Malware Analysis Report

2024-11-16 15:52

Sample ID 240206-r6mnxsbcdp
Target cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a
SHA256 cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a

Threat Level: Known bad

The file cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 14:48

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 14:48

Reported

2024-02-06 14:51

Platform

win7-20231129-en

Max time kernel

47s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000326a8d3b5faa69cab4e3599d301ecd5843c503844bc2c824437d451151fd9c15000000000e8000000002000020000000b501fe0f9c8bd2ad0d1de24b3ad87d9d131bd2ca8ae8e3540b2180a5d2a759f290000000bf3f217598c699291fd8f7d9e465c500195444c7db1b3dbd4e8afeccbdacef949282ae2c18f2b4892e98fc192e8d418b0b754949e4a1c7cc018922f43988431cfbf842bcdbb27875f5fdcac3dee15eab0e834738f301e3e23daf899675e799c292d3a239f4d6c8a2d7a5a0cad0668fe45f490062dc9d1acbaa51b77eea034edf85a5204cea541468bcc58ac938755f52400000008e9fd43676eca9a1a9655d4367413da21fae7e4e38656caaaae136926190ad2e66521ddbcbfa2f153bbc976c8cfa4a9a74a1d44a3c41e66b3bb53dea96889629 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB25EE31-C4FE-11EE-9CB1-72CCAFC2F3F6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000942a35a86aa62d4e935b21f74900cc2c096562796978e05b712c32aaf8b0397b000000000e8000000002000020000000386e6e252675dfacfd4a1a29b378522b2aba5823dab0df3ba8d33460ee5d9a1220000000cdba1faee8348981bf8c5d4c8b0257c02f92b14cecb9d78869d8cd3e2033648540000000a725adbba9fb93d6f0f5b42976b96af8bceec8a8bd8289be5878b15767ae8a3b88e163865df55b7233cbb6afb77f0b8091cc3fd971ea0d5c87cb724b5b9c5c8d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB238CD1-C4FE-11EE-9CB1-72CCAFC2F3F6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2980 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2352 wrote to memory of 2876 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2876 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2876 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2352 wrote to memory of 2876 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2368 wrote to memory of 1636 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2732 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2980 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 948 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 948 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 948 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2552 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2552 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2552 wrote to memory of 1120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1156 wrote to memory of 336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1156 wrote to memory of 336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1156 wrote to memory of 336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2980 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2896 wrote to memory of 872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6989758,0x7fef6989768,0x7fef6989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6989758,0x7fef6989768,0x7fef6989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6989758,0x7fef6989768,0x7fef6989778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.0.461274024\1559781049" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1148 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e06ab91-5488-402e-9ab7-950d13110b65} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 1288 10ed3458 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1316,i,12681982064567015090,2424161787047998933,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1152,i,10815567673280159048,674580833374269890,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1316,i,12681982064567015090,2424161787047998933,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1152,i,10815567673280159048,674580833374269890,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2692 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.1.690015193\1489791660" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6964360f-20e6-4af6-8503-f7e1ace01b3c} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 1500 e72558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.2.1158307600\255488482" -childID 1 -isForBrowser -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00b9080d-85a5-45d0-bf6f-64a592cdbb00} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 2232 e64458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2616 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.3.239311746\1007689063" -childID 2 -isForBrowser -prefsHandle 896 -prefMapHandle 2260 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44b356cb-d9f2-4a7e-b306-dd4bb00491a2} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 560 e61358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1988 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3080 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.6.551392829\1689721008" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57d8478c-0e54-417a-b13f-d186eb44eb6c} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 3992 1f14d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.5.881893438\1467235486" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3844 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc2c4a9f-96f7-4aeb-940a-9994252440db} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 3824 20710c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.4.817603471\357645916" -childID 3 -isForBrowser -prefsHandle 3740 -prefMapHandle 2060 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ab63b9e-1db0-435f-a55b-1d59e6e8a047} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 2460 2070f458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.7.1642858264\1349299356" -childID 6 -isForBrowser -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c75c13b0-c872-41df-963c-e81671c21776} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 3868 1f1fbc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.8.2022571851\643823480" -childID 7 -isForBrowser -prefsHandle 4288 -prefMapHandle 4292 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20e101b2-77cd-496c-ab8e-330cb39da5da} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 4332 230b0a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2780 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3780 --field-trial-handle=1372,i,11389958025818865981,5539970754566638391,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.9.675004676\1645669588" -parentBuildID 20221007134813 -prefsHandle 4044 -prefMapHandle 4608 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a542c5-1cbc-4bd4-a0c4-bf48691396c8} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 4516 22d70d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.10.1301891840\1338277470" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4744 -prefMapHandle 4044 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1bac13e-fc20-4f62-baac-c803edf346fc} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 4756 e5f258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1256.11.707518311\227735480" -childID 8 -isForBrowser -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48ca52b1-c156-4680-bb4b-9599c276d3e5} 1256 "\\.\pipe\gecko-crash-server-pipe.1256" 4936 1e211e58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 179.60.195.36:443 www.facebook.com tcp
BE 179.60.195.36:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.36:443 facebook.com tcp
BE 179.60.195.36:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
BE 179.60.195.36:443 fbsbx.com tcp
BE 179.60.195.36:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 92.123.128.170:80 www.bing.com tcp
GB 92.123.128.170:80 www.bing.com tcp
GB 92.123.128.192:80 www.bing.com tcp
GB 92.123.128.192:80 www.bing.com tcp
GB 92.123.128.183:80 www.bing.com tcp
GB 92.123.128.183:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 52.11.7.173:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
BE 179.60.195.36:443 fbsbx.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com tcp
BE 179.60.195.36:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
BE 179.60.195.36:443 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 facebook.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.36:443 facebook.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
BE 179.60.195.36:443 facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 www.facebook.com udp
BE 179.60.195.36:443 www.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com udp
BE 179.60.195.36:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:50286 tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:50373 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
GB 142.250.187.238:443 youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp

Files

memory/2980-0-0x00000000007B0000-0x00000000007B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB238CD1-C4FE-11EE-9CB1-72CCAFC2F3F6}.dat

MD5 44f8e621c2d2a68155415274e9d390f8
SHA1 9789bfcbc3512e2b641fb7718ebff6402c622b6d
SHA256 3cc2a3c9301886bcc0ca49e84b822849d949df6a31ac9b72035dbb4e6a792a74
SHA512 85665eb37c85746e21331a64baa9009b0b9299de41598858fd08b613091d1a09d9e49ea2d31f97f1f3df52c3526ec26ff95b9e7a21251ee96bcf03035519e3ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB25EE31-C4FE-11EE-9CB1-72CCAFC2F3F6}.dat

MD5 96030fbe6af770d9ec8f233c28640a65
SHA1 9694dbe7d4b566ebcb8649e017572071a72303b2
SHA256 735e55fb01b2022e4f1bde01ef18b68de1d9f68b65204bc30efc064fad08a77e
SHA512 cb00751d9a052f6271746fd70ac37fda74aebbacecb7698ce4c8d1f71fbb04ed7b718a862000b45c381cbb851f43fe11ac9ba15e336dd951d0c1649d651e14ba

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB261541-C4FE-11EE-9CB1-72CCAFC2F3F6}.dat

MD5 f493a390458e4c27c755d3c70fad62b4
SHA1 a56119dad1c696691ed476285191cc399b18bc0f
SHA256 350154133b88db3b4d5289c39673a1cb70ca90397c9496f75aaa8b11a82e44cd
SHA512 2e3419a246b91ae280400ef982e46ba80d862b75d2f8a018575025eb63dbb61a9a454f8b40b9ce0dd40bfa190b4ca3377456a3b9aa646adb9dc78b4222d3f8e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 59f7cd548696ea4ac63434864ff5581a
SHA1 05552de139ef246f2e285b92107087e3ee63b3c9
SHA256 817a43cd70a9f90c67f6694f2b57771e1e3cf3104d73205c59b9ccbe5021c753
SHA512 9909666b959f3823d6717333b8b2287bf3c3d6fe9ea733488dae19b6dc659a5782bbaa3d8718936c596e01a24aced31c8d6eb9c59ff7685e99dab831411ae7db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 4e9c7e5c50a497738b4a3c6d611522ee
SHA1 42dad700e81d3525f7e6cfb5ccc61aa0f0afca95
SHA256 720f81c135d1f2e291b92010eaef2583a297e2617acab12a9215b8c93730d46e
SHA512 4c57e1c59c11d5ab8f02c9eea35cb181f377f70c369031699fdd178680d60fbc99656a8d4de71d0d61ee2b841a5722ab17ca148b96b7281721ae26103f09effb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc31a49b70b655ecb0f3acae58fada9a
SHA1 3068a9ae9a30a4c48852183d43049392ab6c5dc6
SHA256 c2e97f4b85dd67dd0fe79f6aa79cc5c0612d11f69c6252e1a1ae0d925974c1a4
SHA512 02d800918c2b69e8e9c659d0678151b2680ee11f1565e4b2207ae60329e3cec7186546c3aa69d949348e8876e5cf92691f929f42f6171b44d2b60202bdbeebc0

C:\Users\Admin\AppData\Local\Temp\Tar1354.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c6cfcb31ee57b01dfb014220bebe407
SHA1 356264f00a3158b619d0b081e24b3dded05bbf2f
SHA256 b7d5da67336f536781ed941e997a9c50ac9afe56b169ff2f55eb452d9f3440b1
SHA512 4492e319566382fbe5d11dae103bce01cc2bfec5301232bb8144bce38e448ed4325e77f25243a38a1ebbcf7e9a70347ebe137f3e4d5cb08cb44d968f515c0511

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 748fce267ed84f9e991f84676d418f7d
SHA1 c2702ef7c0cce2a7f03c7f34a2213c943f9699b5
SHA256 1b6789248ae0fb7d1f21fe2e7ef8ae53f6658ae418fdf08f5b4167d465b29e7f
SHA512 0af93825d948bd5479c8a9428ef045717b6b7631a4a00e80482770632393a685a9f49fdbbdfffc8fe4f1ca43ac8b31c5dd7040cfd0db19edf59094abdb039b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 783687516d69b242829b5c1d95282315
SHA1 79ce725d5e2ce060e673ffaff6c95ef43c7cf184
SHA256 c0189be4a8948228cff86d18bf168d0211cb7f5a8adb1beb50f4afd70f813044
SHA512 567ad48465834e1f8f98c5d18accdc47d57c5729b2a25d8d1843419acffd914460863d20832df177914f7c3828dd6e2644cc0450aa7273270d6257964ecd33fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfdb0c00b8b9383f6b34cabb7f89de24
SHA1 f03b9f5d977c826287ea6898c155dbbc452e6fa7
SHA256 a0e051df02343d1be0c63e056c92fdbb1a599ed24433f96d96b718ef11563284
SHA512 edb99d7d751b52b86b63c07094fdbef57315da6472887435825733c96f58efbe22576c675de0c8528ec0604adc341182f07df60e4c56f78932f252dd0c970d64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4dbe398d03dfa3ee4bba429c48318b7
SHA1 60010169a1229208bab014af28d4fda5d71f7f46
SHA256 f90c33b13a3e56816d6e0d4169e94bfd8ded7b705a76884a98d99062ec8298bb
SHA512 70582219d7dad229f026b9b2d0ad40ed4917bc15909d2e4631331e0fdbe2b6a9aa198fa451175e8e61512d41fbd45bef89a84ecbd34a51ad8b2f5dcc47b80cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45441e2703bd716af8a3be1d86817368
SHA1 c9680df90c6a60c021fbc5290f8a4f962d43dbd0
SHA256 eaff208540fa53ce10dbb68a6d9ed87ea6153defbaa9fc7f385de2e17b373495
SHA512 f8a2eb97033541687250b0c89531b00ab742ae731db5889e8f36ea06a694784785471fbf4e49962e4c63793155ff3bdbff9d8691c0caa2d7fa6190b8f350bb01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3b75edbfba5144d877718401adfc0c01
SHA1 6fd743f7622e720980bda5b75ff82b17345570ef
SHA256 f6b2a54d9bd6a78536a4523b2a53455c23f606c33a2b449ebc213f98ce5e6482
SHA512 63cad02cee5b78d94103534e57a5f16b03edbab2da4661992765f805268e0aef067df8e1f3b36e95158dc8c3527d704e6c24921c47d8c7add731ac7e0fc6ae29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 83ea80832beba093521d7a0bf2e55028
SHA1 8d725987223f6c43c455dee16bfc727aaf8a8d93
SHA256 439a3ba4c15d9b26437bc96f37edad0426a8bb83a83d8ebf6fd82412fffb239f
SHA512 b3ebb67859b64926d9fddb4015cb1a455edab446fa21c7f52b8880d2ec1bd7e6aaec92273ec4d9013a4ccb797fbd24dded3bde960cad99d46555d97f3da1b256

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cca7fcfe05daf839b5ad349fa4744d40
SHA1 cd1089247120714439aba3af6a38779ca678a5f5
SHA256 7f3f56c204c8ce5b42316f36c1ded8878011de702ac417acf9865c5b75839eb0
SHA512 88ca39f7f35688e0bb47a5f036a88e32eaf3db78fae5239ba7101fadcaf5a1c777635b4af9ce7cfa0653d74bfdbb31865c953dc80333ea9ce0cc62c32767bd47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e66d7183df3938b209e7297f19d600c1
SHA1 194a3d6f938b55689036096e807e20b852089a9b
SHA256 f4859ed26ce1c146df0c5196c3b509c2b58e3e0e39ec71be3d4457b1074b95fe
SHA512 b770c827f2de52abc5ed2149c13754a775ee34372f6019884a1ceddaf356b8db6ad3efd6850e7d32acfdb4b426d7b9c3bbde85a1d46c6b58d37024d983f52049

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 bb38aa338a19b2cbd8d7e20dc3c1115f
SHA1 b90a5149a22b8f61ed6a062b42c97baba8a5139d
SHA256 6503b682c46dd178ac294beed6376840bbe302a1a00b45c57e796aaf4d47a9c0
SHA512 c102c7122c69fec0df59de482fda759a1ca3c4262337e5a265d2fc974e2124454900ae7d18b0017bf2029dab1c24b038706976ac5c10bec8ce86928e04f12e4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b947526f6d479317dd6063fed25bee87
SHA1 3ed8f50bee6785e22efdd948470db71221cbb4e3
SHA256 1ca9d03e77a776c7aa2bf0d648951fec16f613797d3b81a9ec767f136719eee3
SHA512 89e7d9f07e96a808f3f77dcc1ee5501f1711310b327ff800210c3f15c947742f2bfb15eed41fcecda9d68f50ef2bd64fae3b5f8e723bbd273a001514ddb3805d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 710f09007cb7695ba8fb3470f740c3af
SHA1 07139bb83ec158fd1ad8b0c87db243178573d3cb
SHA256 f0a31cf099907a28089a32b7c05c3da040b5479e3f5d860ea443244fe40299f9
SHA512 f9ef80ba219384c2bf43caaa1d5d1230613d74e3816da400cacadfb10ad325a4b7b64f720684777f793522e7af1e7ca383fc57c7b8b6fb6fc0f930d2415be3c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 85aba89c53bb7c2a4f540128473bc3b1
SHA1 493feea8df0a909b5b0e0cdc04c86b193fc76f27
SHA256 98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1
SHA512 08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ca0d936a4c24caeb85f61a5490670df2
SHA1 093370049963249edd203eeb2582c6c7bfedd282
SHA256 66c5e13fa5ec011a7544301df60bcdd7264d0498e8ccbea04a587418b21bfd4f
SHA512 e6c113b88a84e7c19c9e278f9d83d944b13b93c569cf250d5811b7a953951d851246573ef45d652aa67b0ea4331b4fa66431359c72b37c6906f5b34e9fe8c945

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 001af9a08c10655e306345507e9ef572
SHA1 7401eb80482f217da9bd5734bd79b47c0e7cf9ce
SHA256 bb97064c64320d3777571cc36b83f6b24aa7f6513441c41c0b2929dc93b13acf
SHA512 e12e661a4ea4282c2e11cdbc4990ed47f525cb17827b5bcfe3318630c46743a2fad56e25911ca4bf5ad68d6e2f0df93ab84da81685567d1108e00b0a66cea58b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d47de990e3acf682f14b1bb36e483c8b
SHA1 655413a42c11804269cbf6ce6f6afddf20d044e4
SHA256 31215523ee50ef7e55435426b69a66bb5520dc25be87cb33310684d22d3b35f3
SHA512 62fc3cd3bcbf060d90474a6f51c2ec7d5fc45d7992b1190e1735b1a1e49a2e8b4dd905e55685b8fcbb988597f831239b35b356458d08c1583d241df8019297c0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMPSXN6Z\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 eb47c1f6752b2a391bf24128764f20ce
SHA1 7158251b0af5abfcacedfe843779338cb8354827
SHA256 ddb7707be378ee99579536da0a402c98d475b75175dea8ae8964e4b621d368da
SHA512 2ff74d723d1c55974be76d4c0993321942ff1cc5ab33fe55a1d0357cf9d7d50170e5be688d9de0f0923a3b1c9cd7d22c6254cfa8ec8c0a9c268d2cd363ffbfaf

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X4EHC11O.txt

MD5 ff95995ceb122cd09c68b2f9b85f9d60
SHA1 b3f3d91e09956d7571a2e707fda904e060f85d58
SHA256 fbf2189db6862a5ed9d944e137c74bee3e0f696ecca0fe8fc31c792b47140cda
SHA512 8858f2179646bf113426949a198c97848761145ff437851a93b56862cd1b84ec205851e04e16b8c639eabf85418ed7acf2aa1adcf82eaf0e0ca044cb22513477

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91ORNHM6\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7d10d6a2d05142b2f7de42728ab93a9d
SHA1 dd26f063d2bf4688cd996ea46ec9c79f9702483a
SHA256 a06c2f6ee0ae9af14551ac19e95835bf20b775d835b558529eb5979d474f0919
SHA512 74738a2f5fea62431113b09022d031000ee1ee3fd15d0c02dcce313c1f67d7c9176d13a715653d1fd23ed10c8c8fbdeccfe09bdd17511e3f92e218ba151e9139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 c78622f7e2a0476415719e90a79f60d8
SHA1 80b361a48276a963779fc76e1cdd215d95cc79c6
SHA256 03103aad4c38be9a55cc0b0575c955bc1854ffcc5ca806121a38f5c9019a21d6
SHA512 d1c7602f5bc60a06c1261a17f88d8ad156bddc34f1fd940369cd224bcd9a37a0ae6b5717235cd96bf4f54a20a3b5ecef4922e04381dd633571977a3f49902e06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 09c7b6e5b084a294d9d0054d8ec524b5
SHA1 4eeb5dbd0b1e103a72c4a424d6ed1ed016f2f5bb
SHA256 01fd3f1cdac753dea99dcbf25177e8b5ced4ccee5daeb73651fb976fc0159a13
SHA512 c4e33af7a8b4dde257bd0f34826ffc44d8df76697829284812db37e745fd92b3df09d2e11e5ef2d83efe67f9f7e0d8fb2435b92ffbd56b262f88ac220efb3481

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMPSXN6Z\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 a6da94c962a0c35cd314802bb160a493
SHA1 b59d84521897d03b9fe1d6294009b8da1b837d3c
SHA256 07b5bc772bad2146baf9bfa995455d0a21d89f7844f57d2c9c3378ad73753dd0
SHA512 0af0977cf42781ad18a9ed7ab9c227e789bfbc79efb8166778a8a48c09bd5fba116b8def122daaab6c86fe42ebb3d037a6577ce0a059a0a637301a55bb7cc6c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 697afbe01dccce597df2314bc58c7532
SHA1 e3da298f6ee906c7ed58defb05f675728ec105de
SHA256 ad678e20eb422978ef179d150c68cb4b1183389e7eb74ae20953ded9c85c8e0f
SHA512 79ca52d7322190d589fbd236fcb30416d448654de147572b78d18af8bc86ea8c017a023299bf08ea5240d0df36228212eb3d62d4dfbded0f35a930c1abb2d65b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50d960e9f152704be11ae51e7071d048
SHA1 77a37c2d42e2562b4c08895e3dfe5b36b827fc85
SHA256 076517c6267773c8f004122ab4a3fe5e08662155192c92e9997ec94f4477f181
SHA512 84386c4f222e48fd71e67fc043c667b1787de3c0b271018ad4a779875d1b76c28600607d5c8e468a0be9901953dbacc9ae86c67626c845fe16ab4805da2ed794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d93aac9261ac3a6d8e8d7185bf329ba9
SHA1 7f3eb408f247ae47ba24d7cccb0c648047ad9b4e
SHA256 2fd88be049db628508e3f770555076e2502abfb76e0547d47d60ee8a84c7113e
SHA512 56d16f2aef4026d1b9122687dab260b48c8dfe76b76fbc2e7ed50d910ec3965a62b592c100e1470cefea1ccebf42560fa81c7b1854f752014b8edc24804ae859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0abccd586eb1e24da41d7ed055c076e1
SHA1 4d408ec70964c28f072f52cb1c4ecc594fd8ae49
SHA256 8a5d0a5c860983de031fc843c5c3f8c2881943b06814d88a3e6e4c8e46075923
SHA512 82d048a65d282e17109be22f11b1ba94ce9f4d5a844ed3ed65d5b0048e432fcf765e01e86aacf47401f99ac034ef76db58362cc111f166a60f7cc8e6285595e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f4e9d98a1e8decb471936ebe16b194e
SHA1 b9815534c3c7015461fda5c9af5602bfb04bdf8e
SHA256 39f445c7e045178cb1838a6031066a39cfc26008fe81461e6f7dab9e677c0ea3
SHA512 c2dbf5893510569b114808c1b31ea685ec3b0e75a08325f7c560b45ba9bafbdd30c1841f5c498705256e468a64172a9c2774eac32084b7a1d4f1efb06960650f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f27bdfc832a9fe394a3c0f2f6a06df07
SHA1 35eef16783a1d2d6e9dc9bbab1c52661358e259b
SHA256 362d732d7d5a00c5a3e1371ab09c1cd2ee4e57226fda19b90fe2c2f5102101c2
SHA512 4ccf316b02c795bdda768d089912584a5bcc9df616734ed969642ba2f3f4fec16d4419452f30c80352a90cf94aa11bffb69487006d3308709c92ade489b3e06c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1f557a3f138fca90e2eef8702fa59b35
SHA1 4a6a41d872c8dba7b7fc7f90788e010400eaa0dc
SHA256 229de47078c8adfce9407b696da61324b8132c52482b7a73180005f2feb5ca36
SHA512 7f0b0cf2d51de84ec9c2b9df5d9a7ffcc80510433c4ddee3f14bc0f6c474bb8acd58d84bb86320d0c7f8553de2423b7a748a5ba6d01152b95e667a6f5e80d6d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 097323c3b8e2eb4b62b5664f125952bd
SHA1 4265a73a9feb02974b0f66fcefab8ea9ebb7f060
SHA256 892c46e7e34a65626c1a0f6830553db69e9e1de39d1fe7550b2ec82f4c12a01f
SHA512 c6c4f09c59128caf037c3c4b1556c53f2ed7f010387783749bdd3d542af9e0955e489394c8cf8d813f4ec7d6d98a008e2937de5c7255f410889f92cc6218a6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb75f8bd713018b3a305405ec9ed9023
SHA1 6efea7c35a048675042265428f65e230649fa1c2
SHA256 a9e1566fe2e97abfb3f1a799c98f5534aea9c2d09f7057feafc8662750566586
SHA512 83105089eebbfd6a6a7ec5c1ffb35ff1f171642ad2d5d2b6068c7d20f5c25e22e5a1185147e23e0864118e27e1d1ca37deb8e725b811c1043fc72fd2f8772265

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6243cb71a3e5a7092ee40e2eef7cb894
SHA1 b77c16f7f0af1fbddd8857d20e16c690a4c76c94
SHA256 937cc154e40e98018ece504783f93972cc3bb42ae304a0f56db65584815ab325
SHA512 8de1577ca3a3fbaf7d297f3fd5de8d5a7278628937f8ccd787710e323418d1d7be8d463a4a8b440ae3959619c1d54edbcabea0e30240dd73fefa913763f3a08d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOEUWNCS\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2980-1012-0x00000000007B0000-0x00000000007B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1156_VSBWPIROKJYIKXDW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ddb10442-acc3-4dcf-a39a-ea9ab1229781.tmp

MD5 ea9516e6ff92dd74261fb219e889c316
SHA1 9eb499fae6f34b028f6bd629477f281ad3171f7f
SHA256 eccadfaa2e9ed325da4699bf27c210feae9503f72c270fded6e991370b2b4f25
SHA512 bc444bebee6a603eb52b4fc486e1d2410d6a406d1dbf3388a290c887d1c20af63f94e4ad2f35d850c45c0eec3d3abef08be3f692b679cebed59b536e0125bd09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f3e8b016-d0fe-46e7-b25c-a70ec91d9407.tmp

MD5 1bfe73bf2eac80b30f4b9b531b2971bc
SHA1 fd882ac4bc0e41639fb40f3d9c9820fe49ea21de
SHA256 604a13df8226d1f01ae29b52be4b60724995d8431458211c2e9fd7780e16bb8e
SHA512 3b755d17b30bea9c03240c39b44d25bca710cf9523d814389934b305ce19587932ebe35cfd116896fff8745b2d4fe4fe12790a7aec04a1212ba0f4cf43a8a82f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\1cc0e89e-5299-4c7b-8899-1381321c3297

MD5 140fc00549577dbf3a9525eb1ec995e6
SHA1 06f6be18de4cf08813fd60a89e7556c8438fad1a
SHA256 7753656fcf7d900ae22617b2b2bd8b838433fe7c2a8076c081dc56cd91b80776
SHA512 bdadca39aa5b1ff1b21721d41c965fa439b2dd72ed81ed037449b1695787f29659f0fdfe78da6d6cdb1e99c47c32776e54bf9fda5c11ab5d75e2e83e86692aa8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\00ab2a58-f561-4726-97b4-db24977d5223

MD5 1f10575f1d97dc79b93097a65d30a9a6
SHA1 5d59d8b3910341f8a1c3549d4a4af34a884e6080
SHA256 e16d462122981ab08108e7fc4fdedca3ad0e6015ce0257e112e20f59a04d8a12
SHA512 e6d67d7b30273a922aaac8e9b0c7e84334e5ac16bc95dade65ad247285ff9a56bfaad0308686f3c891c6fdb59e1e10d3b233f484b0accf419a1fb296157d4e12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 3ed580b22daa13df79aa912c44e04176
SHA1 aa0faf1aa01b0dbd6486e1148d28cc291d22934e
SHA256 6d3b4b8ca015103f47fa426e3892c885726a84db6d673c831d457fcc0a04f87b
SHA512 13c9e6623ca2eb57e3c724b00fec0c42b6a03d82bf393a0b839004db830c4d559df4135dcfed7fec5727217f6edc349ebb21feb90b462cb21ee3d5e5862424e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 54450494e14c2b179f043ac08a8f3c25
SHA1 76d471fdcd693b94039cca28ee8f3b70ca48fe18
SHA256 9ebcb04d8ce332c7764ebb8222258c38ff99d97b2a105d8533fa5f340fde2987
SHA512 8574e62dbf2e7246f243ec4245def33a3fe76dbf1277096f1c2f287d12db2586f8509ba07d869b0b458f5f920e0a130538123fbcbc26d24a7df815577dc60df4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 017daa2af8dd0e81cec5faffcdd8a15d
SHA1 26f402d2455107ebbcc42b5be60f1552f32e598c
SHA256 6245200e4f67ea1df3555f34493f84b62a4f4d120d37a79d69f787ead0693909
SHA512 c2c3ef4c0d0b47c79832f59bf394ac0ba7221442c264d03f597d50a7ebcaac94a997a4049e2a09ebb8f4419d82e929b0653d344141d51b8436bd6dcd3c489db1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c9202ddb15ae87ff9e27ca96680cd182
SHA1 5e6aaa6e9c684ff1014c5e305606bc90fe7c1cbe
SHA256 aa4d5a0a5a7e6595f0c10e13ec2fa927c9953b3fec96833906e9c1ee5acbc1e3
SHA512 8cd6d825e70a674d77151642ca7eb63b5fb8f73b47418adb8ac2e40c26e357275cb3446db20b9fc2b3e17d89de5f106dae7a9df54d701d681bb8dbbf2e95a9f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769695.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\170\{267f6225-eb59-4336-a4c6-3ffe2ff679aa}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1ffbc20188f930239a3566d5967a003d
SHA1 364a2e66cabb540de1906e63e34ffea4e97750cb
SHA256 2ef41625a2fe8ca01ae2a0b2471e3c6037c9ac86422a09fb074d5ec082e1f326
SHA512 9f4f083f97302f4796aa92ec93b666eb98be8d8e7ce9b20b35cef22a4ed4ee1001b0a5cbf775f26acd4ef40dc47aa07a149ecba7a269fc0600b9dda06a1cb97c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\idb\2656778305yCt7-%iCt7-%r6e2s0p4o.sqlite

MD5 df2c6848dcd5b672c5a54332db059431
SHA1 22dc6fc35daab70501391549e1d5fc5dcced7fd1
SHA256 1b051eb7a2b5f7f7301dc6f283193b03d93d808a6e6bc8a56b783b37a8197ec6
SHA512 60e9cc97ffb8e837f243d1862ecb533ff2d9932526bbb72142970aa0c6271320a9a0d5f1180576e64ae98ac6fef48096d20c79eb73d97af496f26b581fcf5df5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 79d1f7a020f6979165b10714d817e331
SHA1 e49d19c25726ee4aa2f1b8fceb9712a3b96f3bff
SHA256 c3349bbab26e44f9975af8bbcfd3177480a7b7367e67b1f41a5b574b9259143c
SHA512 0f68fb4067e91b097c93be5c8d34206fbc3ff83b2738c51ddefbda95711e126822d7d9b7971e2020bb2ea13bd4de195ffd97af682bc1b49977dc1a8cfc15f5f1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 3bd783a93f68c607b8f754ba21abf27f
SHA1 9552d5a6f4afa482c5d72a50ab17c1d5c99145de
SHA256 8b0d41c8b81c5c608871587ee2b09124091f5a7abe66b515f483e505ae8d9e23
SHA512 0f4ea9a0f410a7b547c24cb00f3abc8fc5feda3ac778019ef1f0d0190e75c38029c54a7fbedd46809f846ef57e9b3fd019ce68189de0612f7b06fb36ab2e1a7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 d90dea8838fa9da466786634c22826dc
SHA1 e089d07a7a3e61f7b62a2c1036482c1097c42dd0
SHA256 0d2daafde59f5b4be43a464823d4f15f33497f97a81a2617b0f071519e31ca17
SHA512 d3cd55b2c8a7fa6d9f1205f0df1b179d67464524ee193baf29ec0484eb9cd752761d63ec06d2ba459f9d16b39ac3c16cb7a8f8c8acd55cbf67a90ff82959959c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fa31e8b51f30e0c6c6866e4b08282d8
SHA1 81df739f9e8b852ac9aca8a9da3e993360281664
SHA256 a8cd7f7d00eccebb985a9110819cc031a78048abc03fc19382efa6b125b6657a
SHA512 f9e123ad7ea93410c364b0aa88e1ade5f78b0c232bc17d76545f2092dcd00d119b580b4f9b1462cf4d6c82402cd053b968dbcf6180e7d14042ae55996a93bac7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5da7c156cdb0dc1d5f1e62e03a48451d
SHA1 77ab47c4771c32e6367dab2e0f5706edcb0faa9b
SHA256 c6edec77798c19c53e8a10e4a7a321d8951a1fbc8110fb004d06ee3a756329c3
SHA512 8f3dbd92dbad8e7aa26bf344798e4ac3bd7d9dee1e1aa6c963fbe0e07e079180a27ccfd652a3a9e262ccf94f58f8f9ad1534daabf7e9dee6e27ec70591ce06ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74850a04cbe68978499075f773c0d15e
SHA1 4561efd4e2be0245d4ffb0ee82fb437ecdd8a552
SHA256 9f7c13bfd0564b3fe7ad876252a0430771a665c9c46964e3902c6b78060d9290
SHA512 d5227dc2ebd505c306d4223657b0ad012cd28e5a3e008c2e65d3bbdbccfbaa113c552ed2b913b86ac18fe2883ec5577ff35b1629802a220eab257d258b88d7ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 175b9f49b9b903a79e937da1ce643bb1
SHA1 361a19eabf428b65650083bbe5f660a90447ff74
SHA256 c38e078b790c287a63255f1c68f3ab27f326e80e5d0b2abf0aab10a918fefc9c
SHA512 824c8b15b8c39d4fb5a33790d4d03dd631936183b62adeef66e0ff47b28dc87f55727a8396ce2d0ddeda8df992e51a684ee1206ef0e35759d926d8f60256b87e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 771e1afaa59642bae06005c68c35fa3f
SHA1 c0b248913537b06db9a9ac1cca4135de85f7ffc6
SHA256 7f605aa367fed157783bcbb6f45eec9516722e082202ec7bca4fd7a271a0558c
SHA512 073d87a884d76cbe7363cc9f37aeb80746c1c3b7d7b2ae67ec423e62b8a369dbd53e5cb7057d378d7d2585c8781f9b4c568b903a47003e8dca68655e7737535d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 317973bfb49712b3bafe58946060fd75
SHA1 62729a184554cc160de2dd5d9ff8e0ab4dcd3b6d
SHA256 ca050545d7b3999d34f0675187fe7d42a4513ee450c34af169ba0e72933fd2e1
SHA512 018cf5417c395a538fd5c9faa3cf8ef3541fc7470203bd86eaa9929e3c7ebb596023cc3478d327394f694c83bb00413dad93f87e3c460b7dfe9221cdb3ea8ee9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75663a2e2fafb8142b6bb3007351a2c3
SHA1 6e9942809a826547d849a2212aa4d388d1f6d7d5
SHA256 75322b33724b9f242bfddb5be26fb05d9627b9fbe6dbe6920b2bd3e73bf05598
SHA512 de8f45d4cde6555090354701065c6a080475be4f8cc85760aff246b02341fde98b19fd82a395a1e91ca5954ea7b670f34b734bfa41f7fab90336d6bdbfe90885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b94a7e71f522db1e541cd4c28bfcbfba
SHA1 9833d9da2d6a13f1eb049a76e7bb3c105214ed2b
SHA256 ceae1ad38ee3da842add8b9729f2ba8badbdbecc67614bf5660921dd2e9e8470
SHA512 2918fb651773b83b796366384449388bf7803d3cb3e8aae30ed655ba4d83ebceb657793a3b8da34b0a2d23ad708531afbf4d1e68056c23f97bbefc4c3f6420e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8282e0ca-1915-4097-9909-d191359ed31b.tmp

MD5 acbd6af5be4b9f13a920d79f107abf9f
SHA1 8e3cdfca9c99aafe7dc15fb1f4dd80b287fb3376
SHA256 4bdd7adc42e7bb89e6953f27d0e9933e22651d779a36ba399886687deada7d84
SHA512 e92c05e4d26e5d477ea4973e3151f52aa2f9340b5baa8a2b0d22f9c43f0bb16e836d6a5e5a7f08c3bbc0a2f21ea7b3bc8e9f4da6b07372e648646221e409cf2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a051bcb4841be5808bef0098c7017722
SHA1 e1ab92a9d75c315fa652702681d069b32974eada
SHA256 9da156d49e1910a1fd73babbf02fcd02142560528b55eb09dbd7e2fa3ba6d786
SHA512 73f58c646d2de625f7c271f46d82f4bc4fa71def3bf53a087294bc7b66899f47d118d8ffdf78b1653ada1bf6e103a36ecf765e906d6386d6a22ed7850c5584d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dca9cf1a947fb78687926bdfa19141f2
SHA1 ccacd2ca910bb697af304a59ff1b0fe0c5ee8360
SHA256 582b13767da6e6ef03aaea6615016fec07d0a182937c1cc934507b3c0d57769d
SHA512 d900968813ed3af1129aa64996020eb69e78d500f24ec1168c6c092a12ac40b82ef3c045c2c22467ac1eb07c1ff6cac323a070b3c3cde4874cd38dacd6aba5bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 14622c60445cae6c1d618bc7be9702c3
SHA1 f6d36d30a2782febcd967c851b9ab4518618e5cf
SHA256 e54810674b50db2b7cb26c4370b70ca2f7117bb4e6afd5c5d13c7c5bf2237eaf
SHA512 132ab1b970411e616c092feb2b4eb0e6a1b2da2efc246c2cd15133142be6d950407b245ab6398fb332ab83ca7233dde46636d82538a6414e27b34e4bcc55d533

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 14:48

Reported

2024-02-06 14:51

Platform

win10v2004-20231222-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\WaaSMedicAgent.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\System32\WaaSMedicAgent.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Windows\System32\WaaSMedicAgent.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\System32\WaaSMedicAgent.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\System32\WaaSMedicAgent.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{92A12786-FB9D-4418-AD09-5774F2E7E951} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3876 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4016 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4344 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2424 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2280 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2280 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3876 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3876 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3876 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3876 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3876 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3876 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4596 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4596 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3876 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3876 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4116 wrote to memory of 2336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3876 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3876 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 1020 wrote to memory of 3692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\WaaSMedicAgent.exe
PID 940 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 940 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x8,0x108,0x7fff090546f8,0x7fff09054708,0x7fff09054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff090546f8,0x7fff09054708,0x7fff09054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff090546f8,0x7fff09054708,0x7fff09054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff090546f8,0x7fff09054708,0x7fff09054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff090546f8,0x7fff09054708,0x7fff09054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff090546f8,0x7fff09054708,0x7fff09054718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff08b59758,0x7fff08b59768,0x7fff08b59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff08b59758,0x7fff08b59768,0x7fff08b59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff08b59758,0x7fff08b59768,0x7fff08b59778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,216632816830595555,10656573962715028898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,216632816830595555,10656573962715028898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8429104718262212337,3868547930423805556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.0.1682607714\1380456693" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51ab3393-4a4b-48ef-8268-971d1281f865} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1952 1a3750d5e58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14956977142217498720,5043823272406261869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,13625814084171813311,15763910981001560405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13625814084171813311,15763910981001560405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.1.826574304\364688790" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a10aaae-5949-4cc4-acdb-763c1192c1df} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2404 1a374ffd558 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,13763700405862518797,2216428167169822494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.2.1432425394\1083238606" -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4374f90-adba-4143-b8ea-e5d60277d71f} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3216 1a3790bcc58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1952 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1920,i,1322663398352989579,2831192824881762209,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1920,i,1322663398352989579,2831192824881762209,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1992,i,4372656013436951831,12020679066338282225,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1992,i,4372656013436951831,12020679066338282225,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3788 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4880 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.3.513210072\288954670" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3028 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3d399a4-ee93-4e15-9143-a4ebc27196d7} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3600 1a3788eac58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.4.434969989\223863388" -childID 3 -isForBrowser -prefsHandle 4280 -prefMapHandle 4276 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac1e626c-069a-4966-ad72-3e3a28433fdf} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4288 1a378c31858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.5.943979755\372043138" -childID 4 -isForBrowser -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78ab99bf-a8a0-4d7e-a898-bff0888e83b2} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4748 1a37ac81258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.6.1712560845\1895778744" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ce1132e-6bd8-4fdf-a405-a63511ed5c86} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5256 1a37b704d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.7.1825834453\1588965775" -childID 6 -isForBrowser -prefsHandle 5608 -prefMapHandle 5544 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43052f6b-46de-4408-aee7-0abda1243729} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5612 1a37cb8b858 tab

C:\Windows\System32\WaaSMedicAgent.exe

C:\Windows\System32\WaaSMedicAgent.exe 82c8bfc9d9758f787162fc1ba6144d59 Xckvrb4BTEWb6IICx2OVjQ.0.1.0.0.0

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.8.1645813333\2079099350" -parentBuildID 20221007134813 -prefsHandle 5936 -prefMapHandle 5928 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d359eb9-4ae1-427f-bd54-ba742b856515} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5968 1a37aac2c58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.9.895514917\1144674943" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6016 -prefMapHandle 5728 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ecc4a19-1163-4fe7-a119-7a958bbb748d} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6024 1a37a784258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.10.368984192\1170868980" -childID 7 -isForBrowser -prefsHandle 6240 -prefMapHandle 6236 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03a836b8-13cc-4575-bf8e-2b54330b5a8e} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6252 1a37c327e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5300 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ec 0x408

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.13.1320717481\1782685073" -childID 10 -isForBrowser -prefsHandle 6016 -prefMapHandle 6584 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44d4afa1-ff88-4b89-be78-4593d2d5657c} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5468 1a37554a058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.12.2049997857\1940640013" -childID 9 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {672d4eb1-6d27-4999-b6ae-622176af0902} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5176 1a375547258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.11.1980231340\1081207087" -childID 8 -isForBrowser -prefsHandle 2936 -prefMapHandle 6236 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57995ae4-f3c8-4dc9-b0ae-0f6556e06a2b} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2960 1a368872b58 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12306255018408736490,5754238671611496768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=2144,i,6703751202066031367,17763878844956813746,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.195.35:443 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 157.240.195.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.200.54:443 i.ytimg.com tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.195.60.179.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
FR 185.60.219.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.219.60.185.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
FR 185.60.219.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 www.youtube.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 facebook.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
BE 179.60.195.12:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
BE 179.60.195.12:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.36:443 facebook.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
BE 179.60.195.36:443 facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 36.195.60.179.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
FR 157.240.195.35:443 www.facebook.com udp
BE 179.60.195.36:443 facebook.com tcp
N/A 127.0.0.1:59503 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
BE 179.60.195.12:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 fbcdn.net udp
BE 179.60.195.36:443 fbcdn.net tcp
BE 179.60.195.36:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
N/A 127.0.0.1:60436 tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 76.246.100.95.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 136.140.194.173.in-addr.arpa udp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.136:443 rr3---sn-q4fl6n6r.googlevideo.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
GB 216.58.201.110:443 play.google.com tcp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
GB 216.58.201.110:443 play.google.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 youtube.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c61.gcp.gvt2.com udp
IT 34.17.18.17:443 e2c61.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 17.18.17.34.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 142.250.200.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c46.gcp.gvt2.com udp
BR 35.215.235.162:443 e2c46.gcp.gvt2.com tcp
BR 35.215.235.162:443 e2c46.gcp.gvt2.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.235.215.35.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8a1d28b5eda8ec0917a7e1796d3aa193
SHA1 5604a535bf3e5492b9bf3ade78ca7d463a4bfdb2
SHA256 dfaf6313fd293f6013f58fb6790fd38ca2f04931403267b7a6aef7bfa81d50bb
SHA512 51b5bec82ff9ffb45fee5c9dd1d51559c351253489ea83a66e290459975d8ca899cde4f3bb5afbaa7a3f0b169f87a7514d8df88baaeec5bd72d190fd6d3e041b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1386433ecc349475d39fb1e4f9e149a0
SHA1 f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256 a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512 fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a43c5442720748bc3520106b9b6d4737
SHA1 3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab
SHA256 0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c
SHA512 9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81770b831c0aa0a606817e6dc4b0e886
SHA1 f74507c8d429065afc054c6a3fead9fe871cc1aa
SHA256 84040a47ac32846e6e22b402547b183a2d20c18fb24faeaaa0c089b091d968ed
SHA512 e966b3d2b8e8b0eb1aa7194b3cf9c18d19c0b328db6faf5f4b603eb19ee97c90a93eb526ac965e9551d49183595ac8800d4df985bd473d08ea5d51a1349adb4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8c33097a5038ff832320a5e6923e59b5
SHA1 5e6df77db8b703b8512a55ef38d638074d421739
SHA256 50cc77bc017cbb85663c96a7e0f2f7f6fdba3a83f8d605482f402cb7f02e8802
SHA512 b8d400df13afdbc8218e0a867cefea2971ee8b0da39bf7e5bd1c0dcc072e7ba28fb42bac83df5a372ff96e328b341ee2ab21a8f2988a4a5760e54832caa6039a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85b5a28fc1f61f67960b4e3f71d2fbc4
SHA1 1d740f1f274779ed26cec21c8d61b7d2bba0d73f
SHA256 c04b35ad908e8a63a64e2677441989a74c43bbebd29e225b0e4766733b2a0b0c
SHA512 29fc9c50416efad5d1e41975528e60b05e6856289510697f09a27179be2e91809a1c4d1437bc981564fa875c40afae877ede4885c68e2657674c728e031d208c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c143a53f411aefbdff6349adc99bf158
SHA1 2831bc6491c72e3500fcdacd1a830ed4af765256
SHA256 353b0152c02319f12cafaad33db7b48ec235f2b2e3de0f9f6168b43d0edd2f7d
SHA512 8a8df56fd28bd520b5ef3c13e214a1d884f654194f5f385b9e4bb5fcd0e9b9d62333ac965ff834abaa5711be1a3c848c41140984aeff55ffccb35ae61e18db93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0a5901fd27f598ed98f3a1f5beeafc21
SHA1 40994b3b9f780dd921bc8add7b4af45d02800d9a
SHA256 efc449a21ce353e52c4ebd8a873eddb82ac2533a9f4594de79d2a57531accbf1
SHA512 ed79913d8d3700620044f0f699076f7f89f91605efb89740ee1c2f8017cebe2215882ccd3c65ea243059f28285289dcf7103b93bb9a9e6624aee233cd0a95e7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b273e39c305e15f1029a2bb36eaabf66
SHA1 1fffdc45af3d69d9c52b53d1d994696197d31442
SHA256 22f749534994a5a8946d6d0edbd49cca9adeebde0d463084eba5c7b3a5b65dd1
SHA512 3e7c2e77f1b7243b59a90bbf090e5475cd5ecd85402b8cdc938dd249a7a93f1268f923cafb8d3cd2abede516aec63c37ad824921561183fdc7fe7e423ee24d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 33ed23f7ddd518b4fcbeed6abde6e273
SHA1 9086a64b7c3acd23bade89647529ca6b8a0cba5f
SHA256 5f2752dad7e0fa313b9d87b57572cf98072e5f21a8b6bde2b83504219fffdad7
SHA512 87835d1a430adb396b688a0e950cefd90e26a20d19bea8ed96cad1587766bdafb674bc2171797a157d94a55125b98d71fcd52ad47123531b394febb264f218ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 48e29d271607e0ba74370ab2d6765281
SHA1 53ce57d9b4bdb0c84ac18245617a959dd0e30b44
SHA256 0d2651b4da0002d97e7a5811a3d9a1ca7f4eee6ffb1ce750ea4995d2e2b1d832
SHA512 f56bf7b29e8261b0f671bcf3202ae818679ab885ff5bd48c7ebc9c2e19b1426f67c55a1a82ac0324f1ab8cdb8b0e92d32ebe23cc27029a73985e4a5086535870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\ee6597e4-843f-4f6e-bd90-65771944aaf2

MD5 db580c325d108c4ac0fe78277881ff24
SHA1 b1b23536fe5348190a6f94854d87b16d14a28bb0
SHA256 c2d4de0e23f684c7ff5b21047d8f5a724b127abeb639edf603ae59f7bf7e7aa0
SHA512 c53c25330b2b88f205b805856ff8bb14d06d4b6413a8f5939d0b65d41d470df087f4cfd1bc7c675f3afc451398339a9b658ecf55a454c4586456658f2e1c22ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\441f0645-17af-4332-9ee1-7c133607247e

MD5 c688876effe3a771f00acdd78fa6b6b9
SHA1 b587ae7c16cbe8db5af7fb99ecdb16a02c6bfff6
SHA256 0cec250bc8ef19c007f3debdae71d8e0eb17c2b2bea2982c7d15f9d6b221e02b
SHA512 84a3f9b6082733281d58892c17c3540e65e8385d19099851cfc7468ff8d3cbb55eba0129b476c868f4b5cca4a5fa6b1d6e04c4dd230c5ccdbf678ae977b7b834

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

MD5 81f7402e448220a1db1076ba278c5adb
SHA1 ed31725908c6320e82d336a13c1bf116fb878d36
SHA256 f809c03f9b730b4301936d1a1b8157505efbc220e1569e3d0fa790919b7b0cb7
SHA512 875fa6e24ec5b4342ca619b757f462de82c5cb24d1fe4e630b50ddc235618c2eb4c228f87056971cf20bc239534a8513a89d0827900b0d3f00c771faa9315309

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 fd9b459baae98d7ceff08d5cc3e15a7f
SHA1 f677c66f2e73af165084de53a11fdb618dedec14
SHA256 4417dcc08355a426b2c91ac49ca8e1e0718a0550b4f8973be7589fd2cdb6253a
SHA512 d717829465f0dd8c362e10d8b989a6974d68a0fe9d4075ccbe3e4a0d8eaa7996c18cc8da37b20d94b62ee9873eb6cac3172eb52193be85a135b504992163449b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

MD5 2c1d6ac65982e2b9f53160bcd1abb220
SHA1 303d7a049ac7856d4600bc9c0f5665ec0fdd7d40
SHA256 83899e35431b7a90677fee6b3a6a4106600ffe26b56d66bc612c178a47ba00b1
SHA512 8530445e9c7e6e065f3d034f7cb67de1b8efcd7f418c466a625a593f095fc234bf859994cdb7c60b111c73a54247b2426355323823e4b281d671cccf5c6d113b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f3b7266d137c6beb0045f13ce07d967a
SHA1 5921a7b26c5bbb62fb43faefdd1cd04e2c6fd867
SHA256 94d7533d6897e844835766c4a3a173f32157831872b9113a938d4fbbb62bd99e
SHA512 2a66423f76f3955bef70af6048889fc86334a9ed6e684866ad57d47752ba11a22c4f310d8793b42a156ff05a44215b0d5d45721e913f1d6e498a512e30f7f21f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

MD5 b16664cfc4b8d7261a80280ddaf2915a
SHA1 55bf6f11a82f8fa4c1195dd37574e272d75587dc
SHA256 e3cd5f2c633f29641d28a3ac372ddade8614cd7f2e659592a9c1b7425e0723f9
SHA512 6f87f9ca930bf910f0bbf5ac6063feef55a376de027a032b41da7fea1e6834e48834ed6580557c98e13373b6cf9c90df130bb0eeb03c94ab1c2baedfac5cb3c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c197799d2d9f28b5627804c3aaeb4667
SHA1 6944a790339d7eb181f3c9e40c4cde709ce151da
SHA256 54ca55a54b41571461066c543ab95658ba98f019b8a907a591b8afdd681c27bd
SHA512 97003a09ce93d9c8964b4dc768081f4ccf972b89c4463a71c869a6b2e55524d5b037e27e646108ef2c88e87769b5e08d40de13d7021491894dfe8672caa071bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 08d5127b58aa25bf5c39b7e70df25b49
SHA1 f78e5607c120c23b34d6958540692d69160e223b
SHA256 34924e648644b119f4a4d75a7eea983c2f667f0d7cb1f660813d84feee4e593e
SHA512 12097ff0d317da7abe1ced3e9fbb7fdfe8921e49be6896b5ce509ad6db1468fe9cee13333357a683367888936e10edd4ad7b5b7f8a20fe3f3f7c39c66bd5f7c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\default\https+++www.youtube.com\cache\morgue\171\{c7f77ecd-1758-4705-9127-2f21e83c19ab}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16b20745a3a81e88b83c052647ae8d02
SHA1 450a7584f2349748a9f727ec9a994728b54eba76
SHA256 49249bc57a085fccb3ebb62521d2a7bba39e56abf2c18bd6ec78f1086e0b3ec6
SHA512 790b3f3713d7f07578ac9dae729d46b6b6422f5d01ed0676861332c1f2d337a8e1198dffbf59fe6cc95e46af77874a9b47b6bab30b5ec776472dbc8ad9350732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e664066e3aa135f185ed1c194b9fa1f8
SHA1 358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA256 86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA512 58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\default\https+++www.youtube.com\idb\759359668yCt7-%iCt7-%rce2sfp9o.sqlite

MD5 db386f66e50c5381ee18384b632ea4d6
SHA1 f2b858c40a80126db507698932a94c88136b8813
SHA256 e6b4e4b697f724e4eeaaf70910ef5e4ddb5385298d561b4828de99644fc4f9f8
SHA512 c35eb7408dc834409354fcbfc7b9d76e8a6d29326bfe5946aba28d21411a5e3d98253b5453256541d309dd9d9e99d83fb8b1a5f012519c3c0bf3925c487a5b36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80ca24fef1c93b50f99652fa07709925
SHA1 9af1da2c6d4d8c64f22c03c71c29aee8694dfe71
SHA256 153364b52879a9f70348532e46c07e2f7ce4ca1e719c821e57765783616d9cc1
SHA512 bc94e442f30cc9de7d959c4006692ce695219954e6465bcaee3290ab3d353ab27ca4cb30bb729cd4c54c8ff5759a6df16addfbeb3b9574fa1b6f82e96374b916

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c94e93f0006567efb9358642d3c13d30
SHA1 995bab0c809f95ab341072c04de1b9ce3131324a
SHA256 df80ddd822b3cf39903baaf3519d6f8c7d4bff63cd33a3ea8cdebbb623931b66
SHA512 9d0eefb3bc2d840ca8cfb0d1ef7058cf8cb55eda4fd44b1fa2cb6d0c29bf2225ff33ae6dfc25c376ecf6918215379d126bbd5fff98599c95f52c354f243bf10e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 13b557fac5b38edafe500b6f38d8d381
SHA1 24e2fa42c9d2727a15667bd87b2121ea1a7e14d5
SHA256 08ac1a7327a1db87776aace18bef3ff1c3053fec213e0142b8bbf5fe7e8b1634
SHA512 e8c998e68030d70f3a54ebc24072cf9a14db9a8357f61820164be6c65a4d4aacadf81424dad586082844e5b29ecda792f4c51a552ebf7741c6f62f8ad615b87d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 b1375326603fe65cd42df7fed7ce5c45
SHA1 a7fc9a7c979e62a0bed17ae5e8da74738d3e25ba
SHA256 c9088547ff6883a0646b7ca0c27b0696524be01431ce0059c4ebe765d48dae06
SHA512 1a381b6193bd8380bdb81934bb0b5f75a514c5fb878ab70dd1f7ff5c5be397298d0ca4cbe1c65ca245074ee2052322f89487807b9f73f780851f3a074f74ced3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0a1b5a209bd5321f2faefaa438ec4670
SHA1 ce620f4ce49e6bd26ea80ba85bef25ecb0dcd678
SHA256 fa1369102222894ab78abdbd5b4ea33b62187ff11c66d1087f23af627c1be654
SHA512 5b2b90188093f02bb684e10a865565831ec709c1502bc3f0b15a55f60aeb817c02bd890e754c8888a7f42600f3a5ea3458e1439bc9fd2e9d7ded5745ab4470e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5799ee.TMP

MD5 01fce568a09db52160d8ffe148352018
SHA1 a2bd130b075984ef24eccd345df8543dda0042d6
SHA256 baeea0e4266f93f7be6864eca0433cfc01f8c879c05c25138b403c8530216a5f
SHA512 cc36a46e47974a9a18dbd4ee7d399c56732845aff379f517650785bc74aa65c57ab81984ff428abd781f829d046e68c82e976551b3ca09937fb566a21d5e29d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f9e606185275ae0250626f13b31ff04d
SHA1 38723ef2cae7a96d969b91568c730b158ff917b1
SHA256 a44f699f5816bbc5f401954fd3e5c9dd6814b3e17a565014fd26640b27982391
SHA512 cc9243565924fd5a70643edb1f9c848107f830b92f8d326b625618e7307014bfc00981c982b536d21633ad8a8c44f44a361699c712dc9f107b52a7b04230eece

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2520_69673802\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2520_912737476\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2520_912737476\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d5be4a4c39add87514f35ef029f3764d
SHA1 bfc30b9345cc43112db7009e2bd676bfb6a9c2a9
SHA256 0bc2dc9a1ce0dd3ff6b599d444058d80553600980ad0a22cd4c7541976609292
SHA512 6393f7d9e9861daaf1ea73addd76681a7ca48dbfa31782dc2bba6aed1610ccfb605636bf137f955e34be8b3a934f5f9ae3f52cbd5fc20b2ae3141f784d4dad36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2e04f647e38dafe88d36ece8613041dc
SHA1 e6b5bd2ddff30f94a2fea0063e85733db803b956
SHA256 57168543442a78e6c4b60be2c12b0fb391e935692981edaf22499715902b9367
SHA512 63fdf69f1d6e0b02907217532f758d8e5eaabf2be8699c1728d27841eaff4a6ebb72e2778f4f25defe3e9c7c86e023fcaec6c26794ced80034757a5e76c2f924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\528ebd4f-8d5f-443f-9d11-b3500f26da83\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 89d759b03c2c35c25ed6f76405c03ee5
SHA1 60c66329506f454ff3e8f28c926d8bdca358c64a
SHA256 064a7a9e8128a523f5a45a8e0e8a16cdd9f525c0cd51be6c8ee9df768cf3f57c
SHA512 f736925ee452350cc786520ada0b1163e55110e25817234dda6fc44e4002c991a31b07c6cd7efd84137ba203aa3fa23e4623927c721e0a84e4b933d9254efd5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e3d1b0baeb6893d49dc18b00e5cfcfa1
SHA1 6106bb89835f4005e229f412a358354a251b8700
SHA256 4dc5942a995ad87ea9a6fcb083cc402a222c7df3f39ad1223120f2cf6953f0dd
SHA512 aea1e8176ad637eb168c8ddb6e5c21f625db4fa56a37b015e44b2f0defe00c94b2c7279d1847a78d04dc57b116cce3861667b490530556fb077123b48ed44c98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c2b09a3d737506e1b6aa463379444d6e
SHA1 2e7fb6f07d119207e818f219d3635da6c47bca01
SHA256 3cb1f638e206156aa9c0999ac862859ede4309458119dd6c0b869bdd683c6968
SHA512 2a4b81a4255b16a8d6f9070bfb368ff3ea490def6a08a8ff9b3b318fcaabe2e71b22e4e1fa1244f1e15e79604243f9dd89f3c4a01f844392efbc7109427a76ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad76.TMP

MD5 6e11594cf46fb70dbcc788b3a40afa04
SHA1 c782955d6f676fa3d2b15a235a6f4c015035d489
SHA256 359cee245eec73c4bb2bca9fe948d93309d37f3aaa7fd56f11bf01036364b685
SHA512 64aa549c6737f34479021594b0e403c2e567d45332d34b1d02d204a286e6db418681514690a82d0e9da4090de3bac207aa4919edd34d761c2cc419a57037fb73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e12b1411dfa8d76b442084845edeae60
SHA1 86b2fd6c932df8880a0959c3ebb81be8267a97a4
SHA256 4baa517bb123d31c0bbc84679aa36b1e2e2684bdb376100c728d7c9886ca1508
SHA512 00608b12589fa7f137c499109ee615c8ff9df9cc71c4646e767036afabd5050030946849b560cfe3aa13d5d0fe08fe8622af33eb042ebe631352a9653ea0a51b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 72e8c62c391c9c900b3db9d8e0807f4a
SHA1 0b0e2bbc68e9e384d564abc4d19b7655471df109
SHA256 ddd8102c1b18fffb40a3808d204e2d691dd6efdc6f4b0cdaededcdf95a80dabf
SHA512 a07f1a4e5882e62c1d3203fd9555acf33ec32c90fdbf95390fcd9cce0d09b94adb618a4170e70c707326a3cfd6dc3e4daede55905e0c8145e78780467e4ecbae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a0a14a4bd5964c5c3f0950ca94a0f90
SHA1 edefa3bcd5a2149cde70d3dc0cf6128425192af2
SHA256 b4846cde7efe47b662423fe5cae6619dbe7269fa0e5a90d0b3180d2d08a1c3e5
SHA512 21e04704631182391ecd7a6320a110bcd2ce3178fde70c46c01553176e2cf0ac8e2b0340bbd1dd776612048360d74fefb205a53b752096c2486772e8f61bb334

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 e504fc9f9ac2b0e85f00c1d3121a80e8
SHA1 3efd9911a7b83f93e5f180bae98fca645534ae12
SHA256 cb426b8955f60a51a57a8c4d463ff063e003e6fd56e3ca5ec471b43d4a66572c
SHA512 4f06f9baf9f7272088aeb6cba1aa1d551927eff07db49ff24134f64f59c82aeb026479bb6105400900faa3a1f25b290db0d8654dfd68e13ce4d6f5785232e86c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 6a2be594f957f78a978c544271becc5e
SHA1 00bb48d6249dd60f6a14093fd9aae85a76b6d4ed
SHA256 357e38c76c261f71da18b5b9432b597f15d6abcdb9f0c845217f8b9250d7dcef
SHA512 971325298ca11d5779df89f3f7dbb44e4d743a77cf4935da5fbf019aa0927539f9a4e6418285e44df75b7820bb685d3a206488e8f7f49fbdb49aaf995e920bbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 2bcc17f343455b843dfbbc77915e4350
SHA1 6698eec7c6d66a017d839028a5782a9119bfcd88
SHA256 7864ece6566bdd5e1de38565c4a29d58dae229309683e8ff2f058eeca077d71f
SHA512 0d602ebd87e9d97e0196e3cc5de37fb5141c91a8eff483fadad27e09173cf2b544f42ab67eb66cf7db6abfc2a0365dad91c12cb02fdb4e761c679af92dd6a367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 51b0463f54842d8f430ec687237b13ea
SHA1 9eb84ffc5276a112666baa0527dcf1c6af846d92
SHA256 ba9d9a6120578078a6c7a24c6d0792d59cf6032cb8b837740324a5078bc28b82
SHA512 90699f30d54c0db78d887020c8c18130202b410eecd8b750fdb381b0fdac558be5e7e0a239a31999627e18052665528575f5db55a16d8a183a16690863779689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 edbb44834882b74a4ed3a65d438f53ac
SHA1 58999174b9710055f60402309a13f0bea937aee0
SHA256 2b995aec067fed89508d6f32597d52a317bfd7783460e668459081e1a6141a9b
SHA512 356d734bee876bafb243c03687b26765e9acf8b515bad2372c17250284133b02522ce570e34b98ef9dcb1b4a8e630f6d6892143a76d2b32926e518b2fdee5a3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec92.TMP

MD5 a2b5ec9e5deaa2239644d57622550390
SHA1 fc9d015e6e6b5193c5b45c8905833a6d5fd61634
SHA256 cbbeeb4373a47ceb0fa3297ca49a8406d672473e4184eeac8519db14c3d02593
SHA512 e1e0137ba9107109a550700fd8ccd86f39d1cd25d507b1108f2b5fe026da21371e921ad715d357c7c3aa25eda69e0a82badb3efa1e2fa6df314a1149f5177429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f2d43e3dcb141d1f4d666e957d65d6ef
SHA1 4a4fd199f94ecf81d7d19f7430a653b82bc0e6b4
SHA256 f2293745d4200a2de6bf30e60e5f7dde699690abef73a4417603897a2ae775ea
SHA512 4f882b2cd0fede64ccc90474bbf6063200bc0adb0b4af8fd02efa5e4210f2d3cda9daaa2679b7309d6ce8ced9def5a13d08fbb4577604febba963e5630a641f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fcf497386defc4a204685d16d313f495
SHA1 47cba9101ad6ca2d49ebcdf8743f8d830ecefa97
SHA256 d22b3ddf905f401e72e5b919f591366e81dd710d57c38b3a06d14c18ec1f7ac7
SHA512 e26c5524fa0cf8a0acf2ebd0cc95e331bf8eda2e88fda0e5898cb733d227a41b63531f9241b2027ffadfea5f5b7cf9a0ae2e0455d21532552bd084875e32a9f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93ad32ee17d00a1fe9c7d8b79f3e365e
SHA1 16e3b90c6a316a48074c42bc18b78e92727e3df9
SHA256 90684c3cbb064533ee9781160b3b69ca56974b6e0ab1d157858baf62075c46b8
SHA512 703dbf8c962aa7db2e5452630ad0e07635c2b9ff4483d3ba46bc16b5b451fc9a4b190fcf37d1113807655d870a7ff42269bd5580a4fbdeccd526847fdf5b3410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\76571d3a-de4a-42d7-ae09-6c47cb842153\index-dir\the-real-index

MD5 38985b7d530a70ab1788707593d42c3a
SHA1 fb946e519bbfa37f01aedffe73369c542c81bb94
SHA256 e2f6850bcb4b8b434b0e91b5a7372359843375d75ce07b518c711ba39e221bb3
SHA512 a46a6205ae207dd27a0ee0bc89af0b246228182582c0318b07e1e9bfb5bbeb261342764968c8a71a1a174f19f925f0e0371b31f82bdd39d4ad183d4c9d44cd52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\76571d3a-de4a-42d7-ae09-6c47cb842153\index-dir\the-real-index~RFe580059.TMP

MD5 3de6b268d5efb2afcb00d8ca24dfdd4d
SHA1 346fb0ee004dcd4b6525ae2c19daa1e67da653e6
SHA256 9bc69c0d3935795b54ec3ff974d75e7234d0c4f1a4b2b45c804cd0ab16f12436
SHA512 ae1cbfa73c59ef5bfa74dbd9606fafbebe825b33c13e9c951539c294631af1735d8242c334d8e20c1a3a483730c5d9d678a25a2df60aeb85546339489e1b9c6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aa5104a194b7cb2bfca1391dfa8c7fdc
SHA1 8081ee603c93abb6e42d07ede8999c9f40de918b
SHA256 1ab56f7e8fde062f610fd5d5cbea31d7def78366eebf71b4ed6ac1da05c1a59a
SHA512 4495ca7d3883d46c0265754c60c1c87bffbef1db6b97351abc751d6bc287c15532b351994dd95e8d5d533d42ff117e97c9d05a00194bc835906bc70bedcff7cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d8a73e96eda76cd4800144f70555a7c
SHA1 eaf12477cad82723c0effcb5c900589365a7574c
SHA256 61f96000f159c72769d45d9c3c87cdc0029c812f08e60c436a7f5175f60bebd3
SHA512 bd575b022af7c8d64e0717667f58492b7fb8432fc15e83e0a8e41740efb551f0728f86ad40c4b99e8c0a1640da306680a4650d4a1ae45d4e7ac1223ee39c5727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e776d70f86fee20968441e08850b39f4
SHA1 0fed02fcb16d1e1fa949f9d3ea0567dda7327053
SHA256 83f06d38b9c10fcc9ac1e43624acf201d5e5795b07f592a9a2417440928105f0
SHA512 3609768280b49d8a9bee2bb815ebb504758936f6214a51686e33691434a538f2f760e3d64c603eaaf9388145aec5e2d55cf26ea979911692c5671575bde2afd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580bc3.TMP

MD5 63fa02225bf4f625692d826e955bc916
SHA1 2fdfb302e141484b2abbcb1a305ada2b68944de8
SHA256 e292ae8c3a19c3b2fcc43efd86568e6dff3c308abe77fa52d2879231d114f732
SHA512 50396e0758917acb4ba3788e90e7dbcd43fe10da332b045bb4764d62330d667a35381a25cbaac13c0a36beb768569603947a897d2850925b6fdcd54f94479bf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e40d8136ceffe6d186dcce2f0c831bb2
SHA1 8b105f9455b9aa14d36399c3dc7b22096c671b25
SHA256 d9e1f4665a817cc8173961d2d71671e9c92bf2c20013e35780d85d1d7e26c7da
SHA512 a98f58dc9bf3e76de9e681459271ce37019d76f0cc2b7ad095f0f817c38b812e86e517eb838815b767f1db228f31460ca5153b14386549d436f2bb12fad4200a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8042c296662ab026e5e35ae10e22887c
SHA1 8b631030da24cf78d33bd6c9abfcca4afc9b245e
SHA256 fee7429870d57057358279f6a2c9b1f04765334445aacf19c210f101faebee20
SHA512 7d390e71bd0ae9afa4814ca3ab565af16bffa4c2ad52a7af4273559add876d7e792b33ac9fb39a0ae280f42c8fe74277d09890abc5b27bd2b4d59a482ddfeab7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 3ba7e6919bc260bb6ab523197f2be3e1
SHA1 ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA256 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA512 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 3b2df667a176193cba046f74787e731d
SHA1 0525109b7a249a66df8c8eb7d24b49852cd076cc
SHA256 f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e
SHA512 f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2e00065b8b307f87b6e49167ad270158
SHA1 b8b8d77022447d45ac28e38aabf0d1fff4b77c6b
SHA256 e61aa1eb5646b997314f9c971f956760fabd3210afccbbc535de8407ec399a39
SHA512 ad8b27c042cc6f331f20c2ccdd855b7dba116f0146090eac8d4d868e3a05095c87e0b60ab47bf26cd695e7bddf4c7ea4050d1acb98a215f4e059158337e5e021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 976012aa07869a72c43d5d67f2fa3430
SHA1 f3e36dcd73eed7e01b8bbca70c6154f5df0dd1e1
SHA256 e05a8d189dd619515f73925b67a0d026c1fa59e6ee450feda55da5c872b0ae91
SHA512 f7ff7137543d6f58d31b2f16a20807c04eb01a69f8d0782728e9305fa0fd9cdbcccd0cb258b1157b06ec5ebf8bed79766da41d35a8f0177735136d6bfd3db7bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 aaba5e872ba07d60f556b78df854279e
SHA1 93d1494959f4027195f527db143e5aa89d60925b
SHA256 0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512 fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 bbac7bb99faedea9a0cb17dfcad195af
SHA1 409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256 b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512 727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a0eeb9cf7834cee94f27bfead4899445
SHA1 b81932d13dc942284cbfe047d52233a5e5014442
SHA256 2b8ee6e71f7033c89d2e82bdbbb0515266e94055e9efc2009dfbe4b8fc140b3d
SHA512 e8e52b5d1902f8dd4cab1690209cbaa457f9156841201db8a8ccce6643c9e38f1688cfbfb42331be73fc929436c10cfdbd5c414c176c33c167c2b035360855d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c731297edce6a0f6700222e0137887a
SHA1 502b7cde286f8ef3ebe8aeab6cd0f04901299cf5
SHA256 9687ce3f7b19ce73032719ac1718e62b1f8b68328d01647904b2bf270fce8f95
SHA512 7c0b1e22d914232a87b4a5e90fbb0f59e92967b5c95b83d6ad1f87d8facca2e6bae6762d3ad66d5a950967a47da8e3fca79fca251dc2727b3b3673398130dd70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 e337014ceba65092b027bdeddc48b00b
SHA1 98ad97b8adbb411d6d4623fab506924aa6772304
SHA256 c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA512 24dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b98289b9ed2b396ae6ac370255f24354
SHA1 c111ca7790c98af785c62e941961c256fdceeb44
SHA256 06ea2be6d35b07e7afb07c3e47d2785cf3993cca62612568753580d8202645de
SHA512 6e562ac3e9d43c2b7299974d0088cbe4e7303b12a6dc4bb3ef033946f18a9197641e1f755063340eecb36b44a2bb3718e81a6a2177dac4ee43c4d70d0a9ad332

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bcfb32aaed15e5f21f423d7e3e044224
SHA1 6e28251b2626394feaff54e1053a1c636d9d541e
SHA256 3d20d208775706d4cb31222a376939fc626222947e0828945b167ddf4c066f26
SHA512 fbbdb5afbe8210de5e504991e3a9d6e3a0781f5db7c8abe5c0f6495dd73809aed6072122ea976427be7765f4c04b568fc7ae295efa3823f1cff40952a6a78025

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 85e0f729fd622acff0c5f365d0d2f2a2
SHA1 b6a098a03e316a5f799af1bdbb1aa954a4ba3307
SHA256 8c20c904036b425dd4d9d84224a13d551ab31c13f4d2d8e17c15a72074a87322
SHA512 c5b3a3527cf773290869e6ff33d62c8aae7528d3b3cb86d63ebc280b495deb160fe699adc9b69adb3c455ceb3a146dabf2e51e64de61acba101d8cb4b4106e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 20932404e1814f93a3c273ddac68ee7f
SHA1 9f9d286bc65480ac7c925121e0eb0867b108801f
SHA256 8ff04c3a0db47c682c583a2c6d5c2845ee7a7467f00fc8e493d9e5769e5017c8
SHA512 75f9f6927f5b646f16fd5b5dfc2e565eb35f47634a4c472240f29a6c3e638365772143614a4db006394b2bd1ad4d6ef7a9daa16974d85d9298484ae106611f75