Malware Analysis Report

2024-11-16 15:51

Sample ID 240206-r5ab7sbcbj
Target 27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe
SHA256 27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9

Threat Level: Known bad

The file 27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Checks processor information in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 14:46

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 14:46

Reported

2024-02-06 14:48

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{077F430E-41EC-4C72-8D4C-02BD7D270B9E} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 532 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4412 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 904 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 904 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4456 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 532 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4704 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4992 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4992 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4756 wrote to memory of 1048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4756 wrote to memory of 1048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 3344 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3344 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4420 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe

"C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff826ba46f8,0x7ff826ba4708,0x7ff826ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff826ba46f8,0x7ff826ba4708,0x7ff826ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff826ba46f8,0x7ff826ba4708,0x7ff826ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff826ba46f8,0x7ff826ba4708,0x7ff826ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff826ba46f8,0x7ff826ba4708,0x7ff826ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff826ba46f8,0x7ff826ba4708,0x7ff826ba4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8267e9758,0x7ff8267e9768,0x7ff8267e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8267e9758,0x7ff8267e9768,0x7ff8267e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8267e9758,0x7ff8267e9768,0x7ff8267e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,11882860618063930827,11508875908710342855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1444,11882860618063930827,11508875908710342855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,14989453469751417676,9862272306384728998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.0.113070153\711994026" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eee3c9e0-ab9c-4b9f-b3dd-3e1e79a5f80d} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 1952 2474bed3a58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11759674897928486468,11786182219181749519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,983394459487909944,13177684734723785163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13297124454012813586,14406610624795078639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.1.444970887\414665089" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5f50fbe-c4a7-4568-8c47-6b1dc87d7b1a} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 2412 2473f6dee58 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.2.752471241\393034964" -childID 1 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cef8c5b-124b-4c0c-8868-403536d8d702} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3440 2474fc2b458 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1816,i,7209685532924721291,16352039641323156564,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1996,i,16075291379022258451,6201393050812528340,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3944 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.3.32091868\330980073" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2980 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54f95b71-33d9-496d-a4d3-e20dd59a9b9a} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3108 24750813758 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.5.1170413158\439198172" -childID 4 -isForBrowser -prefsHandle 3872 -prefMapHandle 3876 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60b3ac2f-55ed-4eea-981f-502273ee589a} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3864 24750815558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.4.1991223342\313437013" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 3008 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac84fa23-d29b-4fb3-b327-bc70f876fff5} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3184 24750814658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4848 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3828 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1996,i,16075291379022258451,6201393050812528340,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1816,i,7209685532924721291,16352039641323156564,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.6.1923442152\511959136" -childID 5 -isForBrowser -prefsHandle 4628 -prefMapHandle 4624 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {007b8320-d954-41d8-aaf0-b200e3936f31} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 4640 247518a9158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.9.1634817949\280483182" -childID 8 -isForBrowser -prefsHandle 6036 -prefMapHandle 6032 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3c69561-4e4a-487d-ab82-ef31c3d456af} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5952 247532fa558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.8.1747029230\442234862" -childID 7 -isForBrowser -prefsHandle 5848 -prefMapHandle 5836 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab4ea60c-45c6-4e92-9f87-23bffbd21512} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5856 247532f9958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.7.1709416176\1001733708" -childID 6 -isForBrowser -prefsHandle 5616 -prefMapHandle 5560 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bde27d0c-dffd-4d4c-a831-b2bbde0bc0dc} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5556 2475340bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.10.1864034061\224252391" -childID 9 -isForBrowser -prefsHandle 6300 -prefMapHandle 6296 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb4b8f99-f00f-4027-b178-9682444f4354} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 6308 2474d5cf858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5712 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3670387256681877457,10937398061841235809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1904,i,14714417661204766683,12157234482086336167,131072 /prefetch:2

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
BE 179.60.195.36:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 36.195.60.179.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
BE 179.60.195.36:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.195.60.179.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
N/A 224.0.0.251:5353 udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
BE 179.60.195.36:443 facebook.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 facebook.com udp
BE 179.60.195.36:443 facebook.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
BE 179.60.195.36:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 142.250.178.4:443 www.google.com tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
N/A 127.0.0.1:60653 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 rr2---sn-q4flrnl7.googlevideo.com udp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 8.8.8.8:53 71.131.217.172.in-addr.arpa udp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
N/A 127.0.0.1:55589 tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.201.110:443 play.google.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 76.246.100.95.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.38.117:443 beacons2.gvt2.com tcp
US 216.239.38.117:443 beacons2.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 117.38.239.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 adaec72374ea25fc32520580ed8ba4bf
SHA1 1dfcff26826847706b81cdacc3d24ca8948c6064
SHA256 8dce1df4993505de28410317038a871653fdc84afe39e23e0209aba573c4dc92
SHA512 aa391f6dc2d98bb6f00cd2bd3acfc35b72549452e2bace02d3e9891bf519ee277948627abf34b59f3df061eb1cb03495f5a0a89df49f7372304e46a4031b5dd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f246cc2c0e84109806d24fcf52bd0672
SHA1 8725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA256 0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512 dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_4412_FOGHAJTYQYOMGDEM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fcccd0f85427b45c6ed2edcd6f289d98
SHA1 bf1d1233bbd732419e944d64afd48eff4a6b76b9
SHA256 762dd6be399422c9e7abbd68187dba1018fee5e85303587fdc112456c5c1a5c9
SHA512 79c8965a86a916b13f8bba507692c3b49b21919a0d7d3c3f4c45875a8313bf348aa2dd90bcdcb384a9c4bda807fb6919ab0c23392d240bfa3a46ffc26106ff0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d953520eef04a7f704dfe97db53f6a7f
SHA1 55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39
SHA256 7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47
SHA512 630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f7b6f79029d3355c4f65764767e78b80
SHA1 0904da471adc286bd1b6bf8c582661e809a99bcd
SHA256 9d4da46a5f08ab381e0b954b0ae1e2097663f80ae3cb0d25a5bf076d4a0ba28d
SHA512 7cc40af808522d538a6c121ecb6be72a2079ce5ed1c9a5878e3f64faca92fead803cd54045e1fc37ca96c8840818287e8cce6d00df87041850c198f457d3ca23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9bf2751775906f85caf76de4e4ada2b2
SHA1 09cd4ad910be4176cdf4a83d25aed1d6807c83d8
SHA256 1393fb77c62dc0e40b1ad0f4f760c0549c6d8d53772cd11753ab86b16094b891
SHA512 900c78a7bf8502705359e5851565c2ba80278ede5ba8db31fcd6a30ff5fbfb5e956fda95bec52bb860ccdaba5e8fba4f196b5e0b181036322894c9415b88fd48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e911e9dcdf2740e660299c453bb5d150
SHA1 9be100dab8c391a10538acb090f93213846bde1c
SHA256 25c659706823faaab528edfe89ab472078827bb95fb33a482727104e5b351bc8
SHA512 596c59fd93bdc8d72f7c8c8e4bf7b86f1cb7904fb7f0b77437b15f3e245c221212a5d2c28426786a5c33433ec69824af9bf8af3f69947dfcf1cbd6163a0260ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e90301c56a7a33ff1b566349315ba64e
SHA1 0b26dcc139d2a55c299e9cadc43a0aa5fe89aed0
SHA256 81f9dc063b08abef9e9cc32d1dc68418289c0f0df54d0ac511ce64e53d9e9c1b
SHA512 f1d56618adff50603266a616350ae727a8856deff230a8bfee86a2a504b2c82c846faed637b0d1ceb5e82792ed0311c03180e88abb730664403a35eabe5ea384

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37d6b12a72a952e580fe5ba660ab5e0c
SHA1 26ce6d882c52db6e278c7b0d6fa821734fc59ccf
SHA256 b4931774ac71bce82620f462f93b91e617d0840775e9da2cc28f4870c55d41ad
SHA512 e495b0b1815299d532efd8e89dbd5d5d6d27db518a685504a48f659b36447b8cbd7988bbb67c3ee5709a8eb243fe8ae8519441846343132fb1b73d90da416b2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0aab2da4d80adbaf91e32354ee4de1a9
SHA1 ec9289ecbd4da003158f2d83edf1bdc7ffd0f51f
SHA256 3cf5310a4420aa9b39a90b4fe822840a11af45e7086e63fe3ae6f212aecaeea3
SHA512 c8553a5d2c772e644d06a85c75c2ffb0c26b4545647e43506a95b044522914eb0fbf2f629e455188c6920598eb3d2e0e4e9724b2e697466f7301223f776ec32d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ef6f3a280970449782b86bf898196d19
SHA1 41877b3bb2f67dac24c55c6e7609b9605cdec488
SHA256 6f6c43ed0f727447f26b63f1a14e0d61cd7ac7f097796de9b7ed5c30befe8ca2
SHA512 552bf703b54f1146b776bc86fe06df59dcaa3324dd502465e65eb0f563b7c162a706059f46dc38e408e9f2c8c5d513028ab83a0654bd03c445bfca8e6ac09aae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\0f2785d8-ad84-4a8b-a8bc-42f457daf099

MD5 3b7eb8dc38432d3480fb713b461ec44c
SHA1 5142bbef39f5d5a2ec7a9de0094c8b29029a720b
SHA256 1ed5498d3245743612a619d7599e329f6ece06a80387b76e21f7754df57ce085
SHA512 0f7fcb469dbe86cc9b6dba9b649c5ee87915121291f842af5bf0d1a86fe70c5c66d281c1cc36515240221202e9785052fcc32ccee079bdd24e27eaf3e9dadb17

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\b10052cf-ce74-4c47-904b-bbf446c73276

MD5 524186950dd41dbefbf95e75ceb02805
SHA1 c992d02f5dd29c2986d612366797e89e526b88bf
SHA256 210176ff38ef6bd509f5022331324ce4b3314a32ed12a7e363f59041bf185fd6
SHA512 129682a290e95d5e89b01fc8bc37adef575ff92c18952d35aadb0870a6d05629255ae8eeb57b236c15f6bde857f8d87be9455b81fd3750432027eb62a073cf75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin

MD5 ba3a7ce8a35d218e6c46252ffb939467
SHA1 faa4be4a203515371c4961a6483c8d6d2b8c8d12
SHA256 73442b1b70ba576af9e9ea813a55d714b61e35da00283a32275b14e846c97971
SHA512 451a05282c622070421f682cb97d5d7add8c6645c1b4e8df1d1687d645e02b1e60b30aabdb5c43b0c750fe4d4e777f11ffd83d4e136c6a7c9d2c0dab3c626de3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9d3ae693c5705417954d29dff633e870
SHA1 087c0881babcf994ff10de56bec9706cb9efd108
SHA256 24c82c9a1ed44a6a2302c4f4bb785514d784119ea6ad846c041de1b12de1944a
SHA512 f98d9df4424ed14799b8afd4b9c65e1a43a4ab9cdfe56fc9356a6e3cf8c609bd80edeaaff3e2fac99192fc404d8576a2756f710e35c0d52a5f34690b704d7eb3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 098b0f529ebbdd3318a65649db224b5e
SHA1 cf4beb7bd447de9ebaaeb1f301f07750a61795b7
SHA256 62e78c145d6a4a7c826299c6dcbfd1de3212d333d7920cc079a8c890f8c91b2e
SHA512 9c5cd3e136c007c1f29e7b43588acb64a0f9691c8f2bad4c210a39174f3394211b7da0788e1100475a7ab769839c34b592ccb155f85b48a8117328f03d7a92e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0ba1d85b3dc7497bb1ec9654f7ef4e8
SHA1 a52ebb6b62c889ca202ce4b668ffe4392e473a31
SHA256 d852eb5be78fd0ef8355fec34cadae47bf19bfa9405de7bf9f2c906e9e69878d
SHA512 5b11befecdcf2f0b94a875c897fa5ea042e39a7d3ed670dd7ded316f532273c689de659695b9b21dc274f686f5e4cf3d440f782dc5cbc4c2604fb3855a5715ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 86e8d787888bc3476accf3c7d5cf69d9
SHA1 872b680eae2eefdaa1c12c8366ad559f6bcc0d50
SHA256 ee7210873311de68a23607f922fddc9213c6d8309e53afd1b064182ca57274e7
SHA512 529f90b3a41c5f4d2a09cfb5762b481e4222463c1c786fa09f9cef566764c82f8ae9e140f9ed0775dec7d75189c50f755bfa1ec50a293f75ba36878b1ee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 e404d7406b6b25ff193fc7269b92fd52
SHA1 6a02136cb3de07b970e1ba64df0b148f0df31dd6
SHA256 b40c483b6cdc7f83f646ebbf9ac45699285f8b68096f6451b99a9ea0a51ae59b
SHA512 046c1b06607619a7354391d9152d8a9b5ce990ee0b5e0587c088ea611856836d187ead6ff1289bbe663df191702e34bd7954194ce5950a6126b6f808bfd42bdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31819dfcc7757830863370a97f5eb55d
SHA1 afab8004b97f10c206eb09ff81e2b5370462b2e0
SHA256 5c5a4e91bd5fa3334e67b80a6284b6387f546a18707b0206edfdc9e31f8c1791
SHA512 50cc167d83267e11aacfa49eb9c3275880da52a2e3a6dc2a5bc0a1e053847507972c722f62e516c59aee3b023306c87d01749e01190124994aaaef3d840d4f93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5e62a6848f50c5ca5f19380c1ea38156
SHA1 1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a
SHA256 23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488
SHA512 ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b3f0812b600615fd46660b8152b63c3
SHA1 a6609339a135ab60eabc4411d4a8632f4e03c0de
SHA256 b7239c6c03f1291be57e37f5d2a16f778df2253492749d0567efb1fdd146c815
SHA512 9742e47ec84e821cdba283bb6a2de4f34595d7f9c298839e146ff1ba29b4212b6ea33266a097f008c899b415f9db5a1c5aeeb0c149951a20528934b9eb97d784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 13429b8314ebb9d496653503b18eceb3
SHA1 c15b4ea4a88a5c3a1ced00a51b744398c2a0b32c
SHA256 9c4f67aa967849fbb8bee8a97670ee6967197a8a51749a3e740e187f3c8f9311
SHA512 a9fc3daa210bfdba165535b41f558b2f654ace05252c10c9365aac23b58924ea99d714edc35c5ec563395e62b21a2dfa0296a69d69c15e3f50b581d03383aca7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 63fc578665a0d2ef92f8fc2290821e87
SHA1 4e3ac92fc89d0cb191437ac76a9d0a3764209859
SHA256 fe3afd4d21572bab9eaf0e3106877946230c232ad4b91defff5170ee4d1c6fe6
SHA512 47c6c9d478766f4e3c5e2c96340b9b66f8f6b520c7cd1cbe7ddea6dc6b6eaccb77515c073eec804fd75cebe59bce08633861b378a7995926c58dec1517b8caa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 26b88a53de5f7ed5581fbbde1c2c3964
SHA1 8ae04471becb759506aed5106c37d16f7cfc749a
SHA256 a8bb21562e4f2d41a68f6f94a292875defc33a0eccb729cd7981560cebb8160c
SHA512 0df7540ecd39e3ceb4b9e4ceaedd6da3765abb4d256d9600342c8d534c346b9bf066bf4815a416d826584cfba8642e0cb307e4456db90362a5d715008ba9b044

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a18f.TMP

MD5 d3703894ae2225f193c1e1fb56c09912
SHA1 4e1d117fa7b0460866faae158fa86728694edfeb
SHA256 cfdab6b4ef9f842a785376718fabfb85d39c1425742dae0b6f0ce0fec243fe62
SHA512 05d2924faa125df10d4232ffcdfd43b29af5705d89d9f056266e9fa63cf3fe8e233ea8f0afa0f704215cd16758a47e7441e8083d44d802e4dc6d8066e842a4da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b25f79c179299e655603291500ad934d
SHA1 41bdce3919044f3aae82b57168c31037db258377
SHA256 ddbfbbd8ac2d314c5cbe686cfb69a5178c9985418c45f817c739f334d69a8f36
SHA512 6a91ef6f9341e15724e32585e7ed134cc54e9c385afc5928909f0b6a93ca31db14ab17559facfaf9ce3668c278da6f14716cbf78eb07d78cedbacff703f4571a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 798f63715dbc963887040338a02164fb
SHA1 5b4606c3f5d666fba208f40b1fef34bdbc924e09
SHA256 f830fc42aed8b3d34b0af33c3791f0ad5bbb8d8c5bde41ebc7522c585d8d1773
SHA512 14747349e388071340fdee65cf2798909192a28dcbe22ed4be564a549281aa202eb43277f52d83b736eca901618d33d2555f62c0edde8c9068ade1a0cfa9cb36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6f543dcd-2401-43c6-8333-dc1d4885b1e9\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 590097edb6257fea56303213eaa92b9e
SHA1 526c342c0921388322059cb4faab90c6ef4ceba6
SHA256 d0dcd56c83c4b247b732e53d9f67467d877bd8e38a76bf6d5813d3aeeed71fcb
SHA512 bde4304312a0b7e87628de53dd1a313337752454cab9a34a36e47c0ab0d5c31c9eda1e695ca2c6b6ecabfdb6c5413d2aa57f11232346237b719e85eee1dde00d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 319452b17d2353416aa1a3f9fff00f00
SHA1 2c6db7c94a723068bb94631f4d9b899c9ce19ea3
SHA256 68db69d612542d881825bed847551d96743cf542c3cf0ad0c5fc515650525063
SHA512 222db0e3770332dbad82dfb3ace7c66accb64b62d06d7f641dfebe3c88948472846528091b04c96d0e414d3b8fdb87e12f0e90048e03e33015c606f48fd8e4df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74a8b60693d588fa5f19a7ede7258726
SHA1 3a9a0684dc2b72a69d006f2915ec088ea7821763
SHA256 536155faf9d4fe0932aba6ca74dbc9919ef0891f74cb1e164a8d2146951b1a54
SHA512 9874ff731fd706037448f599af1ea3d08a9b7beb1bd4589291eed31c448929c790707ba005551348eeed222a7874f0dc188246b47aca87d583efee499a3d11a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa3a.TMP

MD5 ca33dd905bd6c7a986b339b5c7904f27
SHA1 b93889985820afe4002c2d2b8d72cdef9c524e9e
SHA256 cb9e957b4c89eda306ec2afe17580d3524c028c8850493acf0b3d5aec692317e
SHA512 37d295f7c432f56324c97c68464845b7d7900c08269c38de45ac32b0df59e4974b745a8c8cfb03ebf9187762fe98eadcae21fc4bcc6d334468fb9715a843ef86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bca10205748f47847dec975a9c4b7128
SHA1 f581a9d590a48e55f3e14fa8f150a9bc26b39584
SHA256 6466d931adae3498ccd97d7f7d833cc169dc288dd6bdf306d8a2d22c0b2b8a3b
SHA512 43e9b9ae9a491333585e57817440936bb465aff618f9a48e3ab95692aeac7584dd73165856c4ae3ab963915d4592dc3d8c84fc1d47709ed4da57c41beb195971

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 961328e50eec7eb0501acdc8814aea98
SHA1 e5ec90f69dcf090a15ba3f27360fbae07efde824
SHA256 5bf28216cb2df25b318199c2774ff4b8c41350f016e1fa2db99e1b6cb0f5429d
SHA512 5ef19d4bfdd07535a2a792782bfbc8a24f69440896acdbfa3f622f816ec81ae18acfd48e62aaedd5965776cc7ede806cd426c917e647b82a8cf34ba91555cc86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b5d0ba40db5f7eb6ed2b048cc8c5b4ec
SHA1 d979be07717842edd56ac69dd314df865ce6d775
SHA256 27c3fdd0602d92984720fe7310f1270a07e5450bdf5ee6950812a64ab91b3026
SHA512 f8ac80b6fd5970535dbaed40e9012026c16100612995b073af8e7d937778f0e336654badc5bc3aa7c75b3f6f8dfefb888f84c0a995cc2ff30edae7c87921e316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 2af0a0312fbd421f704f040e3c17ac1d
SHA1 dcf89d1f9fb7d82bb9ff9f76a089a19600538966
SHA256 3aea050faf3905300a2948ea1ee517a28ba92187fcf75713c776c0e3f349118e
SHA512 0a011c705ca97531ac0c3c7e30d991381526f8cdc4d830cb491f6e1ed97379144e943e74a04f4a20ca995ea8adc8df0ee1b55e076e0a4c26cdc278f2f2d93b54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 3ea708871a2a24792503b2af9bb96f57
SHA1 e97e31e4dd5517b3867762ebd89d04534ef2f3f6
SHA256 2e9db2e839390cc74e780dc94bb201e49577c2c8b55589c809f20ec17e768041
SHA512 bd6b6a992cae3a50b0635d9412aa49bc9960e69cc5cba3007fc06d4667b1fe2a538acf9ce31722d0494564dcda0ec4ea19608b2bf1074b7ce25cd8a4d0f091b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 b8cf174aed25c6be966559ec60cc7cb1
SHA1 3d10f7f275da87d03582d32daff4b011cc0d4adc
SHA256 0899a4b937fd3cc3044a5c58b056f689d5f36e12d120ebf598397942067b1341
SHA512 a399d76d7f79ec7474eb5e9802d0d50f2d45336fd59b987dea06c94be0c379f49d5392165e1dd2990e652a5f5eb79a3b33fbc06d32eb491d51e763c742d0ee95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d5a06423ea58c94e99f516543c4664a4
SHA1 3acf3c065844ff917235d16c52eec89f7895e8a1
SHA256 67ab35f35515f993d53bbe1a287ea82183bef8d125e65a1d9c813a6dc2eeb4f9
SHA512 ba988cbda593d161947b52dccf57e9e5c8f929bae9a0b826c51bc5259979b34690ead25c67dd75e23db457a2004af690f0536ab841c778fba49eadcffbe9d4c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1632aa05efd632938c486078655c0218
SHA1 2d34c105d1ce38b045bbeecd4a4f6e7ceccdbc50
SHA256 b0bb7c86cfb2ab5c32755bbe646e6752bf41a093d077c127898ed75b6c32623e
SHA512 18dc8f51b58227b4ad7550b18589625dc6750166cb5a0c7b4259173eac27d92c407d32e6aa8bf1e4a7762a1b7ea452f3857ef04d7fb1b1c75344468cf72580da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f05b.TMP

MD5 a5ad2dd6c01fb22bf4e0b42fa58dbf83
SHA1 60ad0a4185e198eb17d872fee3a7c650ea54bad8
SHA256 3410e9fb3398cc835d3736eadbd69bfe37d6980bdd534197437ad2d3daf01b76
SHA512 e3871b47ffd0a4538189ddf51ab3986885e5d6e7447ae1c83ce398040c8d5f703ee5a6ea3023edb256230beb3eb99d721703f45c18f9a9edf4714f0c18db7853

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ea057bb6b3691dc04850c27ecb5d842b
SHA1 b67d53059d6a1be64bad2e0b212b645bf6b0ba39
SHA256 86b9c9b06908f8eb5950e21e30f55f24911af8623a1b46ad8eefbbfd2bf93e15
SHA512 2f42f0066ce267d4931a534d238e41887e14dcae474a4bd9f6262e005703cf33b729353cfaf9f585f03f8e67da365e980372ae56933b10f878f038f039bb2aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a17bb3780f8fd90765bb966977aa3b87
SHA1 2613d31982237c947521e9ab5440ec83cdc44193
SHA256 0693fadf242c80777f3870a5b89fa4da5cf3c76e6ca1dcc8eeb822e10fff0946
SHA512 945504827f7032ec52ca5e12245834710f5faaa6ecdec260cd5844953037ad88ab38b0e0c5f5415e080215a966ebaa48ba34461e1a69da9e78446394a38643a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fe881950e98e2a1edd0bfeb4ceea3919
SHA1 6cce9ced1171ea83d4e0cf86f68983fa316071b5
SHA256 824e907443ca3e7879c1e2b94720e137a9a82dbde1598776da1f53e37c04d425
SHA512 2b48d72652e0af02ba8ec1b218a2f439b1a07b80e38a02afcff3750fa2b723eabd89c617f93f5298bc21e1a4a7deecc699d44c1c341a94445c58485de7f0ddd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 aaba5e872ba07d60f556b78df854279e
SHA1 93d1494959f4027195f527db143e5aa89d60925b
SHA256 0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512 fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 bbac7bb99faedea9a0cb17dfcad195af
SHA1 409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256 b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512 727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 937956a1e7f64c8c9cbd953b3a4dca55
SHA1 c0f1e0aab61e4cd3b858edf791b69b61467276cd
SHA256 9e57cdccbccb2cc34cd35e6b00a4c6340ee88990068765d8f6a5b59b187049dd
SHA512 d195543926f4af0a6a0daae777442af103a11de6cc4946ddcaa5c6d50b90d1580589e7399e0dbc626df9c4ed6d10205d5a1f098e83c2ba0ce45a8c4561d56892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b35ec94538b7d6f2cc296736c2be0eb5
SHA1 7d36453271ff168a98de9e2c5728ea4729e3b137
SHA256 9d579ddb821829baf5b1278d2fe9cffa462ba271b3942e2dd11f675a7d427e00
SHA512 41b58717f6b7eeb383f16143f7c9516d3edbe4b4ce056a16182ff07911f2ac37e9904aacf77c6ddf144a12f0c2269e01d1545721ec3d3d5d9c26def1056b6e71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583a55.TMP

MD5 46d1b50fdb78f3e67c48a43f7519204e
SHA1 149e92f8e9c8e269b36a5333972c4cd85fbc3a38
SHA256 08fbf0d11b26611112a8d9771a1d6889ad210f35dbd5e68deefe539ac06e450e
SHA512 e401c8f34391d66bb276c31b3f5d54d67aae8c2ec52f1ec0375981b629d5553585a4ebafb277c47b16f94cd4fb790cfd85a6e8bfeb3734309cb633d88172ab8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4896ec11368f874456b49766c1ce5d62
SHA1 e4915aa2b24f4ef5fad12e978a42196e0b1a3f34
SHA256 38eac666a29eeaa490eca3099e3bb3eda305e497a2a8c53a3784e27e26fba9af
SHA512 c9ed77d1653cc25b51d694db01e9689c175a676f083f583741959a7139de58ee98c4ddcf5e418846a62d603cd23e254f5b90d1c2d7fd34d7b86a7b63cd8fe85d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e36b4a706c2c3d99443aca40c9f94dbc
SHA1 82ab16d48ba7da65298d740d89e98ead8a69f916
SHA256 1cef8ac616d5170d9a439b9808737f1e60939264ddff1e6f16358c731418eeae
SHA512 9c9f15969f4a6962f0bf9d153b918d2631feed6f90c23a9b40354be868e405ddbb0c51cbb4f40d7f3cceda6606f1b48e850bfd80222f68f356a42caebd54bfec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 31460eab8e6772b638d8bd2aec542102
SHA1 0ec5c801a7c3f83932597f2d090dfb4f6f00ec6a
SHA256 a1047d59b140357aded642345356cc283b90fb31f86dbf412fb5e2d380f3bee0
SHA512 36fd028de9e04d4fbd7ece5abfc75671063a906962055060ce92adc709a71882a9008dc2a3518b77aa489b34d2c1e807819e3f022acd6b165d2b2347af81b6ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b1512c6e4e9e7ee3ce4ef5329b2d6c43
SHA1 0fb20a212f5aed2107b758d6ecaedd95184f41d9
SHA256 dfca93159362c20de04f7adca1ff88ebb81f0079ba4a97800946b7f1835d70ab
SHA512 a7a223923139f1ea16f98cf88c78232833f00c5103c396b0bdaacf78a9a5bf6dc1fa0db50d25550e9298c373efa7ab2300b08ab72f3d159ea9b3b9c2aa003dc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 710efb787ebb05e4afdfa5531bedd33a
SHA1 b20d04af88548a94d17b2b6ecddfdd077357a693
SHA256 e9620c800bb11ea5809428d5932f23298a151b059007178610667c6d1057dfc4
SHA512 2a41a7f2d980f953ab0922a55a0f003fa96656ca10f5148590d61615f9e6fb1e7e22522f73b722456f74897fdd37747d9f29b6b86e5b94a5c00e00f194dfae92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ebe25012b739aa45ff4e2d765b0d44c
SHA1 ac4cbfcc5bb0c3cda89db09b76dfee9725b144ce
SHA256 cf95e1209f4d99e9a8f2104d7b0260e7a58ab0060668ec15730b3665651b7f0f
SHA512 43f68b58c87be1daf75a6068e37d7525c29d8cb177f27c103aad88ace047197a04ee2b01c5d5350665980997e1b2104caa5e1f9d55ad4f516168e665e0d87de6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aee03944dc52971e781aae9fba2d16af
SHA1 f76e6924e4d4800eadf82f91a87baae7b4f8c454
SHA256 e910c0c8f8bbfcec4fb4e21e38afc3b8154d2865235c8d74254c05f2b8d2e440
SHA512 0cd86f33d869d1e92bed2484b3728d6dcc296f18b8f1bb1bdc691f22fb881b43fdf273e6a5c37d33ba2f4ed9cfae578fdebb5ae2123a67ce390c8b77866eca07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e337014ceba65092b027bdeddc48b00b
SHA1 98ad97b8adbb411d6d4623fab506924aa6772304
SHA256 c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA512 24dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d2fc0239ef9c583e1594a2a4f1d64f0d
SHA1 8e6716b8de5ab6885580e66aec7f74d7228ee0b8
SHA256 82b0217db527fdc50769f0e0feba848431ba563d51d60b13c4d84ab56337dfbb
SHA512 22f472125fa859c06c9a5e2a771d219215de2d5bd7051c6ebbb7cdeed013e153b7de1791112b2e38b7210305b01d5a928ea097ec5c95d9a4074940fc543c7306

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1818a9cd25aca416e96ca285f2dc0814
SHA1 3294bfd2376037fec6a300c75276aca44c0bbd86
SHA256 adae1b48405dd14cd30f5d86b9c8a9f0721bd8be83088ac0da440da9b9aff49a
SHA512 e9285d17daae0cd7d0099fccc4a65f5c67627392740040588e9ad0746bd3fc1d3f4fec4b07c11b021a1c3717ce7d39947815fe0d6d99e074012789a9d00b957d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d32b6098ffc2c186c8025bfcd8c3686f
SHA1 b5dd4f9b794b9cbf4107c7417c268a91ca43ff21
SHA256 5bb6b40c789fddee6a81bba7fa99bde120fc7b2a6dfb40491838b7cb195e4583
SHA512 2f688e62fb2cfe62fcae1e1936bcc15c7561a208b7f5dfdc501551f4ce5844855887a1059401ec43a2ccf497c0cea507b4afc5a38b095a61d34fe7d777162ade

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cb16aa635f242fb1b615be96f7362206
SHA1 a0ddcee6ed9c492a3c7bd37e58c813cfeceb91e5
SHA256 af3d8ce458a366314987a953abd56e94daa3524b602fa53e3a273440f33235c7
SHA512 566fced6b4ccc5a8c7700b143e1202732ced6fa600d1861d709269037b875649d107e859940387523402094880ee798b547f613eabd9586409b9f0e6cc8e7e36

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 14:46

Reported

2024-02-06 14:48

Platform

win7-20231215-en

Max time kernel

46s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79925AE1-C4FE-11EE-8495-CEEF1DCBEAFA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301bf24f0b59da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000fb2baa56a348d0584fc2898c30d5658a941a8b9f2a778e274ecb9420cf32759f000000000e800000000200002000000092429a6afadfe22f90bcb244b0e2313e903d5a406cb68c2348d5d07dad8dce89200000000808f2640f74dcc65cf4d30c92e5cd9defa66e85c6bbcf55e4e6f6025a20ecd640000000c279ae2a3a6e4513035e54e662d5156ae38c4651e7a7e6ac9f36911d1e5b5ff8e6e633aea3556b064cc0659bb0652396698c11218f9ac0a833eee2e2b1bae2a3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{798D9821-C4FE-11EE-8495-CEEF1DCBEAFA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{798B36C1-C4FE-11EE-8495-CEEF1DCBEAFA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000dc1330da57e016463ef6e30029f76254eb7fa7fe34ba24c88c73235ae44b5eb0000000000e8000000002000020000000466da8040ecff9033b785ea129d165ff9b45afb2e21c314b0d8d90257ce8180290000000f20e04255aaa14d217743ffbd6ba80ca18485b530ed1661ddb265458a101d2af6b29893fb55c3f6f765ef762e21bc09fdcab88ef68e0bacd76948e30ba14d4d2c96aaa1fbc981110a69a494554bf23e2fb7e2cdf46546a7feac049f3fd4890d242935948ba63f5b209afdfe342df406554d4b35c7e93444809a321b53b20c2169e0421539a2fb8c812aa89b0b5e30f6f40000000033f46b16a93c44f36130e6af79f1adcb8fc0e8bcaa2509f18a8dceb812737b2b8a8270207affa2779b0f5ef600d27a202af8f8e48daea574777f62d661aaba8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2040 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2664 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2664 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2664 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2664 wrote to memory of 2596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2356 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2356 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2356 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2356 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1944 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1944 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1944 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1944 wrote to memory of 2492 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2124 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2124 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2124 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2408 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2408 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2408 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2908 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1624 wrote to memory of 1992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe

"C:\Users\Admin\AppData\Local\Temp\27aa62dc09c2ee5af94afb0185b8083ebdc8ade6921d60db5f54d97b027cb4f9.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef69f9758,0x7fef69f9768,0x7fef69f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.0.1226820052\647541579" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1be7db3-e21a-444c-afe8-810be8fe24ea} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 1348 f7f7a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.1.399040882\537446853" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bb35dc8-8af2-4601-81bb-9f3791bf0af1} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 1560 d71358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.2.1036819414\182410764" -childID 1 -isForBrowser -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01cb8bdd-c08e-43b9-928f-d822465efccd} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2120 f75e758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1316,i,4833589795536990599,10727999190352585531,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1460 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1308 --field-trial-handle=1332,i,13879519481655575731,2289511198738066635,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1332,i,13879519481655575731,2289511198738066635,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1316,i,4833589795536990599,10727999190352585531,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.3.1606707802\1788367725" -childID 2 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {777b8143-f4b5-48d4-beb8-aa91f1821c9b} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 2784 1cb3fa58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2452 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2468 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.4.1378104276\76103124" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3392 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65cf459f-fcb9-42b4-93f0-a898efe7a10c} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 3816 200bf158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.6.176455079\732109779" -childID 5 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c26b272-a16b-455b-a6b2-7bb619d6b4c4} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4124 20103b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.7.1973417096\144917740" -childID 6 -isForBrowser -prefsHandle 4304 -prefMapHandle 4308 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca72e2d6-b452-476c-8721-87b474767171} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4292 20104158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.5.763651679\1031207160" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eccc36e6-f42b-4a29-af87-cc2f9d2aa1b0} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4016 200bfa58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1164 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3164 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.8.1709011480\904806665" -childID 7 -isForBrowser -prefsHandle 4012 -prefMapHandle 3948 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {978a6829-a1c6-4499-a079-bfd1d862ded2} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4000 21458258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.9.503572951\1683192902" -childID 8 -isForBrowser -prefsHandle 4220 -prefMapHandle 4140 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a51d99d4-9687-490d-8ab5-5621ac668e13} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 3976 21458558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.11.1425464627\2103999446" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d32186c-1003-42de-8048-104997b81997} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4868 1c6add58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.10.1686549213\1176850945" -parentBuildID 20221007134813 -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30136fd-f5aa-4c16-97c6-ea087220e1ac} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 4828 1806eb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1332.12.1947534408\2122880313" -childID 9 -isForBrowser -prefsHandle 5112 -prefMapHandle 4768 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ba4dfc8-affe-44e1-89e6-73f1efa4fd6b} 1332 "\\.\pipe\gecko-crash-server-pipe.1332" 5128 1ee9f258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3868 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3892 --field-trial-handle=1688,i,18109034164630822624,1455362114379045788,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
BE 179.60.195.36:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
BE 179.60.195.36:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.36:443 facebook.com tcp
BE 179.60.195.36:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
BE 179.60.195.36:443 fbsbx.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
BE 179.60.195.36:443 fbsbx.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:50084 tcp
NL 142.250.27.84:443 accounts.google.com udp
BE 179.60.195.36:443 fbsbx.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
BE 179.60.195.36:443 star-mini.c10r.facebook.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.36:443 facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
BE 179.60.195.36:443 facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
N/A 127.0.0.1:50094 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
BE 179.60.195.36:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
BE 179.60.195.36:443 www.facebook.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
BE 179.60.195.36:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

memory/2040-0-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{798B36C1-C4FE-11EE-8495-CEEF1DCBEAFA}.dat

MD5 4ad72ddc0ed8fe6006e5ee20d3613a19
SHA1 fc3bff5614e42ec30a4febe3de0f4eb72b95d4e9
SHA256 e948277939d7927b13cc8cf018e2b137c5d42a1f31a841847912627acc0436a4
SHA512 8743005b81a444e7d1cb8ada590c3711026d15f24ee16c265c6afbf963737fd3b95f996e4ad7157788faa3ef348b437c28e82506427259aab0716cabfa30aed7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{798D9821-C4FE-11EE-8495-CEEF1DCBEAFA}.dat

MD5 12cc00599fef7ead7b1f23598fdec48c
SHA1 4e1acbf603c361aed41478be6144b7f257925f6d
SHA256 f30f84f772352e3f02b52ef431f4192ab6047408a016d0e511037661d25bca9f
SHA512 dedd3b04f00eaca8eb0ed403811f23aa9f278c7c20f40b29824b299d2f342c8b6e4acdce09624f42f02ccecc6f59e95ef0969bc0fedf23c9abeeaeedc3c5aee9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79925AE1-C4FE-11EE-8495-CEEF1DCBEAFA}.dat

MD5 fe5e347d2d0fd6563e8b7c309d0d53b5
SHA1 5f7c0013ceabc567375b49a35389d6a6c30c9957
SHA256 11cf705460b8097c9b03cb38dcf7d87d36b20d9aade8474a3baf4edbbfaecf99
SHA512 a5c66963539131171cb4bee23d4503e1ba68eb7726f9d398c779cb6b9727a3b3f9f6f1cb37a599fbacc24c0309adc2d52020cd94c04d2f493056568abf04f654

C:\Users\Admin\AppData\Local\Temp\Cab710D.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 231990cddc86b9a11e79ed35b92fb988
SHA1 583e7acbbdefeffebda9771cc1c85f47d97359f5
SHA256 499f7d7af3f2bd7c24cf678b4c76612e866e3585e475c70c6f661dd5f4c7a686
SHA512 3c65fbfec19128b6ce04a33235cca37326d2725e391173c29f6c295da8a6ab722ee42d0bcf23f592b371b2e0559a2f910d15aab29c7b77ae9602ca504d7df9cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45441e2703bd716af8a3be1d86817368
SHA1 c9680df90c6a60c021fbc5290f8a4f962d43dbd0
SHA256 eaff208540fa53ce10dbb68a6d9ed87ea6153defbaa9fc7f385de2e17b373495
SHA512 f8a2eb97033541687250b0c89531b00ab742ae731db5889e8f36ea06a694784785471fbf4e49962e4c63793155ff3bdbff9d8691c0caa2d7fa6190b8f350bb01

C:\Users\Admin\AppData\Local\Temp\Tar71EA.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c2372d4106052f882d1160d959a9578
SHA1 e41b7794aa39b6aadc0625fb89e967a9db3fa47d
SHA256 3dcd9341e3c5fabcd1f9d046772204b830ae74a76709e2e27adb2975413bcfc6
SHA512 02104a6b6deb6f0251d78ba427838d557df75f652ef6f7beeeaff07326014853905957057ea6b808301621a5a28dc414ec5093a9e1c40d7a84e03f6cb714c9cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 91bf88874ebe7ee1772bc9930f9311be
SHA1 6e8af09f3f7e6904e5621d6605bbf330d01f5aae
SHA256 1c3f48ccff62fefc00e00bc2db46983739ffe7eefe52b5790302ce55422896d2
SHA512 f3a8bf3b2dc7fcd1e5c2f9e8cf13877b74952f47fd36f05d549196623b676d41e3e466ef0c3fad7fc2033b1479f6ff366e139f3869dc1689edc77c9d5bb8f240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5b3a413033a1663b2c355adaf2ce2ac
SHA1 7f3d8a095c695a01900bab15bf12a979943bc4a8
SHA256 93c07ee9405153cdb43bcacb274e732dc6fdaca5f455ccf5f68afcea62b527ad
SHA512 75dfcb032c1447cf8428c63e2f9d23e5adac0edc4f8a8db86d3e7e60e96d56723639581cdc327bef780a3380912535e64a36fff60a7e252d68bb4638c11b64c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5bc3ba4c2678773a6ea111f344ef177
SHA1 e2954abf4bd6dce42c8b28955aca4cf24de362b7
SHA256 ef96e18d933fe88156ce72bbda431185e98268b9b785cfd5d6aaf0d3b79c324d
SHA512 1bdfb1c2d1f51e8c6384f5dcf16cabe4959a488bf6620164946bee780ec84857ae438223827557c05db5baadeca9aaa77f0535fe43727954a1e765bab05f01df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 38b650dc03ca9ff02d94b27390ebaa71
SHA1 d17cdc86537883fc097e368a58dcf854295b86a0
SHA256 04dd7fe326ba7e3d45da871eba2a1ca332de96d639fdf7ec953651565709748c
SHA512 fb01d5cab8ebba4d9fda2ff6e813eb3ca1ca54c630cab44a398ef6a10e9d39ee39c1694cb533b2bb8caa4990f72f2a90e34682a9a942596eca5d0e487ee88c63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 85aba89c53bb7c2a4f540128473bc3b1
SHA1 493feea8df0a909b5b0e0cdc04c86b193fc76f27
SHA256 98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1
SHA512 08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7539780e574254f87a1ba19e804914c1
SHA1 77d2e35ffb8eecb36ccc852106a2f12914ec7abe
SHA256 5b21f7760452e3264a2c8b9299064b33ec0d7000cd8ccfb4eafd5a55e5ef2e8c
SHA512 6d17be42f0d19b2a9bf8614369c4d846e973e8455d722b2f1f096699dade32216a9692b005ec9dc2e4a6aba64e69ded158663493ee782e7518fc3c567859e6fc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\T70G0MZR.txt

MD5 d8fae069e34cdf5a40efada18742555a
SHA1 a378d08de573dc907d83efa3b723da001b293726
SHA256 2b1d792a89c99f0d155476598cf47059a544ca2f717190778656db4c0ea06ff0
SHA512 91092582816b3eafacbbfffe35fd53f284c9c1253cc992ab15ab3e53446658f915e561938fee520e8312c7952367d377bc7afca1892d42266449f22bd74d20c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7d10d6a2d05142b2f7de42728ab93a9d
SHA1 dd26f063d2bf4688cd996ea46ec9c79f9702483a
SHA256 a06c2f6ee0ae9af14551ac19e95835bf20b775d835b558529eb5979d474f0919
SHA512 74738a2f5fea62431113b09022d031000ee1ee3fd15d0c02dcce313c1f67d7c9176d13a715653d1fd23ed10c8c8fbdeccfe09bdd17511e3f92e218ba151e9139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 fa0757d92d27909d66b125e247f42699
SHA1 2c6d0ebbf1963fc612d6176f47b9d6c2625eef20
SHA256 4fd5a419e16d318d0c6605cc00be965259b4a7e01bcfddc752d657d0e65e75eb
SHA512 4a598a5baa0686b9cd7966dd61535ef36be1ce8b7ffa7f8fcc316361c32faab50fd3958594010304d8f2b6fa9cc0f1d83b61ce567ee4d2d574ec94d50396a388

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 bb805e1387deb3bc9981893081d4c064
SHA1 b1409ea373d6f26d0b59442eeb348c236a0d1b91
SHA256 fc7dec5b80e6e4267e9f796a93e17a6571523450fa8a32daf32b9474f9118ec9
SHA512 baa8c79e9486df03bbd5948dca1141c32ef903d691d507c47567ce202a600fe995613f5ef3f16fdf1fb5d164812329ec32f26b4f927f0c42466bff5db9a2fa8b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 3f513900b9b10588c56929cc7275205f
SHA1 57dc00461ab20d1e9cfbd73cd298012c2e7c9beb
SHA256 51228d3a507009f20bf7cd6e370fadd7448cd65da47631788517d25e3cb5c9b3
SHA512 8623f29c2b5c4a3d45ef27101f1054a0a367166c694a13b2d04f30bb492c7a8f7d273ec43880844a3c0e5e7041f13cceb0bf04e9f2ae1ff7b7783b61bd56c646

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 304dcdacd6d210f715a8a7f478565b11
SHA1 f150934d694fada6b9a3ea0577774112d7efe8b0
SHA256 82c668101a6e692175d7a4628c69d05b4753a7793ce37bcc334c04d0a6d3dd33
SHA512 12ba2a39905f095d2df54155c612ad18d466933dc1cff466706ffa235627400cb154070305850695e7a326550b65d256166c7a49e72a6a434f6e91d9ec126093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbe3bb057dd1811a5bcd36e458c86fae
SHA1 cbb61be938dd00e35b3e7819e5ebe883f4f9b051
SHA256 0ee01784a78962acae65c08d1d856d6cca5627bb9681bce89da05f5ef64f5158
SHA512 f95928cc8b8499da1fd8dfa737ac5fd9e461336cea24d0d10e193ff7458808196cb2f819344afd43e643b62fe91ed252599921ee35171f26ba8030026a690763

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da2246528912b077656f1699d9f2be01
SHA1 cf327f8109701aba64dc32b4972f9d821d9a19f6
SHA256 1a0f24dc147b6ef23760958d47f81b694295beb372c60dca81b58c2dcf0b3e17
SHA512 df868f27f7cc4b14a1f5fc2b83b7273770707875ddb01f2353998ac47570719a14af4e3e45c37e133ffa4ffd3365d84bdeabb9d3998ffd2d5e31ceaaa44d8161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ce97e218f61548d0e9da1fdd6fa14b3
SHA1 81d8f6fa878f24b2f363baf5cfc03ffb95898724
SHA256 1fa686d30bb4f123d2c60c58a24a1f1e5a607d91197ac72a438e78058f8459eb
SHA512 ff3c080cc1078168956a0fe470e9e94892f112926732c9e066def9c671cb4747a9a599b0968c0041dc6438e395116e7dbe6a4547324dd15cf0b6beeb881737b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf17fb3932a6c22b5ec9e814959fcfbf
SHA1 40dbbb04113b78d189b35a3ae70eb5c1a08deb26
SHA256 23df447ffb97263a28e77a06e49b8e63862f4cfe35fb19ba03a7be6d0fef2f26
SHA512 11fc5fd5fa4cc2967936577958dc2c3e05936adff55fbd8e292f72da5fd497939893659ffd23de4ed7907f81a12de19d4e478ff4365293c06c25f0d17f691ebe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4ff24d6a5c7d385a85f90f5de32f088
SHA1 0e7f2f3e83a3e98afd51751cd4f28448a52529ac
SHA256 c334e17d36bbb79505cc1a226555d9067d6807a0a1977270a8eb2ea4abedd15a
SHA512 534263e9c4016766455755d31a4e9affb3e894ade8460b8a42c180a4449bc2496f12f08d9664eab00ed25e6910fd59b13ec1f83c308f07694afdb01b35a0d93d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fae3d362590b4d82990acbb63241cac5
SHA1 36359878cc4ed8f128b6f74dc3fa99a0f3d13b7c
SHA256 05d63da43472bc12162d478aad63fdb48efc11be01e13838fe27e748c99cce23
SHA512 0f6dfdf4ad8271ef07267332af774e10f63df433747814d87fb9a6a8d994279391107cdb56bc3d64d03b690b6d45c9fa2289f7862f5d552e6c2691affa487bb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 977f09ba6bfd8cd5972581a94a847850
SHA1 779ec6e28eaf198810e490fe943e401be7546cfa
SHA256 2ef0c71f647386f0cb702584dbd4620d8ee51a5255827608b443d47b07e62981
SHA512 ca2de6505f49cb81040ba528f961bce26a272d003f7b21462fb8043dd13428781a09c54f2de6a32652ce23cbbcf163e4425c299acb086cd61c6e6d018b7050dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa6365d59b98c41c802123370e88a3d3
SHA1 3c0770477bc85eefd3e135518f3de102b80df3b0
SHA256 58b9bd4afd698ab9e4b77962057d9a927f1bd3fd1ec6923ddfa45e5f02dbff8d
SHA512 87c9980bd445397a504a8f99f22bd0165591849188aa6137fad7ca719240baa436a2458d98f92bd0856c5f33ae118b3cdfa023ef530f44058929c541ccc3effd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d2ac8e00c5a6e8fc973f70971e43732
SHA1 3a9620b1d72a357f5ac6f7dfd1adb1154e03ca22
SHA256 71369acb96d71370032f977d78fcf91b536cfe756e4512eb5ea61d62d4534ac1
SHA512 28285bcbedc9fdadaaff97eef343e8bd263c136b675383c4b297714d029817656a54760bd8bdc8d753a703ee154961e2969027769a0a584e6b05df6c8a583b3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e231ee4bb6e3cfb4d6ca788e11b73ac
SHA1 890893e24f3ddb2de31fc41b5677320bcec47280
SHA256 a1f2397891a95a526bed9093068b0b5e41863e08f192ffb6b50173f057142852
SHA512 9987639ad81ac6898c0c53116a3dfb2372d81b1e44e8509e459cb997ed387f242e76818ddc74fbf7f0652c5c079c44781d9c646f91a0722c549c0a6920d38f22

memory/2040-822-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6ceed0c88ffab51ae4b831f53ba82b6a
SHA1 3f6500fa70a8f4fa4506551868ba008b23e3d6e4
SHA256 6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9
SHA512 0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2408_OTRTPDAKNIGCPAKC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4ff3662b1f4be93638551aa72fdc0d33
SHA1 2b26cbb449ece050f43b5c7d7af964a8c972118c
SHA256 87459313ffe07a48856419d35c100cfc1ac9abfb53e36161bdb720f7acacfcba
SHA512 5375decfa676ea56d5d0b3c0044d4c6dd8f61e3168380cbc34589ee30d54137b5f038a799a972148d6efc989b5c3cfa4e4c680e6461ea91b1c126572edc8a6a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8e53a8f8-dc22-464d-999e-a5e4e6a5ca49.tmp

MD5 0c78d02b69c755e4eb5ff9ebf9593027
SHA1 3f156a7000c9b9e94b9026f54eff578afdb58539
SHA256 c9cf7a5fb962d451f84458c072baa422220ff230d5486891e3a3f105e1455985
SHA512 43b9e619245ad7ce706b3aed7c939040ce243dc06b743fc7a383ba535cd14d021bcbf03609a3fc92b05dd9ac86a0de2ada3dec46af3cf90ab55ee67d072c641e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 669576148efe09c9b624dc71a0c0ae7e
SHA1 dcf062c24f8429cb01e3fbe70b67622af8e06707
SHA256 030ea06ba2c49e58e6ff4bae21611536d5eb82083860cb86498350f6a978713a
SHA512 70c91ab88906105366aed8a404ed0a8a9adc61dec59822627f4687a071e6dd1b03ce6c5508028cda89c156b0a7ee8b7503aaf5543f86844f0a1734947a863f8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\2ff7ef7b-3040-462d-a714-148de4b6e501

MD5 5f7a4b8488a29652553b2824e20d4267
SHA1 0c6c3badf0d761304b34f54448d1b449d54d7977
SHA256 c802bee5266377e663586f89362d9f389ae4222502536d8bd1def1418f1f06ed
SHA512 fbfb111f7b80aadf4a55d665da72a104503bf35b383f3c1d0b9bdd15270c638b3ead9c8c7c91d56b6d7a29c8055723192877d51a2614ffc95f915e25dd4361ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\2adf5e18-5e47-4391-bad2-dfd855c3cf1a

MD5 7198e58fcea0ccb004d43b402b20de59
SHA1 0217ff7123aa73edbc8cd580371891d32fe873cf
SHA256 ef7a02adbf6b8688e5918e8fb9143a1ec975cd228726a488b346c68064fddd3c
SHA512 3106ac122fc4637e2a99062d769cb096d0ff945d6aba41d592d4b7f3fe30edb7e42662ddaf1539d48bf7abcadb59cfd20d7be79f6afe222028f47ae5ff6a55db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 c8803157055154ea34190d82a0ee05b6
SHA1 1205d43b24ef0a90da8521ca6a352d8c9f9e0b58
SHA256 50b978efbb5c405ec442821f8b5dd747b89aed44d3dd853708ce3176ab784db1
SHA512 10615f1935e03917b9ab8655c9cbdaf6ae6fc2572d7612bd6fc48b997a986e5a43c8f8a030dc84a84ba8d026e1e0d17673d22c428ec8cc2e0c57bd9d1a6081c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6b5cc191e4404e1787afb240e0ea44ea
SHA1 03362321488aec760d301dd180c8569f05645dd1
SHA256 058f955957af07023ac0bc2b07813ae03c4c05d6a915d23a0d7594093f719a50
SHA512 5cdac7e2b2920052467d7a6cd68f9cbc5e3724b0ed743e2b2d4f01ab817a458029518f8e16f486d76efb14d7ae37be465e0368adb56d623de2f74939b8bd512f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 869f669d514137bbcdde5574ce28b41c
SHA1 57144647c160c32c0c8026901915a2d7fd5b54df
SHA256 ba843c228b9f29192fcb03a61db9ba2ec52d99c6d5da311ca82dd1dc38b00877
SHA512 069709bfc0a466f7daffee51694de5649c5fc7bedefbc527cd13f547daa7864e9da960e0610434cf57da55e1d78dbf5e49bfb3d8df0e8ba4a892e4be6edf9457

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0b1ad618ecf2830e9c050df7a42de9dc
SHA1 50e080ded50f5d705e338b7458079b73eda3ff3c
SHA256 6a0858d5959c89cb695957943cc70ace6a1e011e116f83ca5d794f0b4b88bfd9
SHA512 2f680e202cb5f7162cd5ea36ad2c587436c3de41ec9da259c39ce2f885c938c21a49dda2b1eb6b5aa5b423ba330675ce7ebb5264b10daa445d5598192083025e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 98bfdba432e4633925eb3981e22e7ec7
SHA1 f434f763e7b94c39c46fff7963675aa07fb5d95c
SHA256 aef4501288cf3d895d2e760752add3df6254efea8ed17fdada6cf22af14a3991
SHA512 dfcc233db6794606e22cfa421541ca2aad78d35ef9526384f4391f0ed7854e7b6b5af6b60229151934343370e2b3ddae1b3cc81d6430c505ba090153f1f3d33b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 6a741b97050b7e3eaff6f97bb334a02d
SHA1 5fbe6b01fdb16c55627ab8c5d035b83f3b8ca5aa
SHA256 2f2056888cd04f3403b338daf2ec8c6f6b8beb2d7c2e23e5b995ce66ba1bded0
SHA512 49fb4e6cdd3055ca2a4e38850a5abfb85f7877a0f48e3ac48621bac20394a3a18accb0e7fbd220f07d85a7d085f522beb28b04fa955c1283f86d74131bc14e9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 c0c84479d8f3ace0f5b65cebbe2ed0bf
SHA1 310c9c21a3738ae528b615d34bd6347bfc68b990
SHA256 07a5864e43681ec8b5502206535124c2ea1175fe41745dfd61ea86119ff122ab
SHA512 521f6f64030caa73b19ea8cdc07b79affa086822d7347091c315ec0239368a54f1a48f7840d4bdc5305dfd008bab48869d1ef997a04eaccf144ddeb0e8dead9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 5252066f674ab70eaa9fd575b45d69bd
SHA1 942d0137d5882feced7f8059fbba819a2defc9fd
SHA256 38d0f640decb673e79f7d2a16d3dc058d990fd2b102d36d7c3e57f0adbb4fcd0
SHA512 6448c139383b7572b881d1fa1c6dfccd11906ee9638c577a9efde4050b8977cd037599d9ab59ca625a4991336c9b7a80925138f37eac06aab0a5a18773e854c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_4D5101BE24E3D91707DD60953C1BD871

MD5 971f6299dbb70c19b38ca9075d9594ca
SHA1 eabd947e9b2869a38f6ef5ba32edf32a00b4bcdd
SHA256 602254a1a9e7bc59aebac2236b855a4b3166416ca1caf57109bc66aa81bf19e6
SHA512 3bbf449dc69550fce1e98b48127a171bd38a78949ed90d9e1125ff7e2fa3afe8918687f1fa21b812ad528415cb941c76d685bd1df29d573f67827593815bfcb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_4D5101BE24E3D91707DD60953C1BD871

MD5 f35b0a1726dd0e1dc6ff5010a181024c
SHA1 407f96a114b9ca13248be47cff948976e5dce9bb
SHA256 4238305d98269011607c6ce2c75cfceb162fe092b2906c45f6417b8507883a26
SHA512 d36c6bcb01896b74a379996a5e55070a34e4da629471d0de163ebef1e9d82bcbcfe6279a5dfd473fce6d6ca8db3b10ae5c7e3ab858fa908f0daa81f634a8f706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9d1f03a6dfd639ee33c647fa2d7ea84f
SHA1 2726f96c5b7980e917db6ac23175ba68c20a8a9e
SHA256 ac7fa5f586b08b6868356e10d096047303deee9b78c11ca7a0a4113024f0bc24
SHA512 a11cb62c0565de8440462a2421a3133d7b89ef0fd07cab5198e5af5cf12a153d28b8ce89bf6b10b73764637fb3042f797bef7e4cd0981e18b186ffa4289dc065

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{595e2523-f5f0-4717-ae2a-6dff191a5f69}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 eb5429d2740987a8a52273ccdd38c38f
SHA1 579545caf85dcb2d927b335581ae89661647cba6
SHA256 c3e95d57e15b6125a3bd6989c0ebf4053419c0a6bb6a3546a4d68fa173182aa2
SHA512 4fdb808fb2b99163345aa31b8659591c9ebc24488a44368c49279ccdc00da9dac3eba482cf8ba9892554e6b4227b271cc80b4ef165f212db0c9777b4ee103f34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\idb\3959265938yCt7-%iCt7-%rcedscpdo.sqlite

MD5 b93584413ba588cb1e29331c5d309364
SHA1 ab96bae16d2e358839e3417cd9ca4399e22f1557
SHA256 55cfdd453d10573ec79d079d6698741321f0a61c14e4739af1ee1400cc99ab98
SHA512 351941736f03a8de136d172197d788c3a3d8d2dfc9ea835e4cfaf6021827be53a72a4743362024a3b601ced0e0da0d9f2c6c8e84002a9d846d3af304ac05fd76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d605bb6aa5863bcb7fb50a09a8e38c6a
SHA1 b55a1ef02bf6c2af9df9a2f43564dd7854de4f00
SHA256 3182e6ab336ac8007b019d49f1482a057905f82ea6d58fbc99d806c7478677e7
SHA512 a635b030928d6c42efdf56f84b291b97755b8adcd1b1797b0e2f95e2f946387502e7644222c4cc60620f9b1ecbfd0d76a1b89c8c11c5b9bd3605d44627f87000

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf772c4e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 c04844bc5c3737ed577bae45649fb7f7
SHA1 4a1762108242ca1833195adbf90717de4825b121
SHA256 9fd9ac1524bede4e0cfdb5571fc4cec6ef33719d5538525d94bf438ea97415b2
SHA512 ff1c3eaf1035117c4e7f9d4366c04c523f5a3269d6ad2bfbc593afb58e5f9eaf1a8f8ad0151f6153d73922d493fd4a1e4d69a418db26a98dd47b76291ad08b6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 54ef67465861f72309052626e564237d
SHA1 120f0c3b87576e4acc9c8b80151e6d67dad52be9
SHA256 533e5960d2316ee6cd91f135d1aad8fe15eb8dc1230ed627b121a0c07a5a50f3
SHA512 49cb40d436f0edeec44f0cf19c373584620a02d34c460b09eb19afb448d3349dd566cecd42d49be34e9e1e757485e025ea04bf62890dc5fe5f6659a446ca1dc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b43ae44d32f1956f33dc9930a52d0047
SHA1 227ec1d02ce56522ec06b62ec7271feb8edfd467
SHA256 a79845d222c7dc4fcfaa7e40c86230ac1053dec867c5d02c1f52e7f71077bc22
SHA512 fca164974a6734febcc585d1f9b408a98f1233c29e1938f0f568026fe23b0d4cf103a5d5f6d1f3fc15edef14f4239b240170f25c375e99cb2e5846e5871c6819

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 4a310a59a16f9ba59ba2fe764c405bcf
SHA1 784b87e374c4128ac389a5bae7ef59f9a9c4e177
SHA256 efe378190dc19ad21d2eb6b7a3bbbc62cb05ff24829ac8de9d4d529a11eb8d2e
SHA512 6802bfaf301bae12a960ea4a5c647cfa5cace70ae81aa4cb704576f20b093445f98e0b71c2c6344ecd648abb82647bcba8ddeec53e6e73d884c57815ac00219c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9bf600f693ff0c8841b6814f78e310f
SHA1 2634ce0bcbb708ed195664e2fbcfdb8249b11ac8
SHA256 919b029995a990021a36bef4242bf991a8fae54d0fe6ef9485c39d34303e53a1
SHA512 644337ff492218d1ad22c5e7913b58e216274e208fbfbe945447cd71560aa62409e6e716aeae749b20650e7dac94222bf903cdf6534bff5eedb7bf5be0316de5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d37711fe2bca333b0e109a459be053b
SHA1 a97b3440dcac5145b3a7918d191d15a887e8144d
SHA256 37875d2c086fe2e1cad376235188b61054c2d2606f7083040d344f11fe6e3489
SHA512 1874f5f916c6f6851f896bf48165ad2f36d636e3c589b3ade68f4d256a3bcfe792ebc27fe6fbba255e94c03a9d63285b6db551eecdfea613334586494e45ae93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88ad945af30cf168534f9a100b7c8056
SHA1 3b20e10914be835b596817b25332efec45b78c96
SHA256 0eb49c20d2acc82b30d902eb0beb57adb21f7171d5780a4926b6b5e93e6b5f66
SHA512 c7d77fd3e0e051c986e2c4db980476386acfcb12bdc32e793a9c67342371d12115c2a6aba95e8e4529a9ea7c536501a03b65bbeb4cbe36e960d6208fd8377688

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9b94ae65ef78b33136b3a808c311a348
SHA1 95765690773e91896ad9aa68b907e03a38b243c5
SHA256 c2a179f95eb9612f4fd135dc1b86a20813181a9bfa466dc6d1a010ff3170dccd
SHA512 86b1aae3fd7b3a85af4450f52cba03c59a27a0009b7e7731a1048a3c85e2b7797f8efe07d0dd10b0c37c6a7bc897c5ac89d990294cdeb4a70c9195fd1c392984

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7abf9d64454d661b86f3723a2e48266
SHA1 d1b7af703ec5c3a07cbda0ed9a81c4e7838b1e28
SHA256 86b47bce140fb52baea37f418aaae417b5f26eb6d890fe5ae71c8d71292dce3b
SHA512 8723f35ff67a6eceefcd016070085eb348c40b1d57fdfa523842a130a37ab2f0de77b8c1e51626a4378c59364c72e1c3f099f9118801ddfaca2f97c325ccc424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6163854b2cfb80cf4c696a86dd76c938
SHA1 330671dcc7a756a4c858f51c757093b7c78f287e
SHA256 29e182315de76153b188e9f4157dfdd0451376334a523a521f32a849b22c3e7d
SHA512 5dbc0ccf7897f7c84d536aeaa9db0a37fcbef3887c13799071070cbe7b0aaad68cf6ee74d00108533dfca574d2c13f73b30eebe52c3c7de70d5506bbb5726d8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c3bcac947fc973dd51818ab658ee28
SHA1 eb6de11cad5d51ce8c7841f464efcf5c919fc4e3
SHA256 d6b17f17440d02b36a3af4cde4517941f052cbf942bb587d1354e07cb4b380bd
SHA512 6497a048b21a7eeaf71a503c11ef34ffb6e048dd7cf15bf5dc066ea485c732419d9912fad2b97aea1af9221158163da4ad2f1673808b77d83442370d58f901e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17ac74e7b4017e81bb60cf14a4d8c9d9
SHA1 86341bdb66bd38fb879ef0e25d578c33de6bea02
SHA256 c07753ed13d34178fb6bf32fff44f10fa68edf0a1f702938c125c7fd75afcb15
SHA512 ac10c9a7102edadd8ef27f5bf0e5343f3c1b94ccdd4f9dc4a893f6977c096991c5bb9af604b0c70b5094a8236c3c024680b6373f33c02f5b4e2e7a368be2c4d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fb2796320d93bcde99ba90ec098ea28
SHA1 ac61b11fb86923c2dcf3c7c8bd72d3f0f9d8f369
SHA256 1717fb31d155206f67e6021afb57b17d4eb5517f4d472a05deb7603e91f9701c
SHA512 e34017707506075a760ae96ddb001bf5c99fd2a859234ac247512ff2f559a5f8a1bea453c0e8956fb5df35d82fc8c6cc6a981ae7797f9487b2ab34f9ec2c608a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 59e116edfe1a8713042a0fddd032b112
SHA1 1b827ca0c340c80c799034fa179a2c384f2238cc
SHA256 581c82b02633249023bf69a9e03882d6b601b6d5c8e8f93390153b33c0b80ab0
SHA512 8bbb65e6315637d9973f490a4e92c28945ab38ad6e610ce3d28b18b0c412e9d6a726a05811edb524aeb63c403eba144431f0de43eff8ae80d8480ced6762684b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 603e166ff4e9ee4b4614cb9ec04605fc
SHA1 d17a03c82e4a3e8f8d12e02dc9ea5aadda385de7
SHA256 53d8e6bc5d6fa996f4b7fc9b3a87e8661f2f94034cb940b277bab5af3e1b23eb
SHA512 cb68097928561aed6462aadbc753349783969520afdf486a808d50c930e945cb42da38c69930361219fdcb3f8ba81cc87530e25d3425a1e06d2e850e5f2e6140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cb4897845a41f93e92f6f004c61c167
SHA1 f82b715680e442beb6398907c5445ce0ccbb87a3
SHA256 e48770a8ca7120882b5128f1898f4876e6a037588c87ebe587d53ce79b161f96
SHA512 502a0fb3adce471b485734a4a6acc52ae68ab56f7de96f57936de97d7a549101868d15efa27268bec07bd48cbb2b5cdb7b5a47dfbbbd098503d0db60f028e4e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dac185a12f0355fa17b49f275c258d6d
SHA1 d43550be463c424ba3cde3b8a3b7d43a1599227f
SHA256 915f8f757a84c0cf50db749cd2163982f40db076f3e4262772e4984667405fa2
SHA512 d6249cda026d5221225c17d5b9ccb4c283ed5aa3d29d4b7f43ad5059e3b9c00f4e2d55c8659c817dd4ac7442cb21590e953b45e06ff5055e2d98bdfcbcb9a201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07d2d2677591ce92daf5d502411159e4
SHA1 cd2ddde4535e26b829a4a9541a79eaa52f66ede2
SHA256 7f193f96ac5630bbcff41be671e2890ec30f1458ce3361d00d20d084c54ff920
SHA512 519ee3d58dd4b31a50390ca95eefaa17848cb1700a77ab67525a31b8ada011acd6a732318bf4446ffdfefada8e38c4ff8ec298604e8fd4baf5abc92cba4ebfb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e02f2d4b1a2c4097fc888f0999bdb086
SHA1 0966f2b55c2a4d6ea07c4844bfaa8a03a09a44fa
SHA256 484d3717734352a9b050e6f2a1c88f5d8fd567c94fb01a948d162aa99ed0d7cb
SHA512 960b4000e522c14e9b91c51969da1217868b9b6c3dba662ff8443d5d3d4b95511c0205217c1191e481359e3dd92ff77c5409130743c290b36ad5cc5447b3834a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4c22d8f8-cceb-47a4-939e-5fde33cd70bf.tmp

MD5 7898959e5aeba77212306565532e8205
SHA1 294794d89ce68ed0c4c74aa2c71f0aaa91d2b723
SHA256 4a2f3133b32eef44c082069fa6f4e0853bc21815a908c809efaa8b9c7882d4eb
SHA512 268bb384efcc771bb5ae8b0170b257c0454d12c4bdbad13de49674b8ab677ff9c1df551b5e7f701808881af6d85fd2231914626024133b1ea46654ab99652f08