Malware Analysis Report

2024-11-16 15:51

Sample ID 240206-r61ksabceq
Target cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe
SHA256 cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a

Threat Level: Known bad

The file cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 14:49

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 14:49

Reported

2024-02-06 14:51

Platform

win7-20231129-en

Max time kernel

50s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1D27721-C4FE-11EE-8DE4-FA7CD17678B7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707ce8b70b59da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000008c494182c66b8a79f791827183e9cbee14c09d7b4153e3d7405bc153c7abcfa3000000000e8000000002000020000000bc9e08477a9ee69029c8a3b10f2bf7b3174ba20f806475e9eb754e901b460ca620000000ef657896464a117c783fa8ebb0282174cf6c4e32818fd411293d67fe1707b65f40000000795be934a249ece203603b95965bbfd32f0f5faa80dbdd7138a97946807bbac9183bf00218f08a366651184d61ec92fd0fec64eb1bcbd5a3d0f97733439af28a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1D015C1-C4FE-11EE-8DE4-FA7CD17678B7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000f33d9b61c8f80ef4a18763ac282617f8f654207051134fbb0bdf23fcc89dd26c000000000e80000000020000200000008d8b3adbd997ee722f8ff702abe040167c472318d995e92f0b275795762be4f69000000026396666e2e6cbd5e497d1f83ef3c63ddf56a05edd40e1e52c93e3a2ad34fbec32b2ffd2a0ae5cff4fbbe0c2273a1281cbd508297a5a3e3581983a994694b28c3c9f10fc23140fd2561a0f6c8052c02eb8268e74b508dc60d1fe547917607c742e535625d609b6cc1d06fa5ca8b8bc8481420771b37cf6b09ae586a3087c66793b8a24de457b3e3af97566359ced4d9e400000003d9fa034a0557f3b6e5173448b7bf541b0b40541842de4c02bc3f7969b0e856a989e1ffb85e74548f3eb819c3daf7a882fd1d44755bc76301889ae27b799ad47 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2816 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2816 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2824 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2824 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2824 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2824 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2884 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2884 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2884 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2884 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2592 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2816 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2720 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2076 wrote to memory of 840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2076 wrote to memory of 840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2076 wrote to memory of 840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2436 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2436 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2436 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2816 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2816 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2816 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2816 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2840 wrote to memory of 1080 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2816 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2816 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2816 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b89758,0x7fef6b89768,0x7fef6b89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6b89758,0x7fef6b89768,0x7fef6b89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6b89758,0x7fef6b89768,0x7fef6b89778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.0.1071571423\616427978" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1120 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26bf5dac-0c19-4e0a-a823-751bc662e7f5} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 1340 100d5a58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1208,i,18181445383183436962,15462407002118773914,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1324,i,3336979372000837731,9965575553479582776,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.1.496045151\1373499386" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5890fdcf-3a6a-4a76-a141-3e5d86b7f972} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 1548 42eb558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1208,i,18181445383183436962,15462407002118773914,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1324,i,3336979372000837731,9965575553479582776,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2564 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2584 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.2.683654617\2062555952" -childID 1 -isForBrowser -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5adb277e-f766-4ccf-a785-ad446aaf75fc} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 2256 17cf6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.3.1702377471\1962341614" -childID 2 -isForBrowser -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {351e1f24-5982-49a6-b269-c927fb7e5853} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 2856 1cea3d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3348 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.4.1829551218\397325281" -childID 3 -isForBrowser -prefsHandle 1920 -prefMapHandle 3692 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {791363e5-1b18-483e-b391-c6055a4fc52e} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 3716 1f2ca358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.5.1406971565\1723852674" -childID 4 -isForBrowser -prefsHandle 1920 -prefMapHandle 3692 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {840c6896-eb01-4c5e-8b82-105b7886a080} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 3808 1ee82958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.6.369583538\1588134496" -childID 5 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c6845ef-3887-4c59-ac98-afc30fca6e76} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 3924 1ee82c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.7.1602671421\2702139" -childID 6 -isForBrowser -prefsHandle 3808 -prefMapHandle 4012 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45c0e49e-59e9-45b3-ba7b-c5f50fb94862} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4112 1f2c9458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.8.568508811\877818714" -childID 7 -isForBrowser -prefsHandle 4140 -prefMapHandle 4200 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d940afd-da67-473b-91fd-f9ab9c326deb} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4396 1fd39b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.9.938746827\1143826242" -childID 8 -isForBrowser -prefsHandle 4480 -prefMapHandle 4484 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {690b5026-9950-4f17-8229-5a4ef1f7edaf} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4468 1fd69558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.10.1414833474\85056532" -parentBuildID 20221007134813 -prefsHandle 4760 -prefMapHandle 4764 -prefsLen 26212 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac85a3aa-7ea3-4b4e-9abc-b212e0c6916d} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4776 20b52958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.11.1237764233\1423972572" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 26387 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b624b79-3409-48cb-bb57-e61b83942ba5} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4884 20d1a158 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3424 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1284,i,9482383259625434705,6051003833086501440,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.12.602143440\1619051831" -childID 9 -isForBrowser -prefsHandle 5200 -prefMapHandle 3580 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 572 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a79b21f-dfb9-4308-8487-25564fe8fcc8} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 5212 20e8f958 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 fbsbx.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
NL 23.72.254.165:80 www.bing.com tcp
NL 23.72.254.165:80 www.bing.com tcp
GB 92.123.128.149:80 www.bing.com tcp
GB 92.123.128.149:80 www.bing.com tcp
GB 92.123.128.150:80 www.bing.com tcp
GB 92.123.128.150:80 www.bing.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.238.194.110:443 location.services.mozilla.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 142.250.187.238:443 www.youtube.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
FR 157.240.202.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
ES 157.240.5.35:443 www.facebook.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr5---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.234:443 rr5---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.234:443 rr5---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-hgn7rn7r.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-hgn7rn7r.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.234:443 rr5---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.234:443 rr5---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-hgn7rn7r.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.234:443 rr5---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.234:443 rr5---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:50304 tcp
US 8.8.8.8:53 rr2---sn-q4flrnl7.googlevideo.com udp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:50331 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
DE 157.240.251.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
DE 157.240.251.35:443 www.facebook.com tcp

Files

memory/2816-0-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1D4D881-C4FE-11EE-8DE4-FA7CD17678B7}.dat

MD5 bccf9149d3eb94a0966b96db4c799208
SHA1 e9e3caebe5168f1428140c2e4cfe3f142ac0e0a3
SHA256 74ee9e0a661b43cd3128714aeed6cf4f03a68365b0344a2597b014119ffdb66d
SHA512 50ef4a51d3fc1c5aaf5346a7467a462708f39b1e21a771df5377ac8ec549c52a024e80d77443ce21762e7f865826c501ab60edd148e1478ed25e3e27068b39c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1D4D881-C4FE-11EE-8DE4-FA7CD17678B7}.dat

MD5 0cd509d4945a14608e7dbea40aa12add
SHA1 8e4d2e276d66e3a5c961e61c7fb9d13ddf652ff9
SHA256 725e14cfded178798d69815369e222cad9e5ce998299a193f37f26bfa3046b44
SHA512 073cf0a09601fe5fde4b5f5840777343787fa89beb9da83543c25c6f86e50b5e80570377adb4c001eb48b9996dd959b824f1b722c017f90ab5cdc754b7f9ca5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1D015C1-C4FE-11EE-8DE4-FA7CD17678B7}.dat

MD5 2edd8d3d5dd2aa8db8774a9dc9404c97
SHA1 6b39463e7df26dc1af12e707e27173169b3644cc
SHA256 10e56925211edbf9669c5c4933f581fd4c7925e83c72d481820c28430c5c95e0
SHA512 9c08e6c1ba52986a42d63a7aae63a4f46d05b38e11aeb43db17161c08cb5967142dd5554b625b9a52e7a469cd0ffd841933b659fc683fd6a54ed187ba8582dc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 951a4d0ba0bed1b8915feb75d65777fc
SHA1 c963a72ba5063a156b5f91e9698c7f196d562079
SHA256 8e7bf8cce30b73c0873d49545f3829bbb20383ac8ee53329cd94726978b2a4ab
SHA512 db1b722c4e344547563a650d9450597bb9c3b2e773e3cbc8319044f647bb69e8aa2e738b30d0cb9e477f2c06f86e011483cf53de1c30d029dd93f5decfe9bc68

C:\Users\Admin\AppData\Local\Temp\CabD4A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 582c820e01c7de28fe9d8cf067dca644
SHA1 4d713aa3a5226555511b405b201bf179915911f1
SHA256 b51e55fedabe7359013ae08ebeb71b04f40fc4dfbd09b30dbf6557e2c7f0129c
SHA512 0a48d5ac04228f6952bd5a760d1ef026e343e11b0c0f49f59b9909bb5decd61c1f42a42be30ac3159da7ce232bd09df43e25697eecc3cbb85d0c5a8f0b82a750

C:\Users\Admin\AppData\Local\Temp\TarD4C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 004cac5fb2ab7c5522860259dfd9a007
SHA1 77725b8149479b99261efa784bd5cea1b8c7753b
SHA256 92a97b3d19a4dd2837ccd3c98ffd3ba3abf0e5ea11290ffb1c92669841e3f243
SHA512 3179f50818df81bc353386fdea9fb604b0df3b38aa573c827a3ac04ccc316180d933f608fc09baaebaa92e13e9e3f5688734d7839898bc67bbce7b3c07fc5f13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 cbccbcea7505ba74ef53a7f099601c25
SHA1 aa8d823129b5908ba132ebb77c418f890ac3bdb4
SHA256 47407b4452a4aebe03aea3aacb06427814d606f85e303698794256ee0932d185
SHA512 12a205de3625fb42750989e4e783452d9e6d5d0cd322f3b25cedf6bac2dc5be1c8e6fe8a07e0dbd1ac4d66e59be3f4c0294058878f14c36c177cdf8831e2a072

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2c0f1721b85d3e5c0b5cb9d7e3eb3f7e
SHA1 f4e9f65f45afdbb53c68407172c688f9a43f0a5c
SHA256 18d5246a05cde4ed00b08487b21c918b70101f949c0b0b85ba6796b31b718707
SHA512 7c8e0f3587e8dc4a95ca467555f1dd854e34ea06f98470bf121a55864ae9094a10ca768d46f87632607a8ec9a20a40737d03b9f5cf4d4171e8e248bfb57ba545

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64e695dcd0f211b3011f5dc2df010ef2
SHA1 2533222f796957095266b943c5bfb01e10cb93bb
SHA256 c720489e3e28974bd4e10fdae77826a68d1124df28f251c3044c9fc1b46fc623
SHA512 1ae4857ca891415890f3c27ba45e0e3132d198bea4463991c6887408e94680fdd4e89e0ee33feada81ac9e05e1b77b88c35f6cd88ef051ef238d7596a0cd4468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0b46c9e574b49bb6665d8a362c0e8c5
SHA1 74897ca309fb61f87b249d9ddf06c2a0a3e96557
SHA256 0ce2a95123857d055f24613d37cb4e454a23fe3708f20c2b2494616b1db4248a
SHA512 af241b3eb35350a2100faa647eedd13ccdc92e7540122e58f8b80d8034dde2d6ecf3d54148d1df3de64b3d6428fe5962847d93d55034f3872c7d6b4e94f43b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45441e2703bd716af8a3be1d86817368
SHA1 c9680df90c6a60c021fbc5290f8a4f962d43dbd0
SHA256 eaff208540fa53ce10dbb68a6d9ed87ea6153defbaa9fc7f385de2e17b373495
SHA512 f8a2eb97033541687250b0c89531b00ab742ae731db5889e8f36ea06a694784785471fbf4e49962e4c63793155ff3bdbff9d8691c0caa2d7fa6190b8f350bb01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 878790e78aa10f499a1f90b06316513f
SHA1 e4a4696ea20f4bd6b9b327bb3ec392e68f6bd05e
SHA256 1b6502a1ad0e0352f4ddabdb74e81a62b4870230fe8fa5a6694b440a337404ab
SHA512 d5896ae88a8c18f68c2f69678d31770798e8051336766dddea3664a5341f31dbf752c0ac68c570f11e9c61cf4a3931839ea58ca373e9b8ce169e7b768fcb54b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8897c16ea71a3a26a67f0a87abde89d1
SHA1 10d140ecdc2685a40a0c026702cde792bfd0d228
SHA256 d60ca6dd3f8bac6497c5fa40363a367a6dcf06a93a52b4a9b37b6e28104d7637
SHA512 749bf77d5ffe511d213348020d2674cef5c0e9c6a8c7bb1f9d3724712d245018030507ed0a2121d443f9b0df9e9039840356b0ce49b7535c141ea86c43306829

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d160ad4b2b33ecaa1011b4eaeb6f0476
SHA1 00023c2ed8bb704b5bccbb92de53c0bf0e9ee050
SHA256 ad27a0052d118fc386805a91c1db4a4a2fcf6f9f509035a1c04dfa987b095c86
SHA512 3950ebfda0da05e9e92111ebf6be4d7f7b795833db60cde070839afe6756be42ed723378c3cc56b1ef0887590bda7d1926453030755a6e64e82cce09e1aa1301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 85aba89c53bb7c2a4f540128473bc3b1
SHA1 493feea8df0a909b5b0e0cdc04c86b193fc76f27
SHA256 98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1
SHA512 08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 4646951ccce69960439cf87fafec2f81
SHA1 6c571428144ddaae86d2638f90e8ded32ec75577
SHA256 442ff0395bff0d2bc45439041f7335550ed1a754dbe4c9f486abbbef6e8f4f01
SHA512 c96a30ec2ca3c78f66e2c3dcbb73ce8c60922246203d319ae53cd41103a1570a7913dfd4fef0ebf3d398d66356c473481571b3e8a0ca9c8782dffc8939ab9c5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 de38672e669f8c9ce4539237587e4181
SHA1 ec4a92c071f8b579c2c7275d277621d5de5c51c7
SHA256 7d745f3790f4c7d0e0a1f1c33b8d1061b84b9be05c1b44262e52bad68ed33753
SHA512 62cddcbfe2094353e3cda2ee531440a8a9fe5f6a693530d5986f303074f9508c6b2c1d39139d7ae7ba647d0f584622ce4a6da600e63090917f9e2e30ab8aa275

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPEXDS4\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 267e5e67f25fb6685abb981f201da924
SHA1 bd210bd5b937a8aff873944942447804bd2ef080
SHA256 646e5355c4fafb4d7efbd122eb4e1fa5aff8e71cb0fa12c29bd6cbfc136dd831
SHA512 8492e6aa65aad672e1f91d9556146f2c2b1507266f8abb2d4cb3e23ac41a58ebbecc6ba9dcfac3138824935a4c55e6ceb946e20a21b4127cbe5755ded4abb49d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4ARG4FRC.txt

MD5 0b100071d5179941509998e2b6d4616a
SHA1 d034f1be5d70cac5d07b37d4585441bbe17dddaf
SHA256 19abd8a44319248cf2a840b0c42aa33acc3687b870c46632cf4dc863df03a67d
SHA512 f059dc0c69282b81d1128008c153bcc6c7e5e02c8fb2f48785c8da146c8723c9ade9623495920e6d6e9e8b75eb72c7512a9bc26487befc9cee91a7e522e9b6da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMF598XK\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 829e413249a32a660807fb808224c860
SHA1 c1cd3982052d4a3f1062b55388127238dca2c85d
SHA256 cc118f7c7503068b0cef547afb44aec3c2f9fa837fb5c2ee8a1bb82f69bc751d
SHA512 65bd4d7e2a37b87ecda51a4b695f3961bad478daf2d8ecf9f2516f41fc1d6f4cdb0087657cd4c530edc08cf45d9c199f5497ed6614c8c7f3260cd44add9e0cba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7d10d6a2d05142b2f7de42728ab93a9d
SHA1 dd26f063d2bf4688cd996ea46ec9c79f9702483a
SHA256 a06c2f6ee0ae9af14551ac19e95835bf20b775d835b558529eb5979d474f0919
SHA512 74738a2f5fea62431113b09022d031000ee1ee3fd15d0c02dcce313c1f67d7c9176d13a715653d1fd23ed10c8c8fbdeccfe09bdd17511e3f92e218ba151e9139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 611a23ca7aadec716376e216065eed53
SHA1 0b303c483e1b7ab75995c6ded4df2ce964b96b49
SHA256 88a32b076ac2f02a943ec921c0120fc72bf8a92cde170c56bf6c3d5df1452578
SHA512 bbc354bcce1586794339ea911d78e1b63f47b6c55631677a07a67e5046cb5cfe1a374a1f4955b97e6dd8d9126ae3c72fe8c7e283a479dbf416a7f43ede51db68

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 dfae0ad162b67f87e6ef0cb775f05ff9
SHA1 a9afe27d47641d6eb5b1c191ef5e07e0b3b4c80b
SHA256 1c56258a004967738472741d99661252cbe2bcec9c4358a7bcfe26ee8052d6c1
SHA512 aa5e7c5fd693848b9a55897bab25e66ae79e82f59732e3384fbe542d3545552b0a800f7a4f2a549d68a45120ec37ebdf484e4e87192263b33463262f4a541fab

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQAI5I6Z\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0001a9321b1021772b5fb696b985b306
SHA1 04acc7a6388d119f0e0684b250c3fe16d066c405
SHA256 d517919dfaa5f3554a218e0cc489a09f6c338328a666b83094a38d1c87a3da61
SHA512 b06706182105ec06fa8d25f59ea6ef28dba3faac0068a1ab4b44ebd2f871621a3f4217dc16798091fde73feed672fc820785009eaf91a43563d0ba463bc53f0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d60902351b63cd33ffd8208303ce5d
SHA1 0c93dfba1c2807a564eac6d6da43a7b1fb5eddd7
SHA256 4150d495d9231c9a9c96cd97141d773f6a6364278ecb2ba590f052d38a0847ad
SHA512 2e1dc08890022ae572f45c9505dc2cc17707f91af319effaf64adfa5b21a1aef9fa948261d08677f94a615ec07b8d7c35b45dcf1d1ce947266249c195f246ecc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85c8c2dc520ba22a13cd82bbd4edd9c3
SHA1 82d46e039e32f65a7bc35d9809ab48380384d3dc
SHA256 d22f70e6a489d82366774bb553308c8b365ba91e2a9e22412af7f4c06e348270
SHA512 da30db4d581bfe883941930075cab2bbd6b667b96f49e0a8ffa32780919a10b3da105dc09c3cb4b311e4aa5308441f39c1e17e39d181b571331d632906020aef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbeecfcb17216b156667dd4c8eef78d3
SHA1 ccc26e71fed983110d68042cc688cc31f20ea40e
SHA256 7f7f3a089022fd8ffe8cf98f89fd1e9c5c9262037c99df58fc080c6a7160ef52
SHA512 92d5d38bcc95d66aa923db60d1ce37835b16c0c7ed6a25e44ce70399696ea7676cfc26937b953f006c20be05196b96cf8bb7516b4a5eb19c28c2cbab91cbd754

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2350d7bbcc63c34b433abee97c90d830
SHA1 27f91ae5d032f9485c402f96f0a6f0afec490900
SHA256 2bd3952702d7c0ada29115d6f4ee2326ba256ba944cf7bacc26b24814f2ba1b2
SHA512 e03391bc80263d1404ecf029187845a8ea23118f75ae67400a2b91f9d94a746653fe5872bb2eb44d343ab84a4d68c017439586e127b268287b7f7a9944a8bf1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08cdeac00d16e1a6a76aced7760f4dcc
SHA1 711ee259b5f9245ea15354950d0d00d50b92f66c
SHA256 70ef4ceb7ae88f1f76fbcf0bdccc24743bb0f5898138f30e50db50bbfcb57a92
SHA512 3f952f07e6611e81667d796639bc2ca147225e6aac989e3b32f24c8b231ac4ab0f1794d5af9b002431687105565bf797fdb101de2cc538a138f2a9db676a7324

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 da5c9894e999cc66d49efdf40b52924e
SHA1 8e03b94a9a75b25052abc7c51d2e701f9e1f3eef
SHA256 699191ba0ed780eb061aee678c785e27234065a9f02057f5d2450066835815ae
SHA512 c17e3df8085af9b27b6dcdb014f7bc28db2be4b60ac062f5274cd766ad90fa55c110f0653e30354c142e2d178191c1725a9c48abcf5f64322f4f98a201f6bd11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1521d9b3a823e96af1118a956cdd562
SHA1 9221c95319feaca0c3784ec6c5345d5068518296
SHA256 2498dfa90b043ff02c15ac666069e34d78113b91b39205e3449539836c013aef
SHA512 b59462ecc252c4ee72843a25c56538e853721fd20a8d20bddfbc8b09f4d00ce3707a2fcc92febf8282c8d749d77462d5843c2544e08c3e62cfe181576826b1fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c3c528dc6091c1aa95a4ccc8383d18a
SHA1 916e2497d4cf8bbf3ecc603c681ee42a1c2510f9
SHA256 608a02cd96b5ef887536b554ce69c4a6141a72ec41d9e4391abc123db4d54505
SHA512 605e641beebda5e47c8f12ec1d85fed5260ab6b32e4ec7cd5c88f9d543c4c213aecd0bc3d89ae4481561af79a459911099bb5ce5752f8144c9527b73775fddc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQAI5I6Z\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2816-1029-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2436_TEACLYYOYEKKEBTF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9ddfffd569f040aee4abd9f777cbd556
SHA1 e7bee414fd2eb3794c297cae1e65a6e7c41fb07c
SHA256 de1aa00fa6551d21a7eba24ff8f1d7b99ede0c0552b06008d1917e0da6c1cba4
SHA512 f12ebc33ef9d735ac5ef44cf5359f484daa2599fb20f8b2be69dea3c4bb35627ae2000ecc89d727ca885acec199b6239e6b982cf79dd2cb8a8da6c87e069ab2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2f2285ffbe78e236a7ce70eb0aa45129
SHA1 a49598645a6ac6744bdf86ec8082b0ce87237ee8
SHA256 8c1155c4fc37756af11c8bf4fb9269ee698e96aaa7ff3d8893be6c3fd25aa0a9
SHA512 244f8db29bd9d9cd44c74d3bce2df93fdf636c4acf61d6187be52dcc690078bd95b6ca395078b0ba64279c7c7d1702da01b68c4b1b94b3069ba7ac576dd1d0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_4D5101BE24E3D91707DD60953C1BD871

MD5 404de2ddefd879d7f67b4cc23022a615
SHA1 c63357fa7e696d469c2d523501bf8358891e0f95
SHA256 2ecf5cbf1677d7eaf6de3078e8d00652e0d4dff6faf04f08a77d205153407e1e
SHA512 1eaab0b8e36dd07af1465dff536df73a25e9a76971f94208ec12d8214b919554eaa59675347c4011f97d143af232882e785c505a737bda473c178c38662cd523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 5252066f674ab70eaa9fd575b45d69bd
SHA1 942d0137d5882feced7f8059fbba819a2defc9fd
SHA256 38d0f640decb673e79f7d2a16d3dc058d990fd2b102d36d7c3e57f0adbb4fcd0
SHA512 6448c139383b7572b881d1fa1c6dfccd11906ee9638c577a9efde4050b8977cd037599d9ab59ca625a4991336c9b7a80925138f37eac06aab0a5a18773e854c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 7bdd6372f1ad6cf9081fef859600cde8
SHA1 b7f6b3e5d9ea6e07ca7112bfffd76fa1918c98c9
SHA256 c50380f2e942a05b6156bfadb428ea4badd0cbb80069b381c2737fad8a8a9512
SHA512 efcf819edbf9ffa300882a3413ba9cc866df8de5acc2f63d453ec94e4271c432fa81e1ac817f75b1af6a55fd01258f68c15591a6c25918a7c8433e5a567e9fab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\1825b2e7-40f1-40a7-9905-035cffb50baf

MD5 b83d5d305d9a676d2181991586269111
SHA1 add5848597a9660446a3c4b41986778deef0eb4a
SHA256 10fe6fe7944329a163ecb21b0e2850002a4f1e5b71a829eed2fbdfae8e42fc70
SHA512 41d530d3097f1ddebe8909c567b936e5456da58d6e89e4b9b16901a827a430792a1332472d5efcf00906385186dcbb9da3904d7a53b7e1b9369e3aabee88e2da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\04c4d873-71fc-42c8-a8e6-b42e4b95d80a

MD5 e061407c438c09bc175f358ed539d052
SHA1 21d14792988e0e6db79fd0caf3a6ae1f305861b1
SHA256 d07e9a65a0d1fa71bc17380ac40246be6af74bfefd9bf080ef89201aa88a1651
SHA512 aa69456f189351593650f1a552068a7ac5c634d2e932ffb5541f2df2b498c68352d2aeaa7913298dac06935e4bf2acd1c10da1b79c8cd3ec458d5bd5829575b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 9751887b94494481ace8599942c950fa
SHA1 c8cbdddb797a34e44b72958584c2cd032cec3e4f
SHA256 d5773d69fcb027cba0cb0a8e223768cc430138d90a4933bcc903c47df2c78328
SHA512 0a7e28c4e9791c5587f2dc13e294e7645931f668461dc529834cb93ae3b62d0068383af269fa0c14582c0458cec23d0c53c36e0e735efcdbc73ec68ab718b94d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 665123a63af0dff8a738b5e3b8ac27f6
SHA1 f0fbf0a5986887417097f82149314f41c462b188
SHA256 b77193ce1820b9bcc88f4a661213fdd1424fdae3121270e7a4fa30a2f52a937d
SHA512 e5625369db0d991f036beda18692592bedc4f8f541ca85e8f1389613d0c0bc87968cd271671e4e60bbe1dd2d15f24b92e89a1f4a7cc2bacdb717e22d2d7f967f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 a2a364fca67f1b714624a6fd770c9b43
SHA1 180b4941faab9d58938f3275c9e3d33bc09b6713
SHA256 6ad6e72366ac65164cd601080a1c415b01deb93dc77ddb692cbc142798d7f5ee
SHA512 3979595c92c7dc3211d9ae8681b3a5960114ac70502f6c984d1b25be7fa7e7e14361fabcf2f9785595aa3c99d4128c26be3173f50d965bb8eefa745862dd8d83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 14d36c4a452a7e38f6c34bd515bd0b8b
SHA1 1cf6952148aab7dbd4b77c00da1a28e81fba486e
SHA256 ca717926ea052f25fbb7b2d9dd7f1057986e2ea503809b6e4239e8f8b3773f69
SHA512 5cb338d24f767a851a7e6d3a951f93e8a1a64dba2c7b2c944fdd833474de6ade4f5cb9b5c1b149684784db6be46fe765f6e1ca7be8768527b622521fd665bca7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a6849bf8113065ac33d45aaa3b360453
SHA1 67e5e0923710bdd75dcd2bd8498f98431434b10c
SHA256 b981212e90fb1906f3e63f2881656bf540dd443f9333aadb86f0fec48639e25d
SHA512 f6a85c41b4cfd45da063cdaee754c6647dde76556c8f9ff50a8608370169caa715b697302afac1f7ace1c1a0757b8c07df757cb00bb802873e8e2dc06ff15159

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769389.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\16\{c4dddc2a-6caa-4004-b0da-b5f011977a10}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\idb\3824876564yCt7-%iCt7-%r9e6s8p3o.sqlite

MD5 5663ced6d5ce105dacf0eb16a8b48490
SHA1 f1833fc0bc49613049306e4fce8ad9cf2c7c3f4d
SHA256 5468d324fe8428d5a4dd545097af3521f7cf20b612c19c47073db9684e9a6993
SHA512 2a2c62ba0c459a4415128618426ea1c2d0d1be37de351ab2bbbe0f50486f25774680fe1b91e60a7930c5ace808ae982a2668ff7d27b39659bdd8f9991f30915e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2436_193503910\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4ba0ba7d14a82556f3fde99b1f943e6a
SHA1 9634ec5e79d62249f6d7ff183eed4ca035a5c09d
SHA256 46883af121da94dea8437848ca6982983b71f3cffc3192e435425a3799e229f6
SHA512 4f9d01237d98316a2a33bac1008f781a93cd2f28eb9268c8f5a48fba9a4b824ff8e65063f7f1b8ea3235409c8cc279f3c8b31f35d6dce5435da6018f51a34410

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\175\{20730de6-bd31-4a8e-9266-864b4b7ab5af}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\47\{e93727d0-45c1-418c-a450-db0a9c99042f}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\72\{99ed02cf-3274-4f02-9e4e-499f03723548}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ce3bd685834c1850b6798ddbe924e8ab
SHA1 5346787bfb8a85bf69d8399450ece96ce6281310
SHA256 7210366ed72a10032a14089bd1210dec6e101b7aaf7f393b736265497e6af1bc
SHA512 e701de51ba198a47934a009d3afa5169c160d792ab8a9f06327e2e1f611f9e7a0535d3131fb92e8af780991dc92602e7575e4fe2996d7e717da72c3b7fb7aac7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 0733037f2d28a117b67b6addb52951c6
SHA1 93e6e7f63614a351282876aad7d67cc93c5779d6
SHA256 c78b1b8edf7e412e9b4036a05ced8c2d96fefa02ab2959d87347aa78c68f12b5
SHA512 31790998fe251846ef6c28b46d5522987cc63a676ca6e376beffcb92361f0cf7db20fd20e26fc7881216a8537d173e5390718e614488c6d0144d3c5fa7e74910

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 d56ef2819ea92e0242385b75041a4bde
SHA1 090502fd8c9bf5b02321ff7744f4346062639496
SHA256 99fe041a66d42001f2e8d31417514d6471e0594a03e2e4b8af3d8988624239d7
SHA512 2146b136927394016ed479625a394729d1a2889dd94860dcd49b4433cb01d8d43bcbd5622bfc96a9a5d8587d951a8e38a23e9aad80a7a3382413c8dd88d8e0a5

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 be28bbb086db64e5b3460ceb908b13c8
SHA1 521c19a5dd255e62e70c505bca171e5057ce504b
SHA256 46f58babf3679461b508445160f582658fd9b30f8c147f9f149b6143557754bc
SHA512 a65668ba96958f1a1d42594a5db96be71743adeeeae632e0314e67ce86eb37848d055ff2793c54de823184da50ddeec5a5b1e3b2c5755e069a77993f26907a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9e091e6e342700ea67bfcb5fcfa47a1b
SHA1 596145dfaec5524e5dc1ffc24835ffc96225cc64
SHA256 eff6a1b88f6df415c80bfc5f6e90215b5b487fe1c795167956f0ea88ee0dddc6
SHA512 b76aa992ee3e547a5fffff60ac360dd3531cccd5dea1df8569fde4f1a2daf8ed245cb6ae5679309965b727e4122a52268fe3c650ed90ce6d9708250affae9a73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 a84b33af5e6b0e81704b4a291a2de13c
SHA1 3f40b1797a62f840b226d49b81cb7030b87f1b32
SHA256 fb97ac5585f23e9cffb74e4695b143147217e29b3f100c877e4ac3f8b2c2d5ab
SHA512 cb28aab9e81549d5a20121acc9dac991df90ed9b83b7a3c1d5c2158191239049eff944e48885be7abd63256267ef90ae4af7348f162f216d2168abaa1fd73c47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6af6961977e4c7185e763a5f93998fa
SHA1 b44f3348e19b593ea1b4fb4a670dfcc991161615
SHA256 7e8c7ef124bfcb811b8b5156d40c878d096d8453e99801f03c631905260ccaa0
SHA512 ba218ef1fa92bf5aceb4010fcd795b0bf39cf89459031fa185ce0a389acdb0e22ce5cb1fc48678cf5798d485d841e410745200d48c9c502e29673064de531e13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 38ac4e22491e573b94515056f6df4676
SHA1 1db81a60acc8925c78cb4be4bf7307003e4b1dfc
SHA256 9c7703cd4928ecfed4dbc2dc1d18104ae477cd0c5149df4ba7e1f47d41e3c431
SHA512 36b1b3eaa9a20d6c63281fa8332f34a73da01188ca539a5073f0c06ffec946cf929bd37e20154bd616b89a5888e9c2e53d4050e4cfff03cb0e23c2bfe5e7d6de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89ba19fbb8be65355d6da8a39e21cca2
SHA1 ca5aa7b324b2fb8de6637897b4742a87689d6ee4
SHA256 9c2dfb5d4c5cd74e802d7f21b078ae1414c41765668e60df10d3ee90b00251f1
SHA512 1c29076fded84818268be60c9d52ee30bf8c3fbe85bc2cc854ec9ad27cb195d1fc5742e2012ece8794600496502834a7649a9744f4d7b2ff5fd929b088db343e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac0c9b03e8d1dc2c3a30e8bdc8e5a0c3
SHA1 43c6f6ba506a42ff0fa52bc4bbcaaca4f6a19af2
SHA256 6cd1654369b5f7bd72cd5e2b8b6d4567405579f5476fb59599e2a4108ab9b1d0
SHA512 cb94dcfb7b9caf8820ea3dc4e9180eaa43fcd278f865f06061acd4a3a8c8128a3ed4b69579ec907b422162a69b0279fef2966fdcb5634148ab593ceb5a36ec6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bccdca301c3a245ec418c06fcb1f06b9
SHA1 d9fb5cec379c3c1c3e6316b121e8f23d20bd5bf0
SHA256 08ce09ef0da7a78d039777cb4e77e9c28484b971cfa8cb71bab05ea851d34e29
SHA512 8282aecae18d859c6c365ea05352ec5e55a1bd983c1f1b0b7d7cc666e6083ae33cbc6104a275ec0fbe3c431b132d374861b46be39e6dbc54811961f0c4dc47a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 113a907ce23cea05fd019f0885f40475
SHA1 106e75aefdee1ab4c86a2de41d0c79a407cf7c8b
SHA256 76efb45a630e64bc910ef4b187bb0bb05c829ab8c56ad7b7c4e2f8b4de4b7e4d
SHA512 ef5d6269148fed3a9c19bae993291195920275fb8b06fcdca7775d99dddfdb5ee07cd4665aefb9a91765b289d3936d43cc077085cab4f3198b100a4ecfe94631

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 529340d3daef368e5f83d06903d5e88b
SHA1 51eee276111c75964fbb90cc79e16ceac964c2d9
SHA256 910889c5dd39a2366476d3ee6cf14e15423405078f2e0f63145ccbabe9985a41
SHA512 0751e29879b06fc6374c26a8739cc8404794a93f2589fa9161eca1076a9cefac917e89c3abfd7b790d0e65cc824eac84c050a89b617d614a2720d4128eb95aca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee001a32efb05f5f739ff65cc324cde0
SHA1 6d98342279ed4eb7b19ceee674721b82b3963d66
SHA256 f523bf62a75e238441a10e3f137e97ccdeeffb55dd69bfcd1527648041409ccb
SHA512 9a2eb5c14f406a0a0abdc6f9ae231626300e1881f5d89ab0937aa247e66158ad3065ee3ddbfb3d13ee5441a733ed1a0018a0d7c7b369595d4b2c4e805c27fd33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebac41c595d5929ea7b08ec363a4f025
SHA1 79469732f11e5f1ef747b39b4e1059c2dac3710e
SHA256 91488a93da2358e959ef8d8e4ac040baadf65cea1343a8890864aab66cb3abe6
SHA512 b4a146706ca64c65b37d3312897ae76ab70fc8ed3d9c220a50acabdd8d37c56302b117c440435ed3fab3bd94b046eded0041b7991a979e1608d486a835fd7b2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ca711f8f9b0f936103e40ad753edec3
SHA1 a09d9e6b02ddb9310c3b260d5375957ea04aa66e
SHA256 96f8af2ee4a447f1d5eedfef9bf0832696917fc68502e57fcd3f652ffa341b41
SHA512 653a67e775eb59873a6d282aff70ddb248de14dee6a2a8611220d39df5108e22c56a2cc9908f8d211785bec79d5dc6010e1b8747fd9f47c916acbc98c80df394

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76a5b73054d045a1c7d291ef2f3b2ec5
SHA1 18ccdbd09cda902c073d7ed0509b0907a7b2a142
SHA256 8f48e99fee0f3577984a1d15b5268f968f9011d928d405e274e0093b0dcdd336
SHA512 01f895e313fc7a9c28671edf828f0117e770edb3aa35616a6b73d8f76e2793539d784e8b9026f2d412c1caf1dd7017b0e5080c32826db9bac595cf3c3fce2a7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\230f7800-51fd-461e-9a2c-249e3f92c1a5.tmp

MD5 99bd8b9052a1f4f3bcaef96ebf4b2d5e
SHA1 ac6e92a790ba260094e6987abf0b038d1da13bca
SHA256 44ce22757968fa46048d5b76873147cee872165a7203d9724d04e39656dd0afa
SHA512 ac8c1f4ea90be14de727e04240116b6969bcff8cf03860e4edb3cd8b3d1682add112af0698b384e56a00c12b9add4f6353b61ddaff21b8d33116ece1a95696d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31a9995fe817edce52b755bfc8711f06
SHA1 cbb8cd47b6ba3a172f28106c15b25430267b9569
SHA256 6a71fe90b1283249dd297b5604e0db7ce99a9b840674fe102e47591824fa6a98
SHA512 229b5eb9b1ecdd5a685f2621ac3d9d12c9284c1c2460656dfdb6d033a517423a29906cab69e8e961b44f45c60e0202b7c9e847d95d7076f68ec21902a9eb950a

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 14:49

Reported

2024-02-06 14:51

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{F2A36B00-81B0-4802-9E62-97F5AC10AC5A} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 624 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1460 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1460 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 1508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 3400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 3400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3500 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3500 wrote to memory of 3464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 624 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 624 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2212 wrote to memory of 3628 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xb4,0xe0,0x104,0x40,0x108,0x7ffa73cd9758,0x7ffa73cd9768,0x7ffa73cd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa73cd9758,0x7ffa73cd9768,0x7ffa73cd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73cd9758,0x7ffa73cd9768,0x7ffa73cd9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6598643571893660394,510754838676372350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14387283530295283449,15336772005691792300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10030208719392820825,8232116366488481113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.0.1555739574\1777187826" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f64e9b5c-185c-4d26-bae7-586287f6cea7} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 1944 139511d8e58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16114267844514504504,17908525918511292994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4406603887303026838,1169055950860296036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.1.1594945042\2063812015" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {403d7802-3883-424c-9fc4-a2be0ef74439} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 2416 139510fa558 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.2.1961711078\2049298817" -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c32b985d-8076-4a63-ab17-1de676e89920} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 3032 13954e06d58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.4.232467981\2144525570" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3516 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e4a59d-8cba-421c-8a38-5f32a6fc2994} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 3644 139558d3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.5.964717366\207357517" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3856 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0abde5d3-798d-4b2d-a3f5-75641d115da8} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 3928 139558d6b58 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.3.564115670\1613692178" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3516 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56e670d9-3cb4-44f0-9829-c65cfbe260ad} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 3152 13954e8dd58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4888 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4040 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3904 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1992,i,3517788134178320976,254382332758753450,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1992,i,3517788134178320976,254382332758753450,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1972,i,15572328037368092650,1971796060405680205,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1972,i,15572328037368092650,1971796060405680205,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.6.2003535079\657439751" -childID 5 -isForBrowser -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44bd641c-9ed2-482d-8bb0-b14e47de987e} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 4732 13956a41e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.7.261363543\374411290" -childID 6 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e0f9353-321c-462d-a328-ee69cb44c0e1} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 5560 1395824cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.9.2081791469\1874659061" -childID 8 -isForBrowser -prefsHandle 5948 -prefMapHandle 5944 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7042a571-4719-4e46-9b3e-b31c48322082} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 5868 1395824b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.8.281872215\1562079409" -childID 7 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {229346c7-1f95-46e1-8094-e879be78e7df} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 5684 1395824df58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3980 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f4 0x504

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5456 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6176 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.10.1273339247\941126425" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1736 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ea3fdea-0eed-4885-9a2c-b47ce8e4184c} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 1764 13956a3e558 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.11.906235256\1491793583" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6184 -prefMapHandle 5508 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {961236b9-6ed9-4421-a6ab-74060d2446b0} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 6192 13956a40058 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3628.12.361932767\1838049697" -childID 9 -isForBrowser -prefsHandle 6524 -prefMapHandle 6520 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c4b5269-eb73-4662-b637-b2d4b50d5609} 3628 "\\.\pipe\gecko-crash-server-pipe.3628" 6532 13958194458 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13262119545121224686,14198239418049595509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2540 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 --field-trial-handle=1912,i,3835834792034248343,10467358685593782705,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 12.195.60.179.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.facebook.com udp
BE 179.60.195.36:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 i.ytimg.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
N/A 127.0.0.1:58707 tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
N/A 127.0.0.1:65201 tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 76.246.100.95.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 rr2---sn-q4flrnl7.googlevideo.com udp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-q4fzen7e.googlevideo.com udp
US 173.194.57.230:443 rr1---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.230:443 rr1---sn-q4fzen7e.googlevideo.com tcp
US 8.8.8.8:53 71.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.57.194.173.in-addr.arpa udp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 173.194.57.230:443 rr1---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.230:443 rr1---sn-q4fzen7e.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 172.217.131.71:443 rr2---sn-q4flrnl7.googlevideo.com tcp
US 173.194.57.230:443 rr1---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.230:443 rr1---sn-q4fzen7e.googlevideo.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 193.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
GB 142.250.200.3:443 beacons.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 142.250.200.3:443 beacons.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0bd5c93de6441cd85df33f5858ead08c
SHA1 c9e9a6c225ae958d5725537fac596b4d89ccb621
SHA256 6e881c02306f0b1f4d926f77b32c57d4ba98db35a573562a017ae9e357fcb2d2
SHA512 19073981f96ba488d87665cfa7ffc126b1b577865f36a53233f15d2773eabe5200a2a64874a3b180913ef95efdece3954169bdcb4232ee793670b100109f6ae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d6e17218d9a99976d1a14c6f6944c96
SHA1 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA256 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA512 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bc16ebe41a9fc2938c4060992a92b0af
SHA1 1719af3e339b187d984a76437eb80cae5dc50e6f
SHA256 5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae
SHA512 c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

\??\pipe\LOCAL\crashpad_2284_KTTJKUDXLRSZHCCS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 768dc9018ec9eb767f52c32a9a2bfa4a
SHA1 adb5dde6450cb2b8c52b5668efe7e44129281d02
SHA256 28f784c60d5059ad5e132b6288d01822b2d22211fe8d44d0bb10861734b3d9db
SHA512 872f279c6594f924c900f6ae1fb64ff17b6b7a3b3b8c6ce30e49f0c661c2d457bd4150e6c9a3823c3bfafe39fae8106aea0afc1a792c5c1dd1a199f5ac1550eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e811500b40292b57b25d39cbdda54ef8
SHA1 e802521fdfa8b50b4f88a799182ed4dc866f629d
SHA256 7deaf968655a85c6fcab910a5c25ce093f3f0cf42a6fcc1487f0bd0efbb05ea6
SHA512 579e3ee40d047e961477f861a09faf61a2268a614cf4ae54b57cbd426d92209e6f6577ee0336ec97dd1ec58c269bf3d13fb229966392e0f9e5bafaac904dc71a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9450eb853e785f67384e24d0baf27129
SHA1 ec151e8974d23bc83e0b02cbb2d0d0031dcfa814
SHA256 ae8f39160138186b52741b38838f4bb57f20ba78b0b7669d5d4d17d9d65b0537
SHA512 e3e044ed7de5ee4f54b2f2c59ddba2789e8d1c1ce33d0a0665e93e036309029fe0fa1b9f9f7e5b19d056f4da80c679c3d19c784fe7e74674ab903548050b1463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 92ff772952b39aff9d3e6aeedff221fd
SHA1 b9250b2ef94397ddff98389b00af2c3fe7b0ce79
SHA256 c4a300d74103129056df975764349d2ea4eedb5dcce40f2ff7a3a094b854ed2c
SHA512 ca7675a00d0702a06716be11a9a938ffcb363416926b17d142105f70256d5deba90afe6d4d6cfd6b5d3dd0cc47f46f646db65a55c7d709213c415855cbaa40cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 36c26ba0a9152f24b7ac4a315c16d8cc
SHA1 2bc5c693f0f935df9725fc9939e888c09cd27bc9
SHA256 d2a2c33f0951250b0bb46f996359553c30ed697ca7540b960c92296464143e7d
SHA512 2202e3d522b52705cd81806c753bbff35ae903e3d50f8a32ed439cc6284e390bd35e99120f64d3deb8220da7ca9406a2dc85808bd5098107cf53768e578a05f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 034f865eebaff7cb0d8b0c3ed6fa0c17
SHA1 8851466399e4517062d0409af5ddcc5db1fd877b
SHA256 a5cca41ba471f75cf68e63cc68665a35abdad5dd4cc68fcdbafb2aa223ff33f4
SHA512 2cf7b86985d24acb83809693baf0f07686747403563aaa282a827144910658337ef66ecccc189b1f5b7f8306da2acfdcc849be9ef029a60520bf305b1fa79415

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 898af8492eae5a3307d22569b39821eb
SHA1 01b27e05f786c4f4970fa811a506fb1bd2bd6975
SHA256 b291f94770c57cd8b48529be34c47ce797a6971f8caa731f0b0c5fe56a8873c0
SHA512 78b2b7494aee6fff54ec412a07b95268c4811d4051f65cb6ce0fd3ab548f639452c080c6db17a0fdfa9b5d9519bc436a7bfd0c67d6a10f7299d3bf374e450b99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e391263f0b60ba69d9683c3b0cc29ae9
SHA1 99449495c8e480049c6413304cf434446d2c7f5b
SHA256 820b3a8caafe5b22858969a58dbb9533519f54e975a3ee9274c9b80421a86f33
SHA512 43604f98ae59382196f692ec4a02c1a43cb0cbf4ad7f01d6ccecaaa607215edc1b68e799e1f50bbd5f7e9bfb9c068cc4bc8b08f750772a06311d33bacb7d49f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

MD5 06b01d83feb19e73d5755a244700fca8
SHA1 863879146a11e60e6a1a671b842f5ee9ae7f5e96
SHA256 36f488494cce2f3a46e8ef77710cbb1eacc36f9432818602d54eca92e91b5354
SHA512 a2c6d48322079c75069ef5d8a1b269a78637ca0a3723d0e91e84a32e0d568411786a88c0fb1f2cfe9c0685310d9cd6dfc1dbd817e8df1a93f66eb56a988c6766

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 8eff070195653e2a131a916680cd18c2
SHA1 7f5dc88fc5d5969b25d5e75cccabd37362b31a94
SHA256 61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3
SHA512 18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\d8fec8f7-18e9-4f3e-b0f9-164c446102df

MD5 9fde763a6d89965fa5c2f52ae2f49cb3
SHA1 c48147349674fb4ce660cc4172f98ad037bd69d5
SHA256 254529330ad19aa74f447a04ddcc9f4313fba05f8891cf6765d3a6d0cf383bfc
SHA512 035dbc4695d5195f51a05509224876ed0f9594fa17367a039c8bbb842dca16b88cb23877dc9b1981565ff7feaa6dba280aa25b359cd2736d65166ed605da55e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\01c6c0b7-dcb4-43ba-9d0d-3f9c98c9fd37

MD5 2a03b18260f091a37f5806cf432d6f94
SHA1 10c83f3748adf3d2d6b718a1ba7319e80057f758
SHA256 3e056e57e5a8cc58b266571fd652f99beccbde1d864f3e30bd14177a9dad2d68
SHA512 ed8016c87e7e7a4f86ba007a1d70be9f9b1b7c03721052ba964ecd40a7e208fd2f1b342eb77738c366ee74f1f82d9d4124ed71fd97b5dbfbe1a125f1998979e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

MD5 462e15a38cb4f4728018edb44a2464ea
SHA1 4f4db3008f46f9db0df541458b6e292bd294fd9a
SHA256 82cab9a9849d19f3bd4b567e5587e20f6f13911f3a6073cbe6086d42c2205377
SHA512 41681bb3f4b97f5a3ba64b6c6cbd018f06bb76111f35a40440f4a087dc65b6e5e382d3def48cbe37df13785686b8726fddcf72d7c7c68fe666b10a83ea00fc24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8f9ce682e84e448d36918ae959e12e3b
SHA1 00c45ff227c9653cc47befb9cddaf07943d12ce1
SHA256 fc848631cebaa40fb9ef0e1e01875a3c9fb5874806569af9cadb05074be62e1d
SHA512 57f75735508ce01a843714aa780a2f7f031c39b43e766304ccdd345cb66af2a8cc16cb54122afedc92f5349d951f737e290b1d7593d068c304b26e6b4382a0d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

MD5 6694329a800e7a59ac23ce6fca089dc3
SHA1 0e7ce84a0eeea28af09db546c9c8dac931e0f414
SHA256 781c401158dcb72f6f67285cbe9a722903e724acddd53f9731f873be6ecda251
SHA512 21863515c7a70ebc06fdb64c76100b4fc2df931424429e1a3a17be96f560b39c66b8ffb71c577132ecf62f9b45b5d219468047d5857fd7db4a17cf01f19597b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 24cf5a94d097b1932f3f645f72c56d7c
SHA1 cd17311860fb2fbec71121652b38df146e02ecda
SHA256 d62f8bc1facfc585918da3b25d0cf0930b2f49410712530ad5c5265d792dc0c0
SHA512 1da07790ed69164957b7f396eb6447e1637bab375acea64166d1da2b59ab124b4587ce51af93487286c2e6323adab88fe807de7702c95f4f127df984592d311a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bccab91368a69a04924b663c732431b3
SHA1 66db78606bd2446c777bbd19ccb4618187e62805
SHA256 3e17fd1ab2433e5c122b515caec2e0ca3f1ad689ab4a6cd6f565c4c8a0e27832
SHA512 77e7a2f92d6fc4b3b9fd9a169c27f2f50ae150a64bcf49b952b90d501afaf3b974e7de4e4ea391b3b8ace3f87394e3b1eab0210bc7d96d834208726400fadda1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9aff622d91346743e71cb2a7cb3ed496
SHA1 80a412968e85bef3d28220f46bbf15bb3926c5f1
SHA256 c862a2ced2bf82ce90abcea306fdecbd38e7d15a67699ba464d4842ddfed8358
SHA512 a9dd76f5ea3201750b6feefc2ac8cb60101c4a9d9069daa9ab32e3e90bd0749c1e752ae8db0b16ca4e527478595b6f75ec5d9b4c26111d74a84713fba88baebb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b77fa6c66cee57cd302b49d77e85ed66
SHA1 ec9ed73ede3e2b93341b905a656327002cde1529
SHA256 3911ad4d7c122724218b149755f4af61f2d8925ef64210e6935e06d824caffdd
SHA512 615d3e319ee501bfb0d478433eb4c76cf1603488fd3f76dd4f7871fac283703a8e5aee796be855f38362efc649a7dc1380ce9d2e1e6f706d810f088156f3be62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c2ef1d773c3f6f230cedf469f7e34059
SHA1 e410764405adcfead3338c8d0b29371fd1a3f292
SHA256 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA512 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df9d5a1dab4a00fb7a74a2706844295f
SHA1 e77bd49c9df831f37a246f1e88711fcc0615c490
SHA256 1c4d02b1f4c4d49e6da234df589d147a9be69316c506d945f4b4f7d4a0331a24
SHA512 8751067641da7b8903e282692c3e8d6b08ddf0084a95025df2e7445ffd5e2eb3a51a6c1ed240129b75e49be3a1acecea5c586925b26e211d82ab49979e2de0f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 b1375326603fe65cd42df7fed7ce5c45
SHA1 a7fc9a7c979e62a0bed17ae5e8da74738d3e25ba
SHA256 c9088547ff6883a0646b7ca0c27b0696524be01431ce0059c4ebe765d48dae06
SHA512 1a381b6193bd8380bdb81934bb0b5f75a514c5fb878ab70dd1f7ff5c5be397298d0ca4cbe1c65ca245074ee2052322f89487807b9f73f780851f3a074f74ced3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 afaa9efe51fa68f5c279bedcc6a79987
SHA1 f58b601f38ca4a0ecf0f70ef6986837456a020c8
SHA256 72599d3ce31ebd53e1caaa6cd812641307b4389cab9f723ddce83c2b5ab9a816
SHA512 89bac79e00a1a48ff334df8354655a0d618f2c8d121234abc21d0b50b3d7bffa30858414562b41536787864e99252d374bfe7c8e9075abc3b8e3cbe6096d482f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e2b3dc9c6d3e4562da2e0c6d6e36e981
SHA1 9adffc121495f27865dd1b34009a76b1db7b4b05
SHA256 6f52fa2e02323fe3d2f17b12d802a6881b06315d6bfccd254938632b8978170a
SHA512 94f0f32da0f60cbb29bbdf3f67ba5e13e08f8b392154e834fae38734fc6bac7d51ed7eca085d169a6e25dec493f9bd707daa01c3a845bd093731920996e8a639

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57827e.TMP

MD5 7f3fa8979e80ad3e6106624cbcf33e37
SHA1 481731c016b906da4d9784a413183063d920fcb9
SHA256 a79b06d754a629d392cb372c9341c5119c2c4520529ba8376430ff560b283e4b
SHA512 64e2b31b3ce615af2e4d817f969043cc4446be6bbc3adcd30463f03fa076585e4faeb99360da6d90d47a39eaaee99c4708015dc698ba63b50e55e3fc29858c90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d9c1dac836df4250573c92c6f4af4f3b
SHA1 da9e20fb88c16219e7cf8b4d8a7161fef43f1549
SHA256 f439b52303c81f17ebc3ddc195c9bc9377072ea592da4a2fea0de9482e63950b
SHA512 b03b2a6a39ffe3e071813ae92fa6f31a782db76706b1a70c0b8a401f765e30ef0f2f8f9f8eaffc2387db7cb62dd090761cdceccc8fff4e1c092cdde748c4d037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3192_528624080\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8843437d7f38ab30de51996c2d119201
SHA1 3728e44197514e93970905c5d5f45fb9a71ca6e4
SHA256 64cb14bd64ecd1b364d2ec5559a84bca9f30124d737b9e137a844cffb7e37fff
SHA512 ec69b6c0958be16052aa620e4f427145ea50076562c397b0dcf419cba54f069c155248f1d78071be8000c2e234b1a7a9c7e6ec688f61e7389049416590067b1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 edbeeab36c9b04130f3601559c707110
SHA1 378d9361a64c7d9f07a1172f29a4a756a4b4e469
SHA256 da623bf84262c7cde71d4eee40d71ff7860c5c9ab1b419ec51f40ceb195bc820
SHA512 8af5525ed9e432a8ce4d8dee0f6fffde78aee8e0f9e89b82bd2866edce816e8f1ca24422577cd23874dd075ef71b3afa54b9f70683f1a9596e025d57766b4b9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579dd6.TMP

MD5 ec9b6532af5da88661ee81ff94034b30
SHA1 67fa10a9f85a7cd71ecf0561a210159877254217
SHA256 44d2abc4ca525adfc99fb1f789cd1af9fa387cd9c6343a4b70df04e8dfe654b8
SHA512 79a251b81bfb0eb5d65e1970816e1e1c0d54369a1ac2a1aa6ba90453b0597fd09ac2575c53f38820a126c96f95f6d43e03c24849272fd02ed0a8684dba20e046

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c434d6b971add89e78683b0d7056d3a1
SHA1 0936c9c3930656f94dae1dc0373cabf4fa105b07
SHA256 103b13036924301582b6e2f608267f7b8ab7bd29c3916f686e27aa6faf62ef55
SHA512 f61c406508ef2339080bd3f23b18d40ab2c9f8f943010720646d8aad2d4beac9801a175a2082975df7270b9c2055078a42cd04331fd9b9dcde0b0ac527caef5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20c9fd04ee98d1bcdfde186eb834acb0
SHA1 2e74362490991c7ba0b4e4905ca0147e67142433
SHA256 f6e0ac0732203fcb51092932bf9d9693b151f78247e1b771f0e70e96de4f3b28
SHA512 e408e15b9a4977c1aa2c059f889ac3accb4fc9dbce820617908d2bf2365cb81a8e48d6f8d1520bc846dddddeb81ac2912cc4201a3c97dc64e463c5f1ecc522e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 eb445c7d7b7ce8bf92a4f9f666da222c
SHA1 a9c71b8975c7a84fe8909994870eb0477a507781
SHA256 5a79438aca298b7c1b73e83d09345e30d00f80feaab45ffdad56f815557dfd71
SHA512 c254ec731e7cbbcf583c58ddb3cdf8a0e02614612f16de171a66ab49f3206ce11e3c08aa1a4fb4564040c3f9fe343a68a2e4ac69b2c95027662467624d5a35d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a545f39-f62a-464f-8912-0597b739b221\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b632a0bcd7f0999220b4f6e69854dd83
SHA1 a83d21b2b10d28def54d9318c071d65b93e6410d
SHA256 3d3ab6672660fa2cfa4795093f2c5459ac001e554e7473ae591402f2ddcc4135
SHA512 f97506e6bca88f6db80dc4527db0f55dc98fb84b4a4aefd44c5b3bfc4a0da2977120ab8e2bb42dae882c3952fe23c521a82658c15fd0d660ca7dc3c4ac9ae1de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a895db1022b9e417c029e5716482df8a
SHA1 1140cca28739be91d992d0dffbf2b1bb94ccce34
SHA256 c56911c01307b15335ea6c7084ca2475d98bd3c1dd52620becdfa42293079f41
SHA512 5282c508aa01bd8611256e134236cd61ff8a27ce3844fd94c524973ca8293127fd2c09a42ec31061402c441448aa65651aa38b55732261b3550edd528ec82de3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ec82e4dc0a59379dd4c15546bc0a6f0
SHA1 920b0c5f5f7f1fc7b02643ad1bee25f7674ab1e5
SHA256 53f41cdd10d404305a1843290297f68cbb53e65711e4150c7d3b462f35c7dacb
SHA512 f3a70c0e5aa6d23d638b060a44cf08bb4910b00924f9032079bda07c985b4ee734f25a51227339fa70ea24f089b3d2ab12f3897008f9c83e77a043abc281ae48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++www.youtube.com\cache\morgue\202\{4def5282-d3c3-4f39-8d3a-be57584f7eca}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++www.youtube.com\idb\595286561yCt7-%iCt7-%rdedsepco.sqlite

MD5 57f6e2f5d7715327696f1ff4639454f6
SHA1 3b4e46afd57487c2ae45330ad661ea69d1130340
SHA256 9bd062b10db755853a62901e0ec6e57690a2075920d17a6b3439d4eecc3c73b6
SHA512 d2a542591f5926003d4ec107a05f9b81169fe294d9a370c659fdaa15f541ffe2113083732093cb723c3e6cd054cf4fa5d4d9135ebc3f3f52926ac55504b17e7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 3ba7e6919bc260bb6ab523197f2be3e1
SHA1 ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA256 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA512 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 3b2df667a176193cba046f74787e731d
SHA1 0525109b7a249a66df8c8eb7d24b49852cd076cc
SHA256 f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e
SHA512 f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 18647d7ebaa9da0bc95c01074460962f
SHA1 8bf85d1db40ddad0b0e17007d9339cfe1fa8fb30
SHA256 7a3e2782b715d7a553095442ebb35ea87b958ad9968fb1e3efe50f8dfe7736b0
SHA512 aa93ea55df1df8cb50f3b8dfbdbb11c1c2992f8fa6a4840fb29fdcae96002bfbbc19374137f2559e18e1f0798fc1696908ea7a5eb7588dc37545f316df8576d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3aa4e312981bb007216b1bba7a5db04e
SHA1 5401ceccac2c4fd1bbf4905183fe2046e02ce060
SHA256 c20cc635ce7be85522a5fc8edde80e85bad720a8f5986472d9107d1cecef4671
SHA512 922e261a133906fafc41655c924774f7e9f9733d9753b08dc6d5e0bbf9a8f2937c40e27ba94ded9cd39fc1d629214cff1f78f2c511d19b6407bfeff09e3553e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3191d0a8408544acc60dfd06a407094b
SHA1 d3baf087396052ebcb10d1ebed44d280b9c735e1
SHA256 6ca360f052671b56de7a8471b914ad02d30a73c9c217696984bd72a72ce683d3
SHA512 8d0697124aff4d5c40bdd36bd585fc2583a75ddd8fdcdf47459490319b09b9b2fb03fa934466ad387a31a1e5a1b955f2b17fc4c2a0014e7e85817a6d11b6f7f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d9c6.TMP

MD5 fee61b6bdafefcda4f45596ca23fc498
SHA1 66981721a99803446037be9448d4c8d2bd54aa1c
SHA256 ca0c52955c9f359609317376eeac7cf1b2f7de4e0e4da400807908ef3b2c7eae
SHA512 76320657746799701884125ccb7ed6d21cca8a52df4ee5104040e2a1af4ef860e0d3baa0af7aab90b527001482ce7c3f49d48ed94f0fd7f39b6fc49ec04cfd75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3b41316d6f0aa87eda5d2a606fbc230b
SHA1 5a88d95d4c0aa21fde4f3ee2f3d89dcd4a09b3ad
SHA256 cad54fa8c9a79e22ff5cc6548433c6911b213b3d6f2cca78a9c2586a5f7adc7e
SHA512 fdd8fc7060c44aa91c1a5db163d2a3fa6b14e0e1ca6ee57c9f26c7677fd3cbe28cdf2130572ed0d701cf686eadf5fa63132dc6e925a8f429d59bbfc6b241ac7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6ae4ab9b47e7748a6d748480512b932
SHA1 bd6aabb0af0a8524efa3627f1189b304c6092d2a
SHA256 5e58bb808e0499fd65dbd3cbc73c0810fcb7ab088d7b3fb7b2a264c38f441f15
SHA512 f76381b37b29866d07fdd359a074a4316429b8aad769cbd7f88e731d2013a5d8ef82e78a60f7cc162ff2ae4678234f64678fb49f31e5c9943aca462d6dd704ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++www.youtube.com\cache\morgue\104\{3cfae486-d8e3-4001-91c2-46c8e8929268}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e676c9d3-79f2-41a5-9a85-0e17844ecabf\index-dir\the-real-index

MD5 6b88e5ac421e8a772f025b6cd09f62c9
SHA1 e48d91a82bbb8f387a659e0ff1e7ccbdff1dc7ba
SHA256 177ade47ae4ecffa53a743b8844ceec6a912d9f3ea0a75e2d31658f004dcd135
SHA512 63c56e364de5f8815a3d13ed563109dff23f830e89c69ffb5e9d30d43a92bb2a27874f786cf06583b1fc600a0410e0dfcff2bcc9d97b2c4cea9b3447b2dadd5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e676c9d3-79f2-41a5-9a85-0e17844ecabf\index-dir\the-real-index~RFe57edbb.TMP

MD5 83c106889de03ab288f067af3f857560
SHA1 0d22554c4dc3c0d16ee0411e7403e60bbaed91fb
SHA256 b4776a4df40e2b69547e2dc39458d5e1defb711ba08147b003da45d1f7fab290
SHA512 b2384f050aafb73032ce1aac9073c828c47b9f80a7cf263d245a3b2f61d210cb2f7748e46f80da326e0a158035de0da83ad1cdd4c3fcd83da7c3111247d6c64d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2ff96e4ceddfbfe2ba5244e311ac4493
SHA1 e690335dc4e1bce8f380a2a5b94c2389e85695dc
SHA256 2b0eb31ef14e3465a31531b849bddf2eaf4332b369ee0f52f2f8512c9bd2d8d3
SHA512 4a2c54b31d845e04707da3e56421f812f7a1476084ad09f7b9fad7b0d1fd61684b05b2b1ea57265896d89305245af72a6544a1f3b5b7d28ee347d2eaa15e4efe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d5f6fe9ed5e8c7adce099c145db3f34
SHA1 c6e7f688d966e4fef3fc0fca61c462db5f8a8acd
SHA256 4653aa356ed5943bfb664ccede808af3b54d1366f7f350865bef81afb71eb1af
SHA512 7762e2108f6b381dcb6e0634dc2b2b3c98ddd6ef65714fc1264a4ca410593cffbd01b97e2a3daa6b5974736066cb92c26c022a2ab05a53a14975d58944002b07

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 6a55354c7d99d6dfdea8222eb674b7f1
SHA1 fcd11f8434d764a314a7569e61422282c94d28af
SHA256 cf66db14e7938443ee4b86024cf855dd025f2d74c1c97b9bf47985f814a5a434
SHA512 0693ac99e87c9f83473e293a766192389b0e5cb8a1b118403f390100a8a1a1fdd9e67254ef44f2b4d5ff4b09060e5ecc4df5eb52a89c34a7935d4d0f819f071e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 5f232566916657c701a4a67debd6f16f
SHA1 21ff935abd89f292d8843d95e5cf3694a56d2db3
SHA256 ad9ee15beaf63d1bde5bbfb4666b48bf1196b4e5b45bdd7aade58a86219267cd
SHA512 9324156a669067835974dfdd2d96b67e799db731ad8026868cf4871e89ed0a0ed436e3406556257f09ce4730472d82f53eebe006009e50d99df4e847632318f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 b192f6624f7e0ec05de42cee8282951a
SHA1 7c5cfba7fc4151eeb321573454d3e7ca8f328a93
SHA256 7594563767c6d2424c5de2dbd69b3e83181f59a4aba3f48e1ccabb3a12336fe3
SHA512 ed80f495561c1a06d74efee10dbf2be3b79e15527cf21b6be0b3f67e1777f3b431018cb5112caf7e823982f3012bc85a4447656a5394d462f9af7c203e619f71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3fa3ecb4b6d971ba0da4d175abf35932
SHA1 1f54199fc48ec50994f49567ec4b810a443836b1
SHA256 f0607cb7312f6006d555ee3fd89545803febfb1ee67a2ae5d55d04e08e5ecdf3
SHA512 bf63280812662decac574b3de3b16774442e51aa5d5a0f5a39b10bb195db07f743f5d8b6c4146a16bef5477a2c7398c887eca6d82ee1cd743cbd6a5de5b563df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ffbd.TMP

MD5 b1c9fec64f60333a8df51179d03244ff
SHA1 be67f9605aa7fd0b58a3b1eaf4c87091f23f7a2a
SHA256 5fab2ab4c56080961bbc2e4f8006fa10ca24ac0e82ad1f77793531a5a2c4dc80
SHA512 cad4ca76db56f28458891eda53fc90f6de16e8a41cf89fb37b81c51457abea91f27529f8a3105e6fb9c0b12813d26083fe1df97af4b45f31eeb35e81c977d48b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5186e7d5704a1d8f3ca34da44cbb1682
SHA1 5ed8a58ddf42a82137e5d7983630c6117f116299
SHA256 9ff75ce70a76d03f10bf25cf7782cd3e6098e92b7697dc5e3b72cec9bb7708b3
SHA512 c22a9f93185a6305bf2bbc41590a72e53d047af3484033d18abe91d174a77a3fc61685d6d555c457c573988d224d00caa1a11d555df6681d34b162e349d2a0a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f2642c2c112af84bccbeed3ada281d8
SHA1 e0129d305d2bf22d89a02acc3a7467009c08ee01
SHA256 71d9ff0ad0f24e551aefbd7b1221e6dca9199f393658d8a835c44cb3aa960838
SHA512 902d3a1054953450ef52859fc4319f15e053edd7e35e0f7a52ea81de538844b5eaf45433575edca44c9d61778d776955f446d30970d89c1c09ed6697aa4cfc9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4b398ec37266e41d07537d21eaa5daa0
SHA1 4a6f6d7390020ad087e3329672a571ab8c131658
SHA256 421e155d98cb1f9f55fa38936cc91360f87f9697070363f4781b9ab0324ca0a5
SHA512 72925ec1793bf02a8e7051f789aedf3d8ce77629a8cf50835170e12bc903e48c63480933963f0129876bbc4f6caaa3204d54c899d4f454a8d8b67b0eadffd0dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 aaba5e872ba07d60f556b78df854279e
SHA1 93d1494959f4027195f527db143e5aa89d60925b
SHA256 0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512 fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd7e450a5f79ada1bd68ddac2021d727
SHA1 4bf5670185280a448c4e713279c64fd54270fded
SHA256 dd0dddacbbd6bb4ad1aa2bd4bc7978ff97512a23d587935ec6db467ffbe13dff
SHA512 6f4227ef303e349fb8b4939c86f4b6a58e3c796217d5ef7157631a04726df97e791f566bc9390087200310f57b9f34aceb543f427f9d804909867f1aa7c59383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 bbac7bb99faedea9a0cb17dfcad195af
SHA1 409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256 b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512 727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 e337014ceba65092b027bdeddc48b00b
SHA1 98ad97b8adbb411d6d4623fab506924aa6772304
SHA256 c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA512 24dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce541552a729bac4f8d907854324d489
SHA1 8e7bd3bde888fa5837ac1961fadd2c6f604e4779
SHA256 66f397e2c5a75c3bf08054288044c1dbb55f508168e4e4681ab016df917ad1d5
SHA512 0f9a5bb0472dc0616b95c97952d6d9452c73beaad9c416653d9112461ba58105a422781d86afbac8fb2f07ad42da72d359c59775f229667f18a263429bb468ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 178a3e5a10de1dbfae940f311a0ed939
SHA1 a23d3c4b035586efdf5e51663831fed6345be4b4
SHA256 5bc2f9559d6a5ef25591546327453ee9b0212157206503476073e4bc7761b0ed
SHA512 e63ce997c58dac94eb4653066e71adcba494c52f13f841f87f96d273d1a787fbdee7b873d03c2fa59cfba6f3a4721fae8d31f96f0e8ad28c84e0e0ba761d27db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d9f46896da8349a6c01f88639fd14dbc
SHA1 d625ed82b0eb3b65eade0ce884dbd19db0377e97
SHA256 c1430bf5b484baeb51b38268ed9ff6b4b0e9658377f50614dd9671fdd72c5821
SHA512 2837bc73364a31b7b88bd6b12c688de173630ef4ebb4c2b70809e438093a501249724533c1fe358c081cf86627cb2b9302dd1b22dc430ab2ba3be346db5df361

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6921249799cc5e6014467af108ab203
SHA1 55e993f8e6fc6a4730f50ff1f42faa3a66bb4c1f
SHA256 ccca89d67dea425b076818ba194a2f1fb1e9222a820a13806df483230713a23d
SHA512 80838bc454e5ed8dce53db1c684c21b8aa9e78bffb4dc8add317bf82a979f86de98c902b0d3f04f2057935f7c89b969e9c8415bca1926d9c49b05936d523b695

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d538f1cf13fbe946c6d51ecc9f91ddb7
SHA1 72470137fa6f275acccb30c2d5f728e48799960c
SHA256 e32f66bda957765b03d4aa74c8b0ca7ba60fcc0210a05114c8d4594540a40cd3
SHA512 fc4e6cb6660b7a99413c8aa5eb7cf399f9966ac3957ec5d3ccd469f12551ff9326458880422854fec7f2863944c50bddd37242d24d3273f41cf536f6019d4df6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4903fad87b54f51afee14929a9dc55fa
SHA1 0ccf526058ba2fa43fbb574b81e8b7cc91ea2f27
SHA256 1f21a164e398f29fd5db4dee31a97b5ef804a3c0a9efadf601db6f0ec4b58edc
SHA512 6977772e6784af8778ab29988754763479e23423868313f483be846cad32d4db1c07263ff259a124b6566d5a2f57ce2668d234d7c84130c84cf612c787bf8baa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2dfa563ee1702031270a5e21b224b414
SHA1 4a5ba5eb8fc3e5f352556855b4eb293a6773d381
SHA256 4f3f28c033c7e68323f947e860fd2eb12f6d53a01143576af785191d8aeb874f
SHA512 3a557b3407de878988ddf9868c4d98539d47da0e2d4285f59b72bf3f608d92443534893502604370e4c574ff5aa9aad87700f21ae0622dab5ed4c6c0ce49cf48