 15423f70223e2a2963c26cf53c4c984913e98b64949760d42d1d7a1c80044e76
SHA512 f7f0ae3cf72bfe3943a11ce8517efbfc0c6e49aeb2e30afc031df19fa8f8cb3365789235e588610e7ab3a3ea69f9c58e3d2e1dee5d60ed8c2b81c6cb47fc7a5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 75755edfaacb8a3ab4e6679fcf6acba6
SHA1 a5f55dcf4cb8bfc7201a25d47cc624222fba4478
SHA256 15972299f17ec04ec9e3a404037a2129d5f9be06031858082eb1c289c38fe9c9
SHA512 6fb844f4289f52f89a3f9255ec080b0a69fb2d376b4006181e13abd78eb12206c639f17ef8531907a165ffa6e2a6ab910e8bef84da06a5b5632240191d57b5f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 126754b60b6f0ce247869c4e50bb3bd4
SHA1 b1bdf7456ebdc6fd53d2500f559e61d61acde283
SHA256 9ac64a3967b32dd515aa586822810251a5f8829385b0b8f20a6519b879e583c6
SHA512 4d3902f477a80c0d5b566a3540c4ca898c38feb0be91c04006574d14fc84c2c164a6bece91b2045e206f26a7aa75eb92234040f291bc8c5167fe7d96fef1b7b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcae016f1c49d9ca2efb9d8114af8602
SHA1 94d119f8ab13b79a96446f8921e11e8c655b0e71
SHA256 969815f572d8d7acdcf7bd84645719541a759eb364a065c9936e5e36687fc0b4
SHA512 88c412cb5ba69a172b8f1745be9c551b24c55d53ebdd2df2004e2a498265a1561c6f12c63e717e454235cf36300a495177a47c8b868cfc603f21aca404511678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 80ad81e636534d6412e776ddcbb793f3
SHA1 a49d34f5dcdffa9568941e5ccf8263d2e2449124
SHA256 fbd608a7963a069fe01adce235bae422aeb20b3cbf2f0130393330b118510b10
SHA512 93e48b1d0940e842292ba257bffe4ff31ba124e33ea5a1b12c58f848c592adde8425ed606b4073582ba6b068c83b3438330db5603bedcc6b08d1513fc0e57ba0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0b63d315b1a6d763785d33e2b012991
SHA1 6d813b35f7750a138077fa4fd3fc7aeff05c89b5
SHA256 46d505297e9e4d9e7c53422ea4ef00f7428782e779bf5f8830d862c81f144c26
SHA512 6fef92b8b27348bed8b94220adc74173b1d7d1aa995d8404c32051c03fdd2fc4b946a31c60e3152ea17ec045f957d341f92e3bcd222a2662700b71aa83216d3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3e2c5eee2873875519252e2fd9c5f2ee
SHA1 1b606ee20f84a4861c7a880b9a29e1cb749d6e6b
SHA256 f08b6680eee4f004d055c42e0bff5aa8849be5929f11af76d69063e215244a55
SHA512 c845d51c13ac75af6d24ed07bcf569e2a6f286a5883688ecfa6c836d4fe828020f3f7accbde456d822cae2c70d1891074239c45be770fdb440f911f058a83c86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 998084889a6e06382218e1293c72f9af
SHA1 2ddf95cea94651ecab3e66f98b534bb5e0cc58e8
SHA256 a8b4634bb4e91e2fdd49f91a689e37d6f4cbdf359e02394437b9729acd490067
SHA512 ea5cc3e49b82fa04d51ac82c79f92efb60382ceabfcb3177780311ba3990e3e5bca21ae45dd1e6567b45822799456115a8589fdee7f431bbb4fd50a76c02f86a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 06eeeffb4e7335deb1974e39b4cbddc9
SHA1 3778c1263640c9ee4c1ac69b50e09da7d7102808
SHA256 4dd1375534702b951aa0ce20da26233a0259c1ffa217f65e47f072e23f926f12
SHA512 2d4c303f12c475b45f5812b315fd91507d81d5678df39bd88eb4fa9c996ec940aa2c8b155c97dfb43b2dcbc9052e3944eb9b9056cd5111c9e3b04a7b6f324fd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 33082e8ad263fda0b99c524aa4782d80
SHA1 57c8fa1f9b628f9c9e22bbb7e0f1c3c5678f8f3b
SHA256 c879b58ba8f0f4f1b9c99a10d75075a435fdb63926f2fc0df30dd8f989d89be3
SHA512 76d8cb3183dedf57dd1307e2d63a923d3ed9d9d2c0ec053af116a53387cab8c79474d00905f8218d5851491b5e664b1a5ea83ef99b8370570089dd88e5c3f719

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 79911c7613d182b9a8240702d6a82fab
SHA1 9b4471109318d5eaf0c5fc3778c8985ebaa74c41
SHA256 d9eff812a65f109a0ac1a1e26dc1de1029a340b41d81f870cac86f788334d05b
SHA512 8c6144958a246a52aed542610ef5e38b6f727c729d37dbb6e861365393e9495b096068a0f9ce21039e584ecd027248aaa4ee199f74e4dfb4096c3ce5b6e4ca57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5a765915a417e50e565f00648f0a896
SHA1 bb8f2adf3b6e3876e090099876c4d87ea6380c6f
SHA256 d7a16a1caf4292cd5b3a003e23b081860ac7e2dca468296d7786b80832cefa37
SHA512 9bba295740875e9a628bf3a417d65fa3e7c32ddaba85e47d5227da785b28fdfdbf3bc93f8a5626e474c918d669e555f6ec25b77c8bfff640aaf252e3abcc5ab5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aeb70fc5da22c70b34ef57dd7a37d13
SHA1 34622a73c6c0e18aa935c0134e7354b97bd8f206
SHA256 c8fcad40e194b5998fd019bd6f8658ccb9397ea27028d7224cfe610077bfa3ac
SHA512 456d7dd5c8beaa9e4eb900ff094dc6b69355e5804a1a45ef9c4b6ca29bf21bc39b999cfabcdef7b1281ce3998ba95ffd1abfe34c5aa49d4c3b95298ef9dd7dde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ab94c8c4e6b26d200695c2fa50e14910
SHA1 a24591da54a7ffc9666993a94de01528e81f7eee
SHA256 2447c6d8163a812e587e89813030a21539113b92a0f93a9135228ec68eb5a475
SHA512 4e65aa7d744a4201fee3ee5f84e59a69f2fa7bb97d7c04b1d90e6bbf643c534e0d5c937cb1053576486c7e071dd4ede9d7d40c9aeaf304893746371afaca6651

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 85aba89c53bb7c2a4f540128473bc3b1
SHA1 493feea8df0a909b5b0e0cdc04c86b193fc76f27
SHA256 98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1
SHA512 08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 29f47bc856996fd33a42af570dfde33a
SHA1 857ddd25ab812cbcfdeaa69197e11864fd056a20
SHA256 8da92c908f26641c9d8abdabb6b7056bf6511e2c7fb835f23857c75d06806963
SHA512 ba33aead33b20e94c1a448960d5b066900a578855144d8ed78fca2db2bfc5e94c6a6aaade285b17ec8f2e94d0c605812a4c764c5deb6c5f7e510db912b8335fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 f945c23845edb18716a949aeb065d514
SHA1 c755a2803796605e31e546d82cd7a2808dda7136
SHA256 880ce327d1140d682914f17188a4e5e23d338fa0a2beb2cf52d9463164fd6010
SHA512 3e43a25f8193ef2e19ba8837108d49cc9b244dfb7c180b15d73d263db48bd986cfc08a50f85b7e8ba63bc2b925faa466822a29a81dff5fbbd7d9c8707cf735eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CII0R08X\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 fdd5af78dd241613a5783a465bb82b6b
SHA1 926214784fc4456cfc0bc08a5b8e991e17c47a51
SHA256 352e616500c5bb67e63a4dcbd7ffd8ab3c74f513b1029cdfc50963fd6f9b9fd0
SHA512 fb811a7957bc36ee6b801ee83117062f730d204709e17b0bcf12b353e792910e22653b332a811c31883c478297fb633ef38f92948db4cc55b089abfb579a16d1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UPM75KZV.txt

MD5 607d48c188e1f6b644f46eecfb8a8c95
SHA1 b887b9d3a8d1685b44805db8398e3efa2b234232
SHA256 d12d8201ab79cd707e380bda489fe8f519c2fa2d1253e7afa8d2242fbaa274d1
SHA512 94882b9cdbf8e592d779c0d1927c71dfab9fb17265b9c812cfc214d2039a209cb4c76916f97406f03d45ca607250f97bace806519d027377360393397e370090

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7d10d6a2d05142b2f7de42728ab93a9d
SHA1 dd26f063d2bf4688cd996ea46ec9c79f9702483a
SHA256 a06c2f6ee0ae9af14551ac19e95835bf20b775d835b558529eb5979d474f0919
SHA512 74738a2f5fea62431113b09022d031000ee1ee3fd15d0c02dcce313c1f67d7c9176d13a715653d1fd23ed10c8c8fbdeccfe09bdd17511e3f92e218ba151e9139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bf97398912c3229be306f3263b42c625
SHA1 5cffe98223280e6b1c056dc205ed65ece05e33b9
SHA256 eb74f45a067a0c4da483e854e4f653d50e1de436f0605aa5c85c6c9b4fbf228f
SHA512 2b16e5677224d57de77dab156d9a4a45c41122a69ee1f02b5647f22d5654b2693210a96c99a49af6120136d0f144c11aceee6befe98f317d9ebdb31cd9e744b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2QZO110\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 3be12b1ef4e295fb2d956cf8bc641756
SHA1 979555cba99ff43d095b2814259c309fd7cf51d3
SHA256 dad30b9c8c3dd3056edfba732a951c64c57227dfb3f8fe20d754f24ccc79a603
SHA512 f54ad2dc4ff23d4b5af983e60ef446eb53f45dda0a6b10d513c4d187bf8055661c0e3f1bb3d5121350c2cfb2f003df5cd9c1a242287681fd58a38081f2d628df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CII0R08X\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 c86762e08370e1e4ab7635fd8d90687a
SHA1 d682c757b58142d581ff9a43c2c2bf09faa5979b
SHA256 abd1b42d1a67980f7ffa66bccb4d0eadc035a514409d4ee7176f3fcda7169f19
SHA512 187db94982612262edd8c5e7c5a6bbf2c5ddf6dc1d7561c31293cc5630f7b0ea274c38e7ace58fe54deb7255224d6e9c46a635cbf8d25d40e56fec30823b9a56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 757375630bca4779e359bba3e73da751
SHA1 25179c185ebe6d6b2cfb7d189f6deae9793e975c
SHA256 3264c70f7af1b80c7357b6e2ad8ad51a09ac0a973b25d477d38491d818ba20ab
SHA512 b8138c48a2a9d91e0e10bd8786e3c76fe2f397bd32592de104dbd06fb7bee982863d70f6e9415e14245e28ffb786ba59954687fcebbb65e53306f093040b39e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6826a2b17927348091066393cd3e55f3
SHA1 ef8c53596fe8bbc26e8e5df4e87434136f32633c
SHA256 6d8e359b5106329bd0c76d50954fe7073c7958c739d2274b141fb63cad95dc6e
SHA512 546baba6dfe740308474c3985ec4a9d21184bbd5e0013b7ce52656100d1e6b974d8501f8cf04c8f87d951f0b5cc767f4d23e104284893bf608dc5324f7a74fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a60b45ed7aabe25dc28923b4c25effe3
SHA1 9385fe20041793af492910e22d922eec9061ab91
SHA256 514e27118e1a62362f2930579678866ee3c37a4f6545be6060cf785d12fdb2a6
SHA512 2a800a2e62cf1e74617ea6fde48a43cacb0868112dce772d55daa06e745dbf27724177e32433a30d44735d551ef8aac805f125af0680121014efda2bf4683aa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83961b14425d96cca9fd9027ce35c840
SHA1 52ae0380bc81804d76811d219a2d8544b6618300
SHA256 a6895b97f912bc0f542f09a1a88e9962ba966fb2ac2d2f40f24f68acc14807f7
SHA512 47115f3746cf128842b9fd61ca3457047a68172e05e04fadf30f7a008b50f172b3dbcc88e464629a209f12870bef460b6d3dc9bd82123ab37ac278859657f3dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 739d29b5cda41975225121d58549bfc2
SHA1 405f2236f78db2d89e349986b90f6d808a5d420b
SHA256 b2cd37fb412bfed607a4176870efb5503b8ab9cbe3548dd1430bcc942292979a
SHA512 59a28fe47649f9bae4ed74590318248e5e84ad38cf5d998ec9fe6c19705f825dae7084dc6265e3e1ee625ebe632c968d867572702217fca82fc61ffd59d53132

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa0e5e22282d285e1c2fc5d4d9b5ac9f
SHA1 8d5a15a390ea5395cb939c0a1ebd180987c78326
SHA256 aa837ddc927dacb7f3d77ec8439af1ce36017f1920e2595d510c97fa6474811b
SHA512 79de206014b2bb8ea9aa097c9a474b3b81f0aa608b67257f3705e64e06550ffa457a879c0e79d3df28e94794b62fa5e1fc3d3957aeed379039de243c7294dde6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 750be487891f5f734e4947a9c17e3f16
SHA1 bdd73815979f90689a0ae049601b94bf7384eac5
SHA256 b0387e14dff4f172b0d9fb118cee2d8f1c16cd40215faa10b9b0264f3c675a08
SHA512 88bf81d75524f3d755d8390c3437ad9895d6bed5574ebe344264da3fb244aab19911e11e1f0e335cd7fb8cfa955576bee8f2d20a09fc729648d38c1cdd19ce11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd1676307b83b78f2dab5f34f0f9450
SHA1 fd07d59b47482c539ff0e07c5468cbdaa0cb1b86
SHA256 60ecb4b981a78d4aa367f797bb5a8d7ace4cfd8825861f3450bf94a41ed23c7d
SHA512 cb183c5900eb33088ae367fb258a50446159ec8cc688d4c0ff462f11e828a067a452a7f5c980ebd3382a502ab2a1566b036d7383fc311a357c7bf1230d5aca91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e58c3f5271fd06053e4be802fab9cf2
SHA1 0d77eec668f866dfd46389699a6703274af6990c
SHA256 b24a6a9176330248c70f5c361bbc349ff80ec9fca4d958e22878dadc1cf7ce30
SHA512 f30e02751efecffa7be988599d539478776ef11716664e66b5e332c5428c76ae52a6bfc5d765dca64ff9fba6fc959cf266659f7a11592a398bbe815a252ec9c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbdff892335c1714210b5caa3d67ab22
SHA1 43c73b6183b9325ab4fe5f5e0b814ba276ed8293
SHA256 6c9fe93e6c6a7adc3ee606e7f66a05b0d1ccd52669206e1cff1979441079e3e1
SHA512 ac556006fbc1cf2b428fee45caef331912e0b2b75d3dcb29afc9467b17372a35333947991a8e6b3eadfb1f4b1611370020fb0ab6a426e22f262e661f1c22872a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3E9OTGR\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/1540-971-0x0000000002850000-0x0000000002851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc224701d3988dd5549f5d4adbf10fe4
SHA1 bf7837f102c82b785f087208d907c86f3de96bb4
SHA256 ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21
SHA512 da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2840_UTJLPQXVKUTHXHSP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a5675a94-667c-46aa-ac94-dfe13511934b.tmp

MD5 3c0a69e176654bb1e35501973cd65e08
SHA1 eab91e1c3b51705422865f8cdd79d015c5762620
SHA256 25b4954d886595e2516a482bb0c9be5bc12ac9073596fc895057d35508b412fb
SHA512 df3288a83bf1b1aeb2c77935283b9185f3ce6d57d92fc1a111ea10c98518d49d6e0c69afc811f9b1add209058999a9caef1967ef42a13a02eb7ee1a0776800c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d7421eb1-6047-4717-b879-f913ecc21730.tmp

MD5 5165fadeee38876061faad980b7ba665
SHA1 941af9961815bfd309b3126c6b1c675d197e0ce4
SHA256 ad538ea1675b16d23344a08c0e296239509436f7320d1972de99347268dcb755
SHA512 f4a09c3afca915c194f1d042e632697e933e79b149db02b41a8c8af4e6dc197808d09227cd52e112cb0cfcb9bfb52733d88ea373582f2c4c9c1db32015b8a56b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 eddd314105dcf1bd3aa31c1543dc7d04
SHA1 4e41bd9379021481377ce142e16c3a0060dcdc5c
SHA256 5e4c614bb2c9ef930e9725615c0ceeda846b9d38e8c66235aedb77e5a1c5d6c2
SHA512 c47ed8e33fc7b81abf659f6bf6b6c3449447de7058fa05a4a0f81bfe4bcd95e9eb60c29910e6d73e4efa0a2b3ad80b7892d6417765e9d0c926b042f798959cbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 3c52b36007d68d22f0fd65955d15e6a6
SHA1 174003acc9da665059fa0c7ccbcd3ad76b3292e5
SHA256 1330dca94e8bb03d255665c3777d2e54668e99b41b5b3936d7f2bd85604b82a3
SHA512 b74e2b767d94397059cbb7803dffab51b9a76c429c7be0d34ffff338f3277c1869997169a053b9d63aecd059589d67913297c2e936d4fd21409ba4f84c6eb16e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\a67b4f30-f14d-4d67-bcd7-655d7f039149

MD5 4296d0f431dcfce6efa8c24238269d7b
SHA1 6901ff217b5b77ee1250148ec2cb0a3d55490412
SHA256 39abe911b2c7028745b153bace37b0254e57f6fe47d9788f547a07256031afd1
SHA512 788ee1af4a7097c1d0a2c26170a79a5b7a88d672852a322ad43d87a2f3b5325807d8a4e2f5ecb0bc5710e803874604ebc05d381d7be5a4e66926e43aeced1546

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\f32f95e1-8dcb-4fb5-b7d1-e49f79f8676c

MD5 0b1d718e144018308e4de788118ab93a
SHA1 e26f389f5fa1357c7db1927ade2361dc5ada4055
SHA256 84ba7fe0d038f9b38782dc8e453e1324073fbf9226656429735386269d4b2c00
SHA512 6f983b6855d40ab6080dd0b1b6385a8b6e43d735229e88754eb106712cb8180411e48b0667310b0523c7bb53a3edf66edc6eda9faf6b4d153703b283688cf93c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 cd1b16df74cde32f4e6e1ff9a27e8993
SHA1 e9acb4d1d95d5c0a2808fbb1a16a33424e87439b
SHA256 fc562a67f7bc7e164a083398ad0c4e97f178081bb6f5c2f1f8e2c0e7ddefa35f
SHA512 cef6cc4bfe606c8471531ea3446ee3454dabef19a457747adaa824b9c1e3991316733cd70f429ab2952f96cbe3d7ad4cadcfea516b5bf6fd081fd908475a1ccb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 aae4f91585badc5b363896208937ded6
SHA1 a5db3af0e87937bc85cc4a3237b160e8b2428a18
SHA256 b7c27029b84c5ba2f368c11a39f8eeff441d86a2539662d8990cd85f2d2946b8
SHA512 60c26c5cb669453c99e83aaa16c5d9bd10b2794dfda4bd1626095a25175a6883797c53d361f989007f244af83125b852ff90bd1e3a5a3de49138aa08a06bd0f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76819e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 da6c5cf432523894d79ce3f83d799df5
SHA1 18a457504d43582a4c030b44a1d9d49702a51f0a
SHA256 39d290bf6700b2e9f693b49f3a83977f160726fe4a92ac694120025dcdca26c0
SHA512 6d553ed258fb45a0528105859c34c62feb85fb515699abd39464c1dfe1bc65561e9c0b779da282dfa6f502a96d5946d61e1ea24990ed27f39038ae7ed14789cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e0670338ffe1685d04e0eac80a5ecf94
SHA1 044cfa374d6cb2a7fd358213cb53121bc3b5fd3b
SHA256 7fbe045620a1c74aae0be584177454926381940d6647b2c8a43f5686528377f3
SHA512 d193d54c0f4e19827d882ff01e87965fdefccea19082b090dd8a149cc83eef25657531dff4ac4060ece8a487b0301e86ea6545ea6650cd839c203b8d7dcba78b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\120\{4dd94372-0f35-4df7-821e-8e07ab1a2778}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\idb\3785531573yCt7-%iCt7-%r2e1sap4o.sqlite

MD5 97de2222bde177d3d0f53222f7810160
SHA1 39ac62290b4ae1b37660c71dda0affbab582071b
SHA256 ce92d90f915d2aae6337445b8f69d5520f5fb37d5f09dfd3c0b3532a54a792e3
SHA512 8a7de64297a206fa1fd9c66ed78879fe33023bd568f32f1b5ae756a3be7410fec4df6e24f334d01a790480cbe9d0d2ecd0b424102c8d1c95dfe9490439ae9e56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9c78e31d241b16eba9e1b7d00c4336ef
SHA1 7ff8df11ae876038b4a3c6c1c597892b647e0af3
SHA256 e991a1e297408a999d2d2556a43b22593da57f628fe30f16a6fddf2a86dc1845
SHA512 558b23ae53279e9457f0f9704fc4e86468865fcb1ce5e674a4b5ff0e02176e0fe9864dca6953bb5738fe55046d5b6389880afc213bd9eb4e5720ec708f4ca338

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 a9d96fc2ef7ded1b018b9d795d3ba027
SHA1 a7bad84249073d3a77c63aaf32c152e0ceb9a4c4
SHA256 a2466b685b067fe10a4b98291a0781a2d67bd5c50343df2cfe97b5cdc186443e
SHA512 1779bbc289924b7f9501a077507116c07a5236890fdd828d0ca1f1c2fd32b0b8f2a333943d39e60b76b570c1a48d595a501e89d101d4a5cc39389e0430899818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f3a870a08d5ecfbdbf20a5b06b3d90b
SHA1 887c0e28e232ca1085b117534827ac3be42041da
SHA256 8d70941961f815bc9923b87b8b24e19f50884df9f08be0f20c4349f9ae0718a8
SHA512 b178981bb1ba41ee377260b0fc0024dc1cb629c1f72319c085d6b78b05bce52df17461185a791ef3eafc53707da7b9d465ed960431b982fe63005168b2550517

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d1e497e41ccc6ab06c839b5d7a6bcd0
SHA1 a66f6c8568d753ab9443dc3084f816f1f8e2ef79
SHA256 7ab912b6436267aa6fa84bc877943cbb1317cb6dce734d2577ecf07e05c3bd5a
SHA512 20e47bf3b873114f3c630793a87e344db0629dab1fd9bab545d09abddff1bdbab4895545390099f87c436b11bad111cb9a30adbdd91ff7442049e9c9bf8c2ed6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a96108edc4c7fc8c49c98b0629dd659
SHA1 fc138028771b6d1feecbe2957c5ea18292db2512
SHA256 e18925472e39f6b89fd9f4fd674761c54bcd6e05d2859ee5ec0f2eafa2b23057
SHA512 22706c40fb2e8731c653c4e535c9e20a0ae84678aa5d3759bd6cf45cfc094abc919ec2c25e38e59f514a002ddacacae0013fd1aac3c03ee6ae584110c2caaafa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e846e86f657d810e98ef5075f6a13b0f
SHA1 d6774ef90ed326b2c2263d95f173f1beb8e40001
SHA256 b2e7b96d23771cde2d9cbd3e7c3aaf6b689dfe21b0634e17dbb3d84afcf1d7fa
SHA512 10f485b78bdf002cc3ab1fbc9080b88ca75ce1fcf07f41daf7a6ecb39ee39cdcf2ef208761225afcda9de76213f14ff643c31e7bee20b98082b11f29040909ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4332ed04081286a558afeca2806667b
SHA1 c8ba56516433bb8e513b06dbb10dc119d30374fc
SHA256 dfd528f524699cb52407c2de3847854da438c4bfe1a8d21aca89434fbc2faacc
SHA512 6d8a193d7dc53b788431d4f2edc6e15da2f83584e664c9b3bfa479db78edd863b86d439d3d7a27385393573428ed467b5ac5d0007243c84e8d76cd44c7e4af53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 596d0f79e88916798d7e690cb406a430
SHA1 2799c1a657ea620b09dfa95b30adbbb241951614
SHA256 a1827572815832c281406e125c0228a033675772480deddc3c3158e11efae7ef
SHA512 feaaf57ec9b5086b765e1fbdf13adae45a6f1068dae6db096a677b64c3d885593fb1a0b417f1fbaa85f814ad3b75e9a73eeb89a1bd37a98e806afe82e5958995

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b60c11f31c5f6a376f2ee18d47bbaf0
SHA1 6be1c452490b18321c813165a6c2582369f9c085
SHA256 4fbe5436c92a28905fb011bc3ccb9ce357b10c8cc24b4f59ac4b8a1e0f8e8a11
SHA512 644be35090f84db46732beb6e544f40fb4348daefaa6bb17bd60588b508c0e94c546ae86691ffb91f9af0ac607e709bd41d6374f729e32f6d751a00b982b59e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1604e77065d1aead505b2cbc4fbe098f
SHA1 878fdea526951fbe3f413f327f58d6a2fc8298dc
SHA256 09218ceaf7261f6748d7107e6505fd30a5bdccfcadbef4cb2cfb29749960cabd
SHA512 cad35acbbbcdd8ac0765b3acc5111cc3c2e97bd82003c08fac8a6fc0afe3387253016e8fe55887e4a48918bfc1b9c696052499c52e2322b56f6b6349546f71c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57a7344a9df8fae91d0c37c7687bdf7f
SHA1 7c3c8d870509b6eabf9b3bd1a5ac22d5a5788b7c
SHA256 360c2c054c0919afa96b8b62d51d64c66283eb21f4b3be7647e3a5ff74c5847d
SHA512 a66a9e1f266ecdc535ee3652ff9e870628bb0a21d9e3adba353bc81e5b4d953d18c7ad936f634578f8b4a0a91537c84f50b4c4e501d94781f03d565dce83c2dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b394d65f-1349-4d72-bd44-269ece5fe91c.tmp

MD5 7a6642a8a763379716b755dc9bd8a730
SHA1 70e984426bf7c7680d691ad9cc7c239bb07d61b1
SHA256 a4e6d5d2cf1a0188416342ec608529950d2dc44b8a67a97d4987a58108bc2f6a
SHA512 894966c57c192d8d5bb6c57d6fe8246e00c26ceba2c0ed36f72bd47a32f0f0fda76fe25cb8b4f0c72a3f42ec7010d35d5c8e2cc4276b8a427f385efbbccfd35f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 58c6af2b331b8db081aa906ff4181255
SHA1 69a3879c683696a71198fadcf6aeef895398732e
SHA256 296c8e8c3ca9ab2e1e4bb0dc9a5ab76aee51563b8ca38d26f2fac863748ffb54
SHA512 72527426f3fcccec3e1ed5bb4dbec038f39ea87e55e4cfaf8eca17310b62cd8e43226e3d66af4b08108212c6ddbf1458feb801ed90fd14e51b5ed74980526edd

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b8351ad001f762ea003d6e5dc33ec435
SHA1 a9055b382e5184cb3a41b3acd5d0d816df40b3a9
SHA256 d8af22032ec659cc41153e7d9902b79286734ba1b9c87c85e2e3d8062dd9b31f
SHA512 fa8754f16bcb59cfac4d063515c224bfd19069923764773b4090a383da6d481f68337247e29935ffbb030feaa47704196d9aa004df2634cb5f19f9c0f446d1c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55a4d08fddf033a6441c8d6fa846c6dd
SHA1 7f09b60b09aeec6772ef898c9f16ac1d92e58cf1
SHA256 08768ac742a1fc5f90de8a806ce9cd501d3af73b62bf7c538f30f27a3999b0c7
SHA512 907c1db7bfa5880f8b073df6765451593528f10e178121ebd0a17fb7046640213332244b5eb2e51e6e4316b9bf19ad84e5fcdccf5b52d716c163bea712ee6e39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e55cc358c6d09fbe2408d561ff65468f
SHA1 8d8b656ce172be4eee1b73564cb902297759e633
SHA256 7670b14d222c0cea8b7d03f1268f0dc11b51f05e8886b1d0d6bd81549b021e30
SHA512 908259ae1e63f4d810d424c4ea062d2a4dc0bb1563dbb57764fe3fbd28fcc6139c43a5a8786bc7a9d2734cdc106658e1086fab95ac436b365c64c3edd7dcda1c

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 07:57

Reported

2024-02-06 07:59

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{A0D2C4A0-3581-4BC7-81E3-2B1386FBED36} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4524 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1564 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1564 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1016 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1016 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 776 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2608 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2608 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 816 wrote to memory of 592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 816 wrote to memory of 592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4524 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4532 wrote to memory of 4888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4532 wrote to memory of 4888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4524 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4524 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1696 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1696 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4524 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4524 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4272 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4272 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4524 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2664 wrote to memory of 3012 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4524 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4656 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe

"C:\Users\Admin\AppData\Local\Temp\5f331c660626b947f098a263754d22ae.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffb63a446f8,0x7ffb63a44708,0x7ffb63a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb63a446f8,0x7ffb63a44708,0x7ffb63a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb63a446f8,0x7ffb63a44708,0x7ffb63a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb63a446f8,0x7ffb63a44708,0x7ffb63a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb63a446f8,0x7ffb63a44708,0x7ffb63a44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb63a446f8,0x7ffb63a44708,0x7ffb63a44718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb638e9758,0x7ffb638e9768,0x7ffb638e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb638e9758,0x7ffb638e9768,0x7ffb638e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb638e9758,0x7ffb638e9768,0x7ffb638e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5586235055748827515,15472511230896967908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5586235055748827515,15472511230896967908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.0.232567333\1723654513" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca8aa57c-b107-495c-8c48-26be8074acf9} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 1968 1e27f3d8058 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13799571770736192426,7975915844473890944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,5521218179970158231,16289651284867448537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13708811551511988276,10616699303251038128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15500722575210704569,8356795398509064263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.1.896546901\1838794480" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a646b5e-596a-47b8-adb3-5bd9a0814d0c} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 2428 1e27eb30158 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.2.1415133566\969124300" -childID 1 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c7bbdb-0966-4025-a062-2dd7e7babec1} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 3472 1e207343258 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,5437444760364447426,11962011364221162329,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1756 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3708 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.5.1863572096\517376880" -childID 4 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79890934-8400-4dc2-afa3-153c7eb3cafe} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 3852 1e207e3fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.4.138376232\592045170" -childID 3 -isForBrowser -prefsHandle 3212 -prefMapHandle 3196 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29fea8ee-7cb0-4c24-8e44-9713d090cc53} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 2892 1e207e3f358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.3.618271517\2088700337" -childID 2 -isForBrowser -prefsHandle 3120 -prefMapHandle 2928 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fff4f31-d91c-4f4a-83ea-3c09b7258b97} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 3044 1e207e3e758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2908 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2008,i,18126867469369965003,12753863953653030962,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=2008,i,18126867469369965003,12753863953653030962,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1888,i,5437444760364447426,11962011364221162329,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5048 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4888 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4e4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.6.1148276720\189641888" -childID 5 -isForBrowser -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e51429c0-691f-45aa-a23c-2d0977b6f90c} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 4784 1e209140d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.8.1373581465\1565735954" -childID 7 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad6572d-818f-4ae9-b555-358cbe670845} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 5668 1e209145b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.7.1250204761\1258160356" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5488 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020312ba-4795-4336-8415-97bb66221cbf} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 5472 1e209145558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.9.1701346948\640562221" -childID 8 -isForBrowser -prefsHandle 5952 -prefMapHandle 5948 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c380258f-3739-4ac3-b773-c4b3b87e2ef0} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 5960 1e209145e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.10.320395307\2131830362" -parentBuildID 20221007134813 -prefsHandle 6204 -prefMapHandle 6172 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae8a1ed7-10f5-489b-924b-433cb3fffd08} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 6232 1e20b194058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.11.382321827\924088134" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6396 -prefMapHandle 6400 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e70b8926-eda3-4105-ba3b-b7e82e501a07} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 6252 1e20b194958 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3012.12.807305849\72404678" -childID 9 -isForBrowser -prefsHandle 6500 -prefMapHandle 6644 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f64a8de-4999-4d56-a31b-6072f4048db1} 3012 "\\.\pipe\gecko-crash-server-pipe.3012" 6692 1e20b8ee258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2076235359579551003,6286278926776768781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2580 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 --field-trial-handle=2232,i,17798116000143995233,6192233096409887761,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:59379 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:55724 tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 rr1---sn-q4flrnlz.googlevideo.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 74.125.3.134:443 rr1---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.134:443 rr1---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-q4fl6nsd.googlevideo.com udp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 134.3.125.74.in-addr.arpa udp
US 74.125.3.134:443 rr1---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.134:443 rr1---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.134:443 rr1---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.134:443 rr1---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 8.8.8.8:53 170.3.125.74.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c62.gcp.gvt2.com udp
QA 34.18.10.222:443 e2c62.gcp.gvt2.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 222.10.18.34.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
CH 216.58.215.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 227.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 adaec72374ea25fc32520580ed8ba4bf
SHA1 1dfcff26826847706b81cdacc3d24ca8948c6064
SHA256 8dce1df4993505de28410317038a871653fdc84afe39e23e0209aba573c4dc92
SHA512 aa391f6dc2d98bb6f00cd2bd3acfc35b72549452e2bace02d3e9891bf519ee277948627abf34b59f3df061eb1cb03495f5a0a89df49f7372304e46a4031b5dd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f246cc2c0e84109806d24fcf52bd0672
SHA1 8725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA256 0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512 dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d953520eef04a7f704dfe97db53f6a7f
SHA1 55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39
SHA256 7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47
SHA512 630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\LOCAL\crashpad_4424_VZVSSJYZWIPPPJHY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28a771e321952639b2507fc3ac657650
SHA1 6951c5e1244cf2db56b077074c235e046aa09928
SHA256 3ddfb243b7458bca55e1af71b01d42032adb85a6e1311540c9482b0b75391401
SHA512 84f014620529a8cbb2e8b18882b94eff30a369450667bc0a05504c3373f9f66151d81a0008976d204da5ece2d53a5d2b342eaee0f581ca9ff9d582c537d0593e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb3353cd2b82a3ba06903173a1eda7e9
SHA1 ca2aea641359bd8265e7df28ae04bb18d56545a0
SHA256 3543b8ec2a0d12fd834c316e64e9d8694d1036f2b83fb9ba8e896165bce5b293
SHA512 7cfb221a420b59809ca20000b8acd120687416384226356e737cbe3b59db11e7303ce2d3f0f1f183fd6eddee15634ccab2bb98c256a5845ccff8c69feb793924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d39ec50b93f18aeba4b0f83bcbc7d730
SHA1 b75e50290e0d30d979c6c75305e0acebe26a02fe
SHA256 a2c8ea04fff9cc473fb9c80358da109f793ea2e85b215293d4532c00fe7ae0b0
SHA512 6aba42116711112195e678ff749805e1c70962b9cc2476a7099743deb4f8f6fc46f8f6b8d66d8ad537fcd2cbcefc3d11d9cedad6688510dd7213351768952fe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb87c578e796a68184fdc5589cc8c68b
SHA1 cd9b274aff99aca4a48c8a1a7af8e9ca3ea9c63b
SHA256 2b6537ff30e88a649189606097fb70df386e7ba54e5b812843077ca375c58bcb
SHA512 9ecb9f1a0ac34ebd88810a5950b0c8ad1464d02dd698a72456cd31fecb7e92b858e06336395202216564380094158b9f540b531f4a2e1e2cc5afed5178805cb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84c710ddeab8212f5961b3083b827b2b
SHA1 7ad722e0ad03baa09ba1804cf8287ea946a5cc17
SHA256 497cccdbe12a51065a6bbe7fecd5c55f0526109cfe436210f504ac32b3861e5e
SHA512 7d93cd0b518b8589c2fef5fcc309a7f7b2071f5683c5a065cb7857bff21e8e701504bb7158fd70cfbf9625cdd6746631c658b6365d45145cc98119695326230d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 950b70ef488c0a2b0e01f982fbd8fd20
SHA1 b2d46986c71f501a1ee614cfd1fcac9c384d1810
SHA256 dc6b53a919715c80aa5be02ac1f02c3284aa95a861108f6984bfa3eaf32c1b9c
SHA512 2a2c11d4b3bd15e2b07c09cfbaeea51ce4ff9907b7ce04afd60827853c1db8bad42dde503ab29b07e53408d60923f9e670e7ebdee4a1f34077e94e7bf1877ed5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5198f08a2434c48c53a2cf0da98e8344
SHA1 3101cb7e589d20d674e73e7899deef3de157fb0a
SHA256 91c1b851e55ff2a3b6eb60f694b8a174d8db00624274ac0e6099454b08c5a461
SHA512 eaf0fd4d8059ea7174aa4defa0e76a95786ca25108bcc38a303c307c41fa0447b63cfed1bde90c9f54f63407f41ffc09a05f74768e402346ffd19252ef64caf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 40a8fbcd62bfca037995bd97c6b4113c
SHA1 12eed40b3858fe37332faf87bda58bdada109ab1
SHA256 bdd76b6130122fbb03e5bc3a12240dd13b06d2c2ea48c40ca5d2651143cafde0
SHA512 5e65e71b25eb509645c7f53596ee6414eefbe9fd5f9ee61f3bd5950ee083d13c6e93a10b29e17c5cb8cbfc04dc953734a14bb363b062888dd907cdc07d07a1fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 46dd349bbef5fb3a4b177fcd12c01876
SHA1 1036035588024a4b9fa7622c2808acd1f48cf6d5
SHA256 c41857ad4664a4bff041f3f45cb7ed56d541ddd3f5ef821a96a3a2ceb781dd02
SHA512 bff7840f223867322ecb3e44c01f4cb7ecbf0998d89fbef2b132517b28ae6c65b2e4bb44b853f48130c79f5900bb29c00c3a5bbe833621ac7d820fa93a1c7349

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 08a928b88c544c40594aeef0fea886bc
SHA1 bf57c395dc7db604addbffa873f2e4b775afb884
SHA256 b1d205459ee1eb8be59cb2290f67fc1c040c6b744f116287fb68d75b0081ad55
SHA512 53d8ec75ce12b19251c012f5cf57e1939672c75c8d9a40d6b43101e34118b70e25dcd967a7b50f9aa080b902d16b250690a2447d365e24cddf7db1b5b029ba5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577261.TMP

MD5 7d145f7d548b229157b77e741281a2a8
SHA1 1553881909f4b7c881be44fa5bab9af9102ebc27
SHA256 fc5005dba896d19cb4c9b81423d1c9959d2b6ff7b50b2e5f7fcb0d14fc17a918
SHA512 a6e94ec0ab28f761567ea71e8b7f74f8c96ae37cf63dc7a7b3ce73835b3bcff426cc56edcee76b05dbe40709a6b64fb2ae77c3f281e1e8cdb4bd815b8c98e5df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\f62e6175-5de3-4212-8819-c438db6e4ead

MD5 3aeac0f91041204bf0a2e5b9d2d916c0
SHA1 da3e80caee77d3830d38a4bf21e5353207a4a3a1
SHA256 638e7ee0707ea6d740f7687feb862e6364d3813216f009e02b382171871fa57b
SHA512 15014d4136bc64ea832661df55d8975170e5309d12bd55473080eded9b8f44f11df702cf11b619c83b163f29af938ad213ebd49a90b13405e93d6546fb9b6228

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\a5ea522e-efb6-44d0-834b-95573cc275da

MD5 abf33ae1fef71151f3c14235010a32e1
SHA1 2e1f36a460ba95d1be5990f1425d27651089dd46
SHA256 51287025991318c226411de959f31e2da29c306581432cd63532904502774053
SHA512 b5fb0b735d5d039441d26f07733ea9136acac444b82e4f1705746a9d5dd7542b57ef50955f470e22a8bde6b00f488770709e8e19f41bd2d4680cefc457c75dd5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin

MD5 d6bf473815db424cdb4ce657de2cec02
SHA1 75346dd9fd3920db972e661f8e088b040f54cbd3
SHA256 174b23c2abb4b507672a393ef79d6fa337cec288aae9a3f9c5bf54e329c8440e
SHA512 66ff5098791a4ad9c1e31408a1c3bdb79df0dccdd8e34697da46235d49420295c42195f6214d3110773a77ae07758a913ea5d43a0322a45ff85d0fce419d3463

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9d3ae693c5705417954d29dff633e870
SHA1 087c0881babcf994ff10de56bec9706cb9efd108
SHA256 24c82c9a1ed44a6a2302c4f4bb785514d784119ea6ad846c041de1b12de1944a
SHA512 f98d9df4424ed14799b8afd4b9c65e1a43a4ab9cdfe56fc9356a6e3cf8c609bd80edeaaff3e2fac99192fc404d8576a2756f710e35c0d52a5f34690b704d7eb3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\007E769A3DD5DA78A4096C894CDE895E093E7A64

MD5 065868ca3430badc17d6a4b59a54af01
SHA1 245ace1434c662e85ac173cca534ff19314bdb2a
SHA256 d58567a7669053266b5d157468418e49bdf7e61ff5d1b1928da75fb7525f6a48
SHA512 4e01851d49592f1ac476b31125f34d07514a95dfb5b050fc9d1429b4c1b662930b9c08e695829a80e96140468012b2cfc416198d217ffd0a1899e69267d75339

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 95923e821bd6ff7f68325ca93a48b140
SHA1 e5e4ed7a887afd19525339a45aba0c9e33ce9ce7
SHA256 648a15e4faa6ca4e966855ee2547536c3682dfd3dd225b5bd79063338f35edd0
SHA512 8a16a7d5963f55020191c89c4731d6e5a024f9687026e6a5e0a4c55480bd90593673c100ac2b0d10d947aced49ceff27a8f60d60a5fa516912a997a227c148ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs.js

MD5 dcf473e7c07ee5b7cb9c9b7779d2486b
SHA1 467f8dd24ec87bb866e90bf90de30d460d1569f3
SHA256 4bc26a7865d668923040518839def023a75e6ec40687e6bd58bb78dfdbbb184e
SHA512 dffb215706c78bdbfd042c1597b2781f378cd437f6958bd61db131d3f450d9ab112ae552f38bcbb794b23d5b3d6988bad82ffe7f4cfd86ac8f8929f7997d77d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 feac88eabb9739151874fbd13d347c2c
SHA1 f7e7a9ba589c41928fa38b3deef15c98a2901f91
SHA256 45c058efdf4d4ee900cdc07fbf259f66947881196ddd28a461e2f88f275c2be5
SHA512 285af821901add41cbea34fc49541d43f3e60d4607eb5aa41fae50ccb2a4cf46d127503c2e32da26c98ba03fa2c17873b2c2cef0a03b0f9a7856a85330df6c40

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\178\{0989b3c2-ed51-4edf-a353-e97c8752bfb2}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\idb\4232557038yCt7-%iCt7-%r9ecsbp6o.sqlite

MD5 248bad8e67b8ec9193509c3f3afecd9d
SHA1 c465101aefbc43ce37d6c5588b934dca45cce68e
SHA256 5d642d732fb290474e154b6d38059969402e80029825be4665e4541b020b138c
SHA512 4487127d129c44cd3676cf7d3950cf25b106fcc5bf812ad42944841ccfe38af5db614b5456b6d1830da845f789199a77b85b1e9f25e528164518ba7cff9b5ee3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ec24b0d6ea3f85a2de8ab80ca0b078f
SHA1 bfc6c487e21dfd71b74b987ccedfbf0c6d7d7c08
SHA256 03dd03f181bac67b8d5422f478f5738e9836b5dcebaf198f6849f08334f95820
SHA512 e50825689bdc3700d30c9eb2e551ba2f11c5e00806927acd19d12c693672c1fbe831a65c1151184d03294b8bb55c5eece67dc95d4920cd73bc51d4bd15a369ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6e3055543f8fd6430d197995d517bd43
SHA1 029d508ba1f49b991911262a67b3ef6c4cc779b2
SHA256 5ae96c3b7e70023a35569e9078db2d9fd50b5204638fa7e496df9c925da209ea
SHA512 902f5223752507d21d0ed63292630eccc05f2900eaed160b756d7f610edb080d54d360508e4d06f259579a111fc8e5ec3fc33ab45a079dec55432f3019654cba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b24a4020fe1553a466765478aebe696
SHA1 64bac1ed83ccefe8f2d20c784cf73ace3d2e7cba
SHA256 123dd37d2971f4c44c6636d07d748f1805d6002cd6531c12808b84944cd1f356
SHA512 1663ebf53580b608244e4aa962e7582694799c2459326fdade9f53b0a2b3e0e72d904a2571a0243aafef6ccc454ce20227cf31104d7a0d1cb5c05a8008512a51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5e62a6848f50c5ca5f19380c1ea38156
SHA1 1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a
SHA256 23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488
SHA512 ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 c4cf8a85caa5ef5f44353ff41c277855
SHA1 08eb62fc8aec71452e7d7c67bb90efe43c42b11d
SHA256 26aa3e1b6e153963dd10c80b60cc8b75714cb6af1b81ab1db0d2dfa1ea3333ef
SHA512 71f1f81a76e950df1fb840514583ee5d33ee0778b1479c16e23993732405b5de45dbc6eb8a5189c2672bf3b663a2ef107e56801266d31ebfe87fe899943ec745

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e24db186c47aec2d86d9c777c9d45cf
SHA1 408d3dff329b9d2433b22aea4f14a9df2dff1c1e
SHA256 0d59aeb7618c790c7f3f47756c471da475657ba64baeb8d4210679c309f8b7f0
SHA512 934edc3164a27be91583bdf72b9323ca4f74229c56892dfb4b8da51b18f0cfe031013a40421349637e6d8f7ef651e24ac6a104535caa0e51c5b108ea15f0bcb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 09669771a406b60b62b161a198e46566
SHA1 59b8fd31bddaa4b535fe4c13768bca3dc023d3f0
SHA256 71ad351ad4c777c29f07da3a383b9f450f8fd390f18e6a23605d72d5c848786f
SHA512 f1391aa207abefbbf67465f0d65b01f0ec89ce5bc5e7907efd4077e24e1cd384b43c0a1bebb9360770f63eeefd9a3eec94c216f394ebc873597f9fa25d265dc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7597114e31db26e1c2a4d698c02a0f1c
SHA1 dd8c9bb9e5652a743715c63dc6eafe30cc3f90e9
SHA256 d0528f3c80ef563b4ef4e385df63c6418c2482bd1b2567ed5eff0c489c8f6352
SHA512 a65631fc73273c8f65534b69651bf4907eb904f9411e9e84fea46a912cb129076a76ef0e1355a50a7795f0dc4e170afe6db5216f192d060d46bfb377d297453c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 6a2d775d769277612a796454b727f404
SHA1 3180d339a289687eee1feca7e6cb6a08abb48340
SHA256 5dbdf64dab17a3b54845fb68a6246bd9b5f412eb4dc836156ee68799de06e77c
SHA512 a29d2b2cd0cf7f7bd92fe9e0f812e0f6ec83a5a295afd5e8dffbf3d0734f7befe02e1c80dcdd28ea7812bf274fda6ee580e2dea5f90f74996a6fba1269738a7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 b1375326603fe65cd42df7fed7ce5c45
SHA1 a7fc9a7c979e62a0bed17ae5e8da74738d3e25ba
SHA256 c9088547ff6883a0646b7ca0c27b0696524be01431ce0059c4ebe765d48dae06
SHA512 1a381b6193bd8380bdb81934bb0b5f75a514c5fb878ab70dd1f7ff5c5be397298d0ca4cbe1c65ca245074ee2052322f89487807b9f73f780851f3a074f74ced3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 5a5c67772d44eca9ecb08e0ead7570af
SHA1 93ffda7f3ac636f88f7a453ba8c536fafc2d858b
SHA256 eef62541016d82bd804928b0fe0123d9ddbc20c2f4c0198ce98ae3adbf9a9c7a
SHA512 14a649db943dc9a756e24a043c5a946ab0dda3cdecbffa090bb71996ca3a35ad674052895a496195799def768ea318ec4ce8b97e4f2350106c84a6c4f50affb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 631b72768ec07a3c998e456c7c0b2022
SHA1 6394f0029acb48560704cde46f8f4dab8a3eb050
SHA256 64cf1aed96d4ff5c5b849c4f011b2773680844c240ce2b3aaeb39bf2f0f56114
SHA512 5ac24cd9aacc465125e28eb810b1860a90fda57a8408abb07f22229f01b6dbfd8621e12dbb99a8d2bd001810109ec7cfeb8ff20a60ff4a485c885fed6597a05f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 3fa057a53f831ad6f787c01bdde50221
SHA1 a1fcdbaedf935bca14b366514cf7fee3e3f175a2
SHA256 efef42a7e15c6cdba8a3e03452281dbe161deb054dc90858abd0e54cc18c34b3
SHA512 6b2620574a789ad95a4e63ecdf3f76d84fd153cb664b8ac844054531b408d2d96785738efd74c1d761d5c10ced1be9ea4e9c1d019f18e2d991dcd54095cba635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 9301f37b626106a4aa736464b59c27b4
SHA1 afb984ca62b766e0ef01828e28aca626ed35fbdf
SHA256 b8857d6289bbc55987e0c7b7618518a5168b2428f42dcf22c5b37f25a6fd0f08
SHA512 2f0151678be23532d90500fe941e9886b1b0fad708fdf4234c047faf502aabef53e3bc6cdbaaa57799d272e7285ad5fe0105e1aa3d10d93e78ce3e3040cda756

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 dd5a72e9dbf061181916221786baffba
SHA1 8bdb0f974e3c0be5b48b86372b789e64dc39ab8b
SHA256 d2023b1931081aa85fb81b0d6c8d463d42630a3c71c3a15891cad374d30d0b6a
SHA512 ed5071ade26dcfd9a8dd37432367d81c1170739cf8028d241e40e657b95af17852b518aa214e544af08c48f32cdc1e52fcbfae777f8e4610c15172060835c84c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 8d857d4f4ec82a998fb460c7db6fa3db
SHA1 e95ebe68c85c2a63985e7e87476375b0827292e7
SHA256 b0cd02b34e8eea42cf44d15d7024b495440b62cb3d79282e01d4b2eca8bcc4a3
SHA512 e1921f2e1a68d686c8dceffa8e49e5625914fccd4e5c33d308e22743a111a165dbe33870000e276e3a4014ec36774a64372b8925215450c7411d78ec1eadc9f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 62ce5e754fa31ce29c260476ef7ac977
SHA1 ac1f81f1e37c0347bb9bda350427911c87132efd
SHA256 087773b73f5bf76fc4b4b6294f9ef7cbbe78f503580a4e8c58b53cf770ee0bf1
SHA512 47307b45d41589b39a23e9732e29b9810909b3edd56230afe48d451009a23c5f5b1bcf369df5588739acd303eacfedf83be8056b8f44dc3559aa3da92ad0be3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 4112c5384c58dee37a173b6d471c0477
SHA1 ce571e5606887b91effbcc88a218fb701d108c7d
SHA256 7d7c0d9dbeeed4faffba1f86bb9893901116965d6b2b0498f46d86b85da36047
SHA512 d279c4bbafa9ac1ff0ddc52d30ac4d4016d4825ba4c34847e6a57219f6e8eafa71c83a027aa934137040225889e8987094ed3c6aedc3c0dff9ae34862220ff59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 af1a6635af0143507791a5825842ee5b
SHA1 5f35b36ad4dcb73658c08d912d07f803ad04f975
SHA256 fdec3353a47c2a508976ff3076b3b63512050565f241f01dca18975eeb7475b8
SHA512 7f9bb2064e70486165e23d6833f9e94f5c0f89d0c738ac9b6e62185491f09cad2a1fd7eefdeca77786f777e4893b69f0f4c11b56acaafd09be0a8b0c72ebdaf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 a181868bbaabb08c6ddd19c99f18249e
SHA1 af2295f5c1031f7c63c052e94a7f58f85e528648
SHA256 232344db94b0b69f0af6ca74b3f533050af946411dbebb1ce3ad37766a65dfe7
SHA512 dc955dca9f3e10ea3ed97abbc98a1993f490ec6b09a75760143db4bc727524a46a0184e3307872216cf3c072384423f4f5779a709331e92dcba88e5443811325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 2df428c2ecdd16f6a6d2f9b1ba111038
SHA1 9ffd93ed134cf3e624140758df1e718751fe014c
SHA256 e5b8aa0cd8d6927fb90ae00d9e83ece2d8a24000572f84d6b7494d0169021dd3
SHA512 dfe8fb24846a5bc64c4dfb2a255b6c23ade2dda2230795402d4963025d711b95cce6821003caa8e4ec24ce1e2207736409d037d876631cf939ff9a985ded6ed5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 9f38f529d1f8c99908d1af906af082ca
SHA1 242d6a411b91a868f7dab4f8ea8b11c116104c07
SHA256 61ecc9000f3715df298747cd4e729b18676ee07bd44c573bfc1b92151f70b6fc
SHA512 782c8b1bbe572de566f0a3ee96a624e43809c08f544e17931f2daf90792913d2781fadedd1689a8298a89ac72120e14ea6c0d8f605d4f09cc65ff58b676c4c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 c24509b5c94bbc7938d432e43df80930
SHA1 7e3393ecf872fd9de12bcf982793e77f8014048a
SHA256 7e3e1f385dd12010d4ab92f2178202bccee67b0f1b598bc009cda801bc6b8a7e
SHA512 a6fa8443dd66f7fc89b50768e0811a73b3810bb92ddc5eadd077cb91a96e774df1e5eec33ba92fe559d6d2c91b32be986113386879d282f60cfcd5faa038c8a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0e7fe3c5aa81d1ce71532851b0b8221
SHA1 bb63e3219667e0348499b8dfcf30066dea32539c
SHA256 b44c24c62a122d673150027e2fee5b0a4872e8fd2fc1ff8ad10b1466620ac5da
SHA512 201777aef2fb68bba30828e0c667e1dfa82bfbc2fb007e5707152d29eea5288bd551b2ed66417110641ed17b4e4e7f02f26106b0191366213d980088f5f25e6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5a4.TMP

MD5 f825e71f79af3e3fc67d535f3a0fd328
SHA1 937804fd4930699d601249bd8414c87096240134
SHA256 2b90f47fe1374164fd0a2013a037193047e1d148445e2650a5521e2c09ffe48e
SHA512 255ebeeb06a8758d0fd4bdea044cf639b7753e206cae087d54c1c5ecd66d832690d23cc58c1d89c5fa9a5824de8d7c8ead121454199a08d7987d2c55e2548781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a87014ac959f0eaeed2408349da54140
SHA1 706539fe1615bf1cd2fec7c6cdb1810c9dd9baf7
SHA256 d3333c83ce40e6695511cb6de0d92228c4689980d5fe960ea3e077b8fc699f5b
SHA512 4a651b9d6bbbde88b9200546079a6ff6b46d9662c3041ebea7959bdfb291eb164c88d2a73599502a62c8c4ccc55540a24c835b9e808f98a41e5838699ec6f6e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 91e320a8a4527edbc32e81af8d2f9d09
SHA1 6bfc7ad76be27709215f6294660a9dbd6090fdff
SHA256 cae4dda44372b24fc23f29ced9cc8f0d3005dfc5c5405e3db86aa90c7b0b3441
SHA512 ea50510f14dec13df73647c19e278812a427d5fe65e9b418751e24fd2a9031ec1f63dd233e2d361bb743ccdd447ede99abc2cad6ed48530dfdc845a061303351

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 138eb9f065708aa17e065b6a3c2ce5c2
SHA1 d6d156c9fe5782c1dc8359d0ceefc8fa0fa2274a
SHA256 870df99de46f2c44663b2d721ed5b20e71591deb72994722eeb9e9fc717ad3a7
SHA512 ee9d2a1acbd53ba465a88cf1b2318f7b3f06c8e3a60716cd1a4b1ecbef3f9f37d5cb31feaf3c46a9be88040621484e50014589005e7b95d3c12043f4c7a19afc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f6a2c8bc9310ca641f7ed11c327f9575
SHA1 eceae5a1fc953134db38861559f27f7d4bc6cf81
SHA256 8702f62013e0eb19ad6ee57abe3f2066a567c3f1e23b5af0831cf3ce2ab72197
SHA512 0fba27a827f15e32ebb824bffa43bb1c4d38a29ce22e66e7d3f1dc780f0aa08fe3cc59b411fad3e18e3c9b4efe28800e7f1081e0170c2878cf1cc6b58b5d51bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5f91e2e7-b788-444b-a4f4-c3960492f1d2\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 995ebfbf5074cda27d499e662e0583e5
SHA1 c9290c5a1fbf12b61131bc1de53227fd57d00dc4
SHA256 5ebb02c501751b72a8871162c5597073a149f877bf59a064798b9e5c1ab6503f
SHA512 ad67a667c6426221bf6f995b5bc7e32b892da806e331981b53cecad8a8d2dd512701ab0785fd8f1289a3acc3a9bb084a4495625e27a5ce61bad6db76b738bb0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b1ee7a681d0a176a1c1078b408a2774f
SHA1 2b1b9facf086438b4af213133ffb0f6cade1dfb9
SHA256 b14bc8eb3ce0399d1c1191204a41727c674f63d23a99a299f1999341ac32797a
SHA512 e1e2d2769eea264acb61e9f12e7bfec5ff1d82a0ff1772c58938d0c799b9af2e98cd6aa7021ca22d20e5962436d19fb589d6ac79fc47962ba65fa7a67d39cfe5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c13d.TMP

MD5 8d3ec851ad4661a8958dba6ea2e5597d
SHA1 0b40d9d398d919a7f16acb4473a47a8fa0edf659
SHA256 0bab6493a66d1c7e009bfd75521991c160f1c83ae502e50a04146c8be6380840
SHA512 f11115f5e0f4671fc93c45b5a329cb0d6745628dbaf57a81a9e7aacf1a62666cf0ac634d143c41c7e7a9ae7ef505eaa0fe9e3048a2f7ea4d6f03878193089785

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 886d3f9b69d330ac91aae3f5b15a602e
SHA1 df5dd0cef29b043e82e07922e820928a554badb3
SHA256 90eaa09ec7972fbc82c949bc83cf5ce8074fe6d97b624d3639b95ad3c69a6ba1
SHA512 087a0ad5e549c819954060dcda3e7d73e56e1fbb5a9c8c5d765748fd9e5d90487df4c622c8954e378c5704c98a744506661d8616fa9bde88d88c62b997306428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 23ce2555b44bc025a63d6ffdefc7cf67
SHA1 0edb055ae3f476ea1bae3560fb1a08d9294c21c7
SHA256 3586c78b9d1a9c6229579f8001b7f984a7d0f5625b9ca696e2ce51fb38cbca45
SHA512 00f7503a4f8f25810401f9f6ace7115776e406b0ef0f979c94bfb8feaf46f67f5ff6b18b51372d628b1bc94970e3a9283ded7710efef55267ddb62edc8fdf42b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 3ba7e6919bc260bb6ab523197f2be3e1
SHA1 ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA256 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA512 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 3b2df667a176193cba046f74787e731d
SHA1 0525109b7a249a66df8c8eb7d24b49852cd076cc
SHA256 f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e
SHA512 f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 fe16eebbec39322563e01db110dfcdae
SHA1 4bdd0b229076b232e7c7ba101c48af0fd435afd1
SHA256 4a97682b5b83072d2bec75e7d52b50431804d5e0a19d279c86a8f4a5114b204e
SHA512 d0a12495f280e90760be27e7decf97de2f6c6ab374a18cabddf2defbb93e365732db001444dd80e402fc3233ccaed5ac4b640d096fdbd306ff46ddd4c9b7f70b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f5d906e9-4610-4bd4-98f9-ee9b40004d48\index-dir\the-real-index~RFe57f368.TMP

MD5 4494fd7f5fdde4cf50a1c3e11676d065
SHA1 8751976c3e96b995107092780ec2c6c06fb14c26
SHA256 984954e323e3e7f759b573aaf4841d442c3e08ba120906ed3e6f276c617f86b6
SHA512 3473685413c60124d127e75d692c7b9949f7c343cc517a4d377eb14ba72e19225d8af5396218025b1e7cf2263008930ba8ff214cbbb9d332767a14a0c69fccc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f5d906e9-4610-4bd4-98f9-ee9b40004d48\index-dir\the-real-index

MD5 66172481578f88ff7be668f9e11c8389
SHA1 ce822b7b65cb0c3a4c7954e7e7aa4bf5e9e160c2
SHA256 5e26bbd01cf55ac6f528851d2c09f5cad07056c8906c5a5c6951e155cc094a85
SHA512 33f5f11e4e71ddf1d53ae7e7b095981df36285f3b2aea4ae05690834b6d5c922e6438ce7ad3cc444c32b6badd1ba428633bb3d6aaf99e4003825bb619486b05e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 764808cdf67218429cc57284c0e99a28
SHA1 617e4f086faa6ceaf664d8529861a1d012aff1e7
SHA256 37fb61e5d7d7567c3f2d8b06ec7f980e128256315ca3c10ff0e386098fdc0030
SHA512 dea95b8f9d298ed6070f00855bc4b3f1528ada1b80a41cc93d22495ec1330d45a000683410ee16597c3fc56187bea02523458b24c4a4c743b5b1a49318c2a81b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 72c6431ff4df13e0415cfb32029cd2dd
SHA1 f7103a2376d5b3ee0c842c43647f1ab2dbbb1b54
SHA256 a94ef59dadc95f5202b0feea8aa8d9a722a7ae0207703224edb55fb169fde9fc
SHA512 b84140952ff5f00c402f590c691a4dd5bcba24af39c3cb90399154958215e6c951994e70ad2786731c8bb52d06937f276517ce9215c77346415e135da499d5e0

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4cc209bf87bd61ccc0b2c762e21d48a0
SHA1 4de3843c135ef6d269a70daae244737c75eef8f4
SHA256 99504e02b52d9a1d3045e8d8e6c8004b28e6730d749e345c58a13e13b95a1afa
SHA512 cfe291075443b743a7b2cd3768fb5c8c48bd61b37208d975ddb35d5278b0a68c175c9abf7e4189bed2bedc38413e6ea58fbb8f6b09f589f3f2207f09385d95d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 aaba5e872ba07d60f556b78df854279e
SHA1 93d1494959f4027195f527db143e5aa89d60925b
SHA256 0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512 fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 bbac7bb99faedea9a0cb17dfcad195af
SHA1 409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256 b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512 727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 164546422cef27aef7a10f074fb0a2bc
SHA1 834505ac8884c92b41bf321b14b8dbf04f754b55
SHA256 89e0678cca27531d83de9063686c3af9f61574fe93730819ba9417476391fcfb
SHA512 41f444856355daa59248c67acddd2f8972c11ff02f6445b66b1d4db904beef84b19c53cddeed059d9ef698972e3bfd9e7e2111a514d35dfe59aaf835b61c19c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581f2b.TMP

MD5 7fbc73a8abefa5b694eb2cb53104c2b9
SHA1 aacef48b79d3cf77b51f0ef88cce38514b634b44
SHA256 6233b292eea6e3910408932f1b8570fb2e6d50014e088b049d27317446732441
SHA512 b3a90e36b570fb756711657fb908e9c519d64f3e7b36b72491f5c75d3382d14de88db1b3cb1387b387647180aee046117e77b1443d4880091d843bd927465e8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 e337014ceba65092b027bdeddc48b00b
SHA1 98ad97b8adbb411d6d4623fab506924aa6772304
SHA256 c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA512 24dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f2cf5a4455b798451c834654d947aa7
SHA1 fc7c723c65f8d1e5ad7369fb8bd943a350f121ff
SHA256 30fdb7192332cb040df7ed3b6f77f495e156446a656495d1ecc9850bdd0a1b9c
SHA512 8dcfcdd0f7338804a251f45c0d93d9a52e02a509d0aa134636ac50264dea8c7b5e70a31d20d09798a8db70a22138a8a800a34793affa3c9b23ccfdf42af05dd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 404a08f9df9d84df12cbf6c695031690
SHA1 0bcd1d3c1126cc6bca2d078058b885c2748688d7
SHA256 e9bfb6a3169ce1e20718dbf789cec548550d595ddd8725e8bbed2eb038d5eff7
SHA512 7dfd7cdb32414b2598dedc5296f8b71d15232a9f94e345f0c61f2dde8067eeebc809680e46191040af79f3bbfa12bec8974ee9f176cdc26d98a364163ef5ad4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7743c982686da8ea0671cddd8d0f23e6
SHA1 94b6964bc72b1cbf76aaddc2e45ba91fa719daed
SHA256 068fa585a1321f123766e62d2f6c56e4402f9e02ac20245ca5bec8598807a31e
SHA512 71df362eb125dea84733efd906250d67135ff4d43bb06c4098a16256682edcec93a1a14a6dbf456d7ec39d2a8bc52c40f9bc4a456177c1e89c065e72d58f3c3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0e8b15d7674a7879bf7eb89e0a3d17bc
SHA1 dbb841c7ec4cb0f36ec3672a20e7b220070d8571
SHA256 f7d03a2aabcb188b34e3e53a9e06328ea96a37b863bd14ccb17fb59734817c67
SHA512 472b3c63e6e08a2bda712a3a4718d2f29650a2b25d1a456c68c1af26e3ba741d259e2ed6c3e0963f6464a435056e92787ede78acdab165c0762de58e9fde198e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 80d10eff1748ed76a7a7ea45d792db6e
SHA1 fa95ee49af58851c655f3727a6ac4aebfb6413ee
SHA256 fe35da261f1a9caee68831ed5cca5cfc307a821ef488ad634d42b7502821bcf6
SHA512 9db78816def449f0c6be73f505affc8669417ecf3d1dae90957f580c92993b1197f89497d9bd4b2db964b661d001555cffe94517176611e3f8488679113c57d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d4bfc2cf5e3a1f23d0c2f26d375358c0
SHA1 bfed2ea165a515aaa945e39050fe1f2335a00150
SHA256 366a36b10a34b4527deccbcbfd0690d562a06722b59feb84d1e53e1abb56a628
SHA512 a368a6e60c51177d5e55c0cabcf7e391f251486acba26ebcdc132b0b0e42b0fe226a2abfda134644290ac125f0f7eb8a8054e03d2e5ce74fb5fa6c4e8205e631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f50d840dfd6de6305c5b3ea2124347d
SHA1 923d75a8ade9376101d5822f8c932e3c42133765
SHA256 af0b26013d8d0b0afc5b2cf73bd5e3ad5bacbb6b0a096c2453f344d0fed2f2cc
SHA512 87e28757f4a469fbe5f19d9f74b861558ebac8a6e60a7e2fd77bfd5113ee2d4bf96f6dc3888ec3fc4284b2f8243ee90640c6cf183855bfe24b2b77c479829b87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb0242443385e8c304c7de94bf9285a0
SHA1 22c9945a4ff4e38a9dc37f99383360b0c088f605
SHA256 3f0f0c8dc923ac69f4550c6e134f264b1b5f8be8823b629c3b80562d0bdf8745
SHA512 15331d3413e36163d9c1d933267fa8814b987f4b5dce0fdcf057cfd81bef860a2ca936692e0c3196fa4094a3efec46a0b2c5b4e8892a5a7ed25e51e47c2cefdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2bab349b82bca5c9b16c69a92e510ba2
SHA1 caa4f5bfa79553863b3ddff6c742e0d7a073f8b4
SHA256 eabc9578958334ae958975853e36d61d2c6554c4b8e06cd86da1434f56be782f
SHA512 459d5d7cfebfccd4c9b5442275b2a4807322fbd3b28df506435dc5406e919c88ef21f363db7fb773c5a676f2f1891d2c27a315c1c283a9d3a2074facda305ff2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 caa898c7119a879d7a3e5e108feb10d2
SHA1 74f68601583a7cf9ce21d192315364ec6e18470d
SHA256 90c84ee1e5f6a8028d34014faca87dadaecc6c52ffb21a14ea8c1a4bb7fa4777
SHA512 c2c71e855ea0301b6012a3944af27eb4d277cde0859962b49da68cbf3c01f18b7e3e892a0b46635ce4b300737a03b8d35edef42f5bf1b179e7df3bd6a91fade2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e69f407f3bc5a22dc6d55041ba675116
SHA1 867443320470cc1d206488abf54c700f070e56db
SHA256 1985cfccdb7020abc58c27486c1411bbba47b3aa1e7fa299ebd04e8240be3a6d
SHA512 e9faf023d102ffac3bc664e26f03111ac9d93facb05554e8aae23392f2bdda40631ac5de5e0cc8340e0e2f4280c7adf5a5d68d7c8a8722b87e456f25075fb3ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6e562585f3441524b506e5eb87b2c15
SHA1 56b5a990db0fb928bea8c1bd91c89a6af9a7f139
SHA256 c690fb7d303edf797f77611acc1645d94f292c38def0822f604e572f18057f36
SHA512 12572731102c93465d02a6d695e6c639428088b6993df0e9e77ff2d6935d247640d53916b46387dd83014523d6aa1d08ee7749573533d3d086d00a1689c4d279

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 39db4162526e56b48c5f8c0a0c6122e2
SHA1 1a4708ecbace0c233b12db798e21c63f905a8737
SHA256 c583be2634b96a9f6fb771eb0fd79e0ec3cd4c7eb8c8087ec0b42cf54db064cc
SHA512 9e30188ca30bb304ebdb4dfddab568f302fa55bdf5ec49ec882b1917a4ad82fbd296f9bcd8a8d72cfe8bda36eccad7d18ea3752322cb5d23998279f125c9171c