Malware Analysis Report

2024-11-16 15:51

Sample ID 240206-sbe62abddn
Target afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c
SHA256 afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c

Threat Level: Known bad

The file afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Modifies registry class

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 14:56

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 14:56

Reported

2024-02-06 14:59

Platform

win7-20231215-en

Max time kernel

34s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1061d3ce0c59da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000083696a60c561141ddca268608311c538e33df461a9fb47267d5038988e276af9000000000e8000000002000020000000859892406d0781328804b94129d2f5baa5fd9be76ddace0eb048348014db417720000000ceae50c992344901148062126281b9c008ad09b882b2507696e497d3b555ee5e40000000207391bec2f60624259d900d421be32855c3e6c2c98801d04f31307fc858480ae40ee49761a4fad4cc2451984cebb661cf160749df3fa04dbe6bf2cf08e80f03 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000c677d59b16e7a81f450108c6c8069071d04509e90f99001f4a4cd62939b8ab23000000000e8000000002000020000000997ad6afe9e6bf64effc891065ddb2371d6d95573b0b5c7bd62e355575afc9f290000000042e4d2f0577b4e329b0b73196021d6e4f1776055acd0e4d0ec8bf511894753aa5f6e4bb524bd182114c850685362604d044cd45372affdb986c8bd3612ae98e326be1e382b1555942d7931dc2a61089c49c20bd917ebe4913dd9b79b144d3fda11eb3b59004ef4a807d06a2d7a6a6c087694b1d9578630d60fe8d65fc053bc006b4d4eb9354f95cf8fa98128fc5f85540000000d369a8cc5bd25b1cf71b36bef4c64275d5151d96dbc16ab660cc98521c7c2db371e31f88c0817da7c8c0253f2d4bf50c4e9e10bba7608898c322602fe92b7faf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2956 wrote to memory of 2720 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2720 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2720 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2956 wrote to memory of 2720 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1920 wrote to memory of 2820 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1920 wrote to memory of 2820 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1920 wrote to memory of 2820 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1920 wrote to memory of 2820 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3028 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2188 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2188 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2188 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1996 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1996 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1996 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 980 wrote to memory of 1316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 112 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 112 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 112 wrote to memory of 2944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1996 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1996 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1996 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6999758,0x7fef6999768,0x7fef6999778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6999758,0x7fef6999768,0x7fef6999778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6999758,0x7fef6999768,0x7fef6999778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.0.119918528\231089044" -parentBuildID 20221007134813 -prefsHandle 1188 -prefMapHandle 1180 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77535bb0-c21a-41f7-bd01-4e5629a39107} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 1316 100d3858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.1.1706942049\2101477601" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0638590-0edd-43ae-9a71-3f847aad92cc} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 1532 e6f858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.2.1738052408\1255936235" -childID 1 -isForBrowser -prefsHandle 2372 -prefMapHandle 2344 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1ce3349-ce76-4c8d-ad26-b7a4ac6236a2} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 2384 18d9ac58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1232,i,9779389321931292551,2558361041879037700,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1232,i,9802012817364847686,11516639524143913059,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1232,i,9802012817364847686,11516639524143913059,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1232,i,9779389321931292551,2558361041879037700,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.3.982154128\1371831154" -childID 2 -isForBrowser -prefsHandle 2772 -prefMapHandle 2768 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35c0037e-6894-47b0-a80a-dbdd3348346a} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 2784 e60d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2284 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2304 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.5.621436470\2021495730" -childID 4 -isForBrowser -prefsHandle 3880 -prefMapHandle 3884 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b742a9f-9a28-4462-8682-fd2d4c988274} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 3868 1e97c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.6.1695149171\641440252" -childID 5 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb9a732a-45ca-4f09-8a1a-d35ef3fa1a47} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4032 1e97e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.4.718915626\930164620" -childID 3 -isForBrowser -prefsHandle 3360 -prefMapHandle 3720 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0915791f-4c70-4371-93da-eda55047d362} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 3744 1e97b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.7.1837389978\483246220" -childID 6 -isForBrowser -prefsHandle 3760 -prefMapHandle 4256 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7d50aa1-de8e-48cb-9d1d-037ce4ac94f6} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4232 2031ba58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3496 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.9.1039767219\1023800091" -childID 8 -isForBrowser -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d019dc-be42-46cd-baa3-41c12e855f14} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4580 1e838258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.8.265780521\1722208402" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4464 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d657388-50db-4e4e-bd98-60a618f8f2a4} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4480 18ba7c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.10.2049843160\969920231" -parentBuildID 20221007134813 -prefsHandle 4464 -prefMapHandle 4508 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecdef844-a046-4b2b-ab47-28b0e4526cbc} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4624 1bbdee58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.11.1109791893\1170411440" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4904 -prefMapHandle 4896 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a08b8029-a168-41f5-b609-d67e2f812ded} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4916 1e953c58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.12.862791527\1928678875" -childID 9 -isForBrowser -prefsHandle 5080 -prefMapHandle 1972 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6aa5ae9-11da-4537-bcc4-e048eddce92b} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 5112 1ee05f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4360 --field-trial-handle=1240,i,15195581237178336627,17342589649162964194,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.195.35:443 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
N/A 127.0.0.1:50132 tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
N/A 127.0.0.1:50140 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.195.35:443 www.facebook.com tcp

Files

memory/1996-0-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8C05191-C4FF-11EE-99E5-4A7F2EE8F0A9}.dat

MD5 b97e36cbb93cc61a1102529fb6086dc7
SHA1 accd3b7bcd4063ca608433cd1eacc6b52b8c01f0
SHA256 a455c0d2d90321b48bfdb853adc26889f48694f1710e10c10d75192ce73ba901
SHA512 74e1992965473d0a9de475e32851835c41231b56f57e0f87d4cb5a818a1bde5ab41d1430e17b97383e4b200955f38d0b222c977ca5f729b8bbcc5685f427e67a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8C078A1-C4FF-11EE-99E5-4A7F2EE8F0A9}.dat

MD5 4cfc698fe42f8270a5d883690fd85058
SHA1 ce3803b3f1df727f57c2a98c1cfa3a33b34e4989
SHA256 583138c610d01b900f49a2b4f493cba27eafdbb108207d58bc3d8219a32edf13
SHA512 583c600adbac4bccf85a1778783fa4a40e7598262e19faa294e022b5257a53689f478c72d07a6e0435023a2f0f9eb47f47149351e657f27fda1517b529dbe138

C:\Users\Admin\AppData\Local\Temp\Cab5467.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar5575.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e55ca4bd01d192bb73750fb6e702b60c
SHA1 ac715419b21b16095082dc9aa3761a539ecc7aa5
SHA256 8ae0b04a114a95725953c7fee1d9bb90628a9e90755f330cfa2092a5cb0c340c
SHA512 7dd3be6048b2c6fd0f7d210e0b024c5b503971f0c953d0eb8cb428ed17fcaa1378926b509265ea92a006a2c9d28a1290746a9a4b4270a17d207cff4dfeb2edd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45441e2703bd716af8a3be1d86817368
SHA1 c9680df90c6a60c021fbc5290f8a4f962d43dbd0
SHA256 eaff208540fa53ce10dbb68a6d9ed87ea6153defbaa9fc7f385de2e17b373495
SHA512 f8a2eb97033541687250b0c89531b00ab742ae731db5889e8f36ea06a694784785471fbf4e49962e4c63793155ff3bdbff9d8691c0caa2d7fa6190b8f350bb01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ccff542b45eae0c3860ffeffdb0a22f1
SHA1 05d5a37a084cf1e64835cf6a78134f38095ef0a5
SHA256 7e20035b5cc4c48590b9b030dc5403e9942398a00bb6040a1651796a20236344
SHA512 f1b8dd11577ea7355fe810114556c262a2da854398a67912e8baf90cb82e1077c4d884a4beaf2be8b1c6d462298e4fdf848c3db00bf5a2e073ff156db10df604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9fdabf0fb43b26c8182a8dd4ef398a99
SHA1 f6ad32dc9f78fe5a087e478e604bcc6f1e3dcc27
SHA256 0b39d5ac7881dbae7179bcd6f6f9b30c37090189921cf2e71261d8355a6b8d15
SHA512 ccc948b5cd5cc8b23bec33ba00a62234fcf6ce536320757f76ac4c50bb080b78571b9f091531ee318a84e3b6339d876f7c19499b0f6dad8b9274d8495d02e46a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2d90c9447ecefc7219b96e75a81ebb6d
SHA1 92d36aad88d390d6ea2da0debf009d9f167db1c6
SHA256 c8983a6df3565c082b5e18c7120bf86dd207dd8bafa31e27bccb528d951018de
SHA512 5add94d7e47f777bfcc71271576cdef10d85fa5103ef3e7e9d91f0a7642c039de8dbeaae052ace81ebc69fa2f8dcdfb1fd41b0f6aea714c5c01f28a3e15d9d12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c0c1bea349195a758b833817a7598d93
SHA1 23e01020986f27fba7724186a6184a3c1379eaa0
SHA256 7c64f6b44da793da20138de6b335e46ea3b10e6f13e147ee1549011c45767b2a
SHA512 6c681d321841ecab50b9b8c467c0bfbadcff7148ab14f8a417fecb531855bef6d37e96c7de8c40413ac6195e7c607addf71c85684ccb26419ec5deddbea54bbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 428ee056627b7d19a9c4ffe209a58271
SHA1 1ab904ca5fa089efb97f696949a8df98e387434f
SHA256 f616a5be9b2634423838fc0357813ffdccdd978c03244679a7fd5ba344db58b9
SHA512 3b9f74490f5abb2143def289f265fce9b064dc5941e031f093bc78205c85f38f1961d5aeb35ab756a1918b3dd5db5ffbd75ed2d21e2b378498aaa0924ee4049b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c84dcce26068b2350d8d952810434bc
SHA1 1e00ac92be46c232426caf4fe4409f5768b4d599
SHA256 0032a9c4ceee6d183793e8f0421952e479646d13f8446fbbc4b275017d1a60e5
SHA512 f477d119ede3702986032c8592e9f6ae214e6220cd2b8db79da625e083b96047cec653d94a0961bfd7e26f3c7bb7d46e94f160651c7420b93f6782adaf598d79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2187922ca34962bddedcca393f2ec55b
SHA1 1c51e71b48e60a17216379514ba24c84884ee1be
SHA256 2f456553154d45f29c6fb975a5af9f5e552ba6730c8c65dc6242f271ed00a558
SHA512 df857695a9a9a0f2ef035a6e2752a7932c5e5eaf21abdf4d13fce67ae37de520f7e17f43dc59085c82944bb1ac9a9a71e95d8fe624d9b0410bd72c856a7fc388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 c573ccced3b9c5134fbfd2cb43456c7c
SHA1 0b9a82da8ef92bc7c5c094a888a18dc09fdfcaac
SHA256 f54e0285c21260a0fdeb1230f98127470b91722d381fc7f007b4f1bd3cea569e
SHA512 bac8d622554c96e45d17e7ac7e88e8f1157b2366f55156ac8fb43c0bac1cbf7e729250facdf6ac03662faa967a4fb8ccefebaa7eb33f4b86788d31003838465e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 85aba89c53bb7c2a4f540128473bc3b1
SHA1 493feea8df0a909b5b0e0cdc04c86b193fc76f27
SHA256 98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1
SHA512 08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 1c63b1d156963bf9d5b5648f13aa74a3
SHA1 efaebdc45cc1acddaaf5f1f277195d0557004f00
SHA256 1e053d35143eb97330b8c7c71272992bf8b83732bb2cfb6c2338b82bfce6fab7
SHA512 3768240a5639b9aa070e6e893cbc1adc9f6c3d46befc8921a413f071bfbd1e74e48bd81bbc98a176fcb3b0bb7de1b7a8092e10d28c311015f4ae8fa962a0d859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 45bf00112d83b6e80c8bd89461b84d79
SHA1 6d1d7ab266879678a94dd15cdf4e3a5c32a31a93
SHA256 1be08b2db8d7cba628060b164005534510c29749ba4fd5dab9eb24989aa6fd60
SHA512 6dab3e2412c65a2b2b77525e2c541081a2d1c9a5dd9f439ba6ee5506f56ced107d4516b46222896faea3a721954d0bdd32d7b495bbd03f112e289a193f502f8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOO61SKS\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 3f1d435706e655ae8468c5c2af168c9a
SHA1 0aa17834a68aab957fa4e8c75a90ba98f2de64ba
SHA256 531f411d04f865001bdc391439038473e358a4fa90c3cb1dd6e8008484cdb356
SHA512 a60e13c69724d7c71a5e0b5afeccb2c19519e39774d4139e61d1d9f55847ec75523eda013697cd88e3c827605ccc4338576f1353d12b44477b7851e9cc51caac

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DQFYNXK2.txt

MD5 5c82b857ae4774fc9bdfc2a1ace9b8c6
SHA1 fcea20676b5d8dada7442eda5baf9acedf366cdb
SHA256 f66d32e370aceae8b2cebe49b5f5351212318585dd097887f33141b1ba0d6fb1
SHA512 bc808f93ee6eb1b9c90515e0bbeb0bc0401527b9d1f416144711d83d87634b4328a2ebfd1586cbb57913e33902cd041e46b5160f40fa169fd924dca53d1aa536

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSNXCBKV\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 15b28dfda94407ea91f2583ce36a567d
SHA1 a53d5b67a25b8b38206b74b02c86bb0bfd84ff92
SHA256 b6d3499a33332a1b83dfa6a85de410031979431bbefc2261bb4a6b05220e423a
SHA512 aeaac1527872b48f7da15bfc88e5bb7c395d05e9b9d7c71f71c18db9c052e4b128bffb0b2dd040885080c05ab862c76c28937e9722778f93bbbf2353d1d1a814

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 7d10d6a2d05142b2f7de42728ab93a9d
SHA1 dd26f063d2bf4688cd996ea46ec9c79f9702483a
SHA256 a06c2f6ee0ae9af14551ac19e95835bf20b775d835b558529eb5979d474f0919
SHA512 74738a2f5fea62431113b09022d031000ee1ee3fd15d0c02dcce313c1f67d7c9176d13a715653d1fd23ed10c8c8fbdeccfe09bdd17511e3f92e218ba151e9139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 2442d33ec8c3c94c313920824089fbe3
SHA1 c1918346913d0bd399667dceee73254d124a460c
SHA256 14df2971a97bd6617847940cdc43a1358b73efba252d9a73d5cb0ddcd528600c
SHA512 082e6f62edb8f8060b9a7f81650d0d2cd835c759f1edaa139f0abd1c6bb5dfa5e2071172611f465081376baea4c86a549ac52a7c3193ff200b6f2ad6ee308e3d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat

MD5 9900ea5630fe2136565bb64e1760e012
SHA1 be6953e9c471cd8d088cf4cb288532556d084341
SHA256 790f3df61b8f3539cad0f90147b1420db3b7a292826d13be0b10213393299a1a
SHA512 79415125b62d96a6791549f533aad9da2a3e3b4e1205457b567fa95b4ebfcbcb1fc10c4053c49e7402a6b815ad437862081436dfb7a4d50be556e197c89b4dd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18e5c400cce6e22f79a1250ee8267704
SHA1 c5220c848e053ec36e1fecaa28fb162a7267894a
SHA256 e07b68d38eccdc2a8ba654e9f7e3c4beac1038cdd88435f7350fd6a46cdcfdc4
SHA512 ab65df379a254d2b316950989d014910f436cd8430f999ebd5e2ba8712b82c3b86d27cf11cc118b5fce0b76470cc760dbf118205a8f2687993da6f2dcd1df04b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9be9902a703a6aff88220a0924b86cd3
SHA1 132841963cf8458e62b7c95bb0eb64142a8cc88c
SHA256 8e75b857d81acc65b3974cf7dae76350dd5ec0911c16fc79fc6c3addbe4d36d5
SHA512 c7dd9ac8b670880473b1f01a79e93e104b143c9fd35e467f8d7917f3639dcf8dc2f95cb90d9b4fdc6a0d87742b43721a1786f9b5fe961a03301db12072d6f330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dee870b3e56625f1cbc64f94961688c
SHA1 b2b344e399fdb289934c084bc75a37372a56dd1b
SHA256 18544969ae9525a196599160541352ab53603cc2a6971e56680b7eb16237d027
SHA512 8f55cbd751a3ff4f7c582a953c61d2b7186e63611c84f955cd31c56c00528ed474c19d6f9475e4be7ca2f96681e94b12685c84cb48a5574330b47d4ba640d720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3467f5483bbb377ecb39bc2cac6c2e6
SHA1 12cf34e1e0e58825ffb4316a74f63f03a8c62206
SHA256 806efa4c42dbe3d393303cc129363e95c7a8ff2216ef820417b5b99166c37666
SHA512 4b41a28def949cd5039b7b206efcc3b37c438013e21848cc105cd0e3f13f30290624777d215ce71e607829e8fe60dfee561a9cd077acd00c84bed5055e88fc03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da0f4e935886cc66459055e91720c779
SHA1 3fdf7c362abc70b35aed506507f0dd0584104700
SHA256 0b66abe53e80a494dbe94d6ff91071756504184d2bcb02dd5a2f2ddd7ffccfd3
SHA512 2e370b545dcd0af1c6725e13857f990f96d7f56dd43069631401058508d0d3dcec429568f85d5cf08fef167fd04fb2a3e4d4c01929628abf2722d8d875e1fe0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18af16d818f07f2405b6ed3be29f1862
SHA1 30d4207fc791afe0ec07f90290c290fe20d8cb26
SHA256 f62e3a71d5e7b4c46da1b511293b78f1a8bd38fe5bd3270e902c0cfb21dc7550
SHA512 d75390320c710a68323b29dbe571086284e763116e7c2fc0ff0a04ec6df681e0ac5233466f8be21846743934f6e484935cebcd598a28e91c79182739c0faaf83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb845a070f18cd8c2c29814e6834c81c
SHA1 f5a66189f62aa3efd59e22e82e837399250d32a1
SHA256 624d17449d2c7d59accfa97930218d92eeccc59b4025745e4a7125cf1bb24c7e
SHA512 161eb1596c3eca924e0a0bfba946d186c89ae5d7b6cb9de42fc03eef3e30d83f29e69d4b07f0a4299548e80a36684821cc52a730aacd5cd8397bd2bc11a57592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bc3d79340881b7c4a4fbcde38e50912
SHA1 7381c67eec0250122cf49f5162bb9c3c5e3d97fb
SHA256 3e3f60cab31fdd906d49e2c48e038775a17e2a8ed2999a1694fa00f218e2d176
SHA512 3a4810cbaf4115893bd41a69bc0c3add503594c6cb6fcab6df9d41303f642c7978c5c1f16ec504a86e75ace055c193b04b7fdce31705e5c73df0264a63865be0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b43c6bbbce913ee453de084b29ab61b4
SHA1 c779d963079803c6e6c014345d49820c74c0b7fe
SHA256 72c5bd64e443925db68c0ace0ab568c17e6069ae499aad3eea7df8178d295969
SHA512 785700240e69a5bc70e8a3311ffda3aa4642cecaf50f533728ec18689815e0deb086c21bb1e794574a91282d8dd0cc8b6cd1503bcdf3482ae332aa9b31c32823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 471154b6d9a5861c97526209fa332b32
SHA1 73d305cef1c2ad64a4ed975c88baba937a59c9ad
SHA256 eb7bbcb2a7e826758f46ad80f185ad924b01af2f30d26557b86733d18100c29a
SHA512 25f3ee753ebe08ca1ab5d6e67e26d2e6f9796d0b7f923bfa16035124fe07b50d2dab283dcc792c710cda671c43b3aa4f90c4526109c4736192b79d151b17784d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2a3fd9e08bc557283a1797d92280187
SHA1 196abd380b92169a86cdd3084d8e4963035c9c08
SHA256 8e8422b94c53af565fecfbabaf638e8141ca9d121e24e55920d8792f088e9dde
SHA512 4729ac7cc652368e4d5d5c0170ce222836ffad2b41a66327233b18e25d6274e04c47f7508d919f8157a25935a40d07407170e2aa8d8295094d9b367fd531e76f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf7ecc0758ee42e01bb558b136b73ff7
SHA1 ff7c6fb40a8d618b144531a19f8d9c864080767a
SHA256 a4678559aa64d64a12d26115805dd922dfa18faf6725f74771ef118513fecd8c
SHA512 67b1f4243260892c8813926425a1719952ba1e617cca15883d283e16a68f8fab371bec622eec401f49b72f48f4641396dd62d695dd43a14a09b41b654219ca16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 da34f4b069d4208e643bbe5904660ba7
SHA1 8fef8e21cdbd32ee130cdd5d2369f4eff1f468d0
SHA256 24271c2602a6fd012c611bab3119efc1032a4e94ff2aac598b5ad5c5db7fd38d
SHA512 3273ffd4377adc31ac025981816295253238986f6fb178b5096692bfc5feea3ac2f81bfec3a18610f108cf8bca1c465a9fd685285dfb9d3df08aa07a06446aee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2188_ADZBTAQVWUBNEIXH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e32fbbcf-f586-475e-9bfe-c2a395d2a069.tmp

MD5 8b7ef162c1f0d21fdb9e8781dd067e62
SHA1 2306918f45b4e3e17774dc4a553fe9e232919f7b
SHA256 3f9156d01f43db573d2ded697b4812257060c056083e8f16591b33828900349d
SHA512 1d5a2ab3092217b1f8cf783056323d5d4b39bc2be9d0784cd157d877c2b9f1a65feec565f36b380b2997715fbc69e5fb163b36d62c016b286a1426695e86cb11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0a4b4b2e-7b02-49a4-8786-2169229a6dd3.tmp

MD5 1bc3a70e5d05b1f577f6edf20d79e0d8
SHA1 3db62eabcf1d9e29e524e8174914c8d369254385
SHA256 9b990a77fd46c0beaf78e13048470f78740e208eb1b2b15d630d306c85a36b11
SHA512 e235cbf34a89395dfcb2de894e4668995c92cdae8a4e9892224620c0f40a6bfb016b613b3899bf29c0a0f4d356f03e3f6c7a842ff40f5dbc4d873200149817e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\datareporting\glean\pending_pings\dff071e4-c3a5-4878-b13b-beab03b61d3d

MD5 8bdc22ca0a58e35cb1a4d706c9e26589
SHA1 7403bd3f0c68caa0cbfd76d8e1f88c57f255af5e
SHA256 51abaaff291c56343c40866381b7c5ef8536301339a6cb6f84082b1d23cde17d
SHA512 fde5ecc242db60e00a2c8cbc3140caea481b114ffcf3dc463e7e61691fc62abb7688a46b2d57463d2f04cfa7f63ceb87a5afe146a8057644a46044ee951c6ea0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\datareporting\glean\pending_pings\836b4c06-8371-4901-8782-d97dc27a6278

MD5 4b7c038ab14208721b193d8309187ab9
SHA1 2871090814c66d9393285690c887ebe911656e25
SHA256 482a016efd47e465d57d6b90489488a9cf88f7b7ecc32e9c7a8bbdcc0d99399f
SHA512 0049e2604bc4c7b50287840891a93a85d333155d8854d9ddde840ae56b58a3d474acb042e0736bdb768c913075cd755a5d50832ce203e71eaa4e16e18c590eca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\datareporting\glean\db\data.safe.bin

MD5 c68ed8c0f30aab0c2c6d0a4e317e2bfa
SHA1 5f6da6881edd7ea46126ecb7288cd9095e8b689b
SHA256 d990d0ae6ae86554ca8bf29ea2ebc6007fd1a21a353a80db2c3998beb33571a8
SHA512 8717dfa08f3a925bb47c4696ee91285b14101d0d2e92a108755ecd55ef9c4a201d49661b23944a9ad253fd9b89759739e9470f137bba18c4d6d2734200813c45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6bc11c760679a04a8e63abee3e09ff8e
SHA1 2455f1176b7167374f98daac4d08a2d4995f1c66
SHA256 baf1a6ef580161c4df2bfa5d7b5709270d0a00c387596326eb990ca6a5dbd2dc
SHA512 c0ece5ed32a1870762ba81d66e618c54b1ecff53f1196756de9b11e3d536f77c6e05c8240a7ab25aba23be08034f287fdc7cdead1e4d7b2145fb8c942e5423be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs.js

MD5 549c9eb529f156afa2f6721262d52ecd
SHA1 7e9cfb93aebf18d7e1f5f6ee616a7c9869839045
SHA256 c482ff6a0a340215ff4b5bb5c8b41b0e025944e8fd5e6c2dd0fa68e1b58f9303
SHA512 d517857d0d0733288bb1116b7beb5169c8d64d447dbdf70b0cc7fcff0a9006fb8b981cf9bb62d18795b30138f26514e190169805c53d35a38ede666bf94e5b3f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs-1.js

MD5 1e50e52eb9c887962e2c2e0a50427ca1
SHA1 fc6f4b346ec26792133a87c9d3dd08f2157c84f5
SHA256 bb021501e5ff60921f469e2d733be3add0f6e03e8fda899ba50a025370bb2b78
SHA512 690fb39ca06abed8164fcdb30f470c10a33b40cefe7582574432e22e2889e120667329ed4b4308b1880bd7635ee5eb80ce40edd5de82eb2b063edbd706051c5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 02db6eb61117ae5083669f5c2161fd26
SHA1 00dcb731a70ffaed93d991022d538ed1d3bc1c4b
SHA256 ab3bde773ff2a6f64cabbafd013d2d3f32eac718f2b487572654dda7f7af4e7d
SHA512 97fd82b3332d26b9999b25b05b25de61630d951ca29bc91f8f289c23fab24aa1f3a05ca3541ca64dad2f43b86c4f3109e2c6849c749fcefa3b66b4f0b5786f76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 78a7bf137f312074aa8a9a613f627f52
SHA1 7a3c4afeeae80183983f01fd64c1ed988b7aa2c5
SHA256 868bb91532d15e2ce919cead0c1a29cc18a62d54d114b61ae58fa269fb512853
SHA512 9025412efb48c72520ce5e30371d8ee699267ca336690a175333d4ee131605a3689e7a84cb623a251ef8bbc7ede5da8c1375de35bf7e7170c7a39e400a46e033

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76cb3b.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 de96b0c72e0ad01f34fbe2e3ecd40065
SHA1 0cc8422351b0bbf5c2104ba03aad0bcf63e65f50
SHA256 56b7539be33c89c92dca62717e3a7e133013acb0f0cf56012824bb03c8e700fe
SHA512 4ffb4a2b2f9e40b94d0ee1c908ee40dac99aa3bf4d70bcf669c6a734d2d8eba70e2509d90c3fe1a22cdf068de83f75722be847ab23da1d21b09c774fcbf12702

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\90\{85920e7b-582b-4dc6-8dea-372f9458075a}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\idb\1636518998yCt7-%iCt7-%r9ebsap0o.sqlite

MD5 9d58cc2955913887983ce59177a967ca
SHA1 53e5e2f1dad1b3e0741ff480b8a62926d53a3bb0
SHA256 b4ebcb3507f1ad8c7de65f8108332edd710d09cc2d1a466731b6b297bb5d18f9
SHA512 1883060cbc764213c53c247a2b5545e95baac986a9076a958f2de58f1a24fd730e2015a40eba0abedd9badd3e7051ce1906c437af07d83139173cc9e0569ce57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a7adcf3d17195ff78cae833cf4a30903
SHA1 9e2cfcd351caac8c8dc8a96c3bf9d759f81c4820
SHA256 b9f4f19d9490aad05d7a3caa350cd3f144328b571b090759ef3795607d1dd914
SHA512 151f9011461690ff9480464ce01f323f52c2531c5d1da4a4e6b19b17372e219fce7dce609e61d47bd195bc0a31dbbb0a7db51be75d68571a41589dc3940cb818

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc8ca20e86ef8a2894e2a17b0430cb44
SHA1 bca026ba622368393ed58538f9876cb88abf6e98
SHA256 b67a1d65c40eba313e9f5fbfe48964db9af615ea712c249426d99c9cf6b18d08
SHA512 664fbaaaf72cf1482ffb98f3158af0754f198e6f375dfb31f197a2755a1dc0da9c4fa9629a9adc62957bcee36105e9f82cb626e2d006c3148ade9c41a9c5b587

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\94\{88f32454-503d-47b8-b261-ea6e663ab75e}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\132\{1c958510-47b9-4174-9536-7343b8f8ec84}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\default\https+++www.youtube.com\cache\morgue\246\{f901f53a-0191-4382-8a3a-6409fc5f70f6}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs.js

MD5 615ba14ecbd148674bd30c95795b42cf
SHA1 d291e7a3e258c6a24305a6095ad5e9710af6a0ab
SHA256 9fcac125ef8be2adaffcdd0a1cee5f593db9a27a842422ce4e0fe4497e216475
SHA512 d915d58cefdc41bb204e9ccfbb4733c2987a44605da2900dda0df8186df5ab342dbd81fa2dbdd728b18862430cfa971c887e9c941a61ee2780d295e6d53be6f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2be12fb14b42a6491471a033afa70d40
SHA1 530d4ff1bc6d1baa09597dfe1f5d862674ef741a
SHA256 2ee26f26c60a1d6bf67b43b9d66d1c5844f5774c997bc26415d2ce746b91ad10
SHA512 b9e43659c3c613cd0a4fdc099da2a1b27e2d0b842bba4d4549fc54dfc863f7a1be5c34726676851f1b7584487c43458d8d77479917f51b473825b0031cb32dea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 db665be519d1ba7a7978461b7c12e6b7
SHA1 c42986ebdd2546898af691eed6aa42e08ad1fdda
SHA256 2713f6e480bd6ab4a13cc800ae629e8d42ad3d88a76d8480d8ae77fbed91d2b8
SHA512 8fe9d76ab4a66c22099877ac1f2e9c3bd5dabe622323b2a4e5c84b1ebcbf3a390962a2f8fdca51a8fa1033222a46a113c93d8607744712e9bba618654ed84c69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 842d816e8b7e0ede5d0e3a154b544f7a
SHA1 56f5d676f082f2f36aeebdbbc66c6eb6d4aa706a
SHA256 ba06c7b46a0ec0babd03a4e3f2efd1b905b9efceddcd678cf7eee56bdde018a0
SHA512 df5e919848f107d1fd2cc68cba76f031bc948f09e58c7ba65635a820856b9002b2ae5af8a453e7304deea402c7c3883d1f4f0ab36f081dc1b7152f4da63fcc9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d42df4206b1f3943af8879673e6a2301
SHA1 72a82ab3c8c1f0aa04f040bbe61823c3a08fc01a
SHA256 11d0b3541c232243dc81d457ccbf4ad1c9b082ddb46f3cb6cbf7b055e2247d75
SHA512 1fe286bd475752c5bf8cd4eab8a01ecf7401fded0bc9b48bcd1680a3ddd25b624f89a93437490408bf871ec9517c6515bd17cf7d51b1098f3ee84067485a1c4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4ecde7b0d21e05f74cc5c33d37e288b4
SHA1 1490a0f9328fc25db834e22c08918ab4ec645780
SHA256 df2172684069322010b7725feea000fc64f3ef940f513600b7352249884463d8
SHA512 088d891cc9087ad9e7b1b574a1e1d97c6642c057a92fb2252b6712581c5cf1bb92df959c79a96431f8d782bfc9a399cf1b5501b640ee72d8779a1793acc503d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 030bdca22b68821fee983d7b007f047e
SHA1 e65998bfc52fa0870d7c0de5463e8691a202615b
SHA256 4def24394b0358b8a8392a72e78778a0d6c0d2c932d48661d63626a8c20d3cca
SHA512 7f82fd45c47a836cf5d25eb369525568b5b3ee6d2a35e5b687ef26b9de6689d0a345c7b0eabf0f5ff2d198e1de1792d3b80978ca46aa351379bb3f2f679f67c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ac66644d4435945e0761f7f9e5444d4
SHA1 a9da3763a8ce2d785ed8fc9fa2951aa8f6d0f0c4
SHA256 bdc5a1dc2afa9be6b6ac6be27467251b59975a3389718e8339ca2af156acf7a1
SHA512 1b12f7e6d0c52b1c7a86a0b933cd870ec567bf5182af59a1304bbac5cb4b07cc48c650e02c782cbc9ef76f5441c76f3f552e7c8ec42683d59dc73385a59d718c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19e1ba6039f61c8283b69b2da6ffd777
SHA1 968d7dd2b8f585a8408f5ed56bce0507a21a22d2
SHA256 c32237c3d94423a378a06448af4dab05c50030bf43c0473f3e8c669319ebc437
SHA512 06fe5f4cda04c92fa2eed3d110391306270d8d0fea3dfe36646840340e1748c33680ad0598b4d6d99ed474aa8ca5918b895f017d79a142968db79cba5a2d4262

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5b125344a618b0060d5bb74674f6738
SHA1 b526ce06c09e0694a7d6d82e13ef7bf8859bd5bd
SHA256 e570635c48ed903d15acce0f0ab4afc63c4f7dde0ac03124c6fb359e5bb0b9e8
SHA512 2394847b170aa8a0da29aa3cd7907eda1c3bd6ad80b6e6b2df07b626e93399632334fd4b835dc6cb6917466b3e2d1caea0589d887f0de73d2d3a4e992f39eb64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 43b920cfd2cb7dea7296839fe62ca869
SHA1 de1f52cc7111abc86d71a3c080b0ec2c22b0eda5
SHA256 3b614310597bd10fe8cfbf61c2d38fdc07d51ffeeab3a2d10ddcfabe43f3b3ae
SHA512 28627ca54cd5cf3b3b478d6c02a4c0a3431de496f6e886b9c829ebd7683b08564cc85cd21e9d6466b3a266841d275c42e6e861e2ef72b0fc02a117e218e8d795

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f107b44d593a9079ff5ac42349d765b
SHA1 a5d940709f74842cb25a364577f8a1e64e9408f4
SHA256 62c5be90cb5548c352825ebaa9d26134579add8aec70a0716007c8f833664c7a
SHA512 efb40ab0635de369da8cab49caa8e1aa80572e0a6cff96fc92057edc6eb52389ca84d06b868a33a7cb527732c98e0a236ebc2d21773028a8d1487db8224e1b18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd72113f0be5872d09ad20b85006ec5a
SHA1 f47c71c5d1ecf4cb9f3918f8f4d1a801d6aa73b7
SHA256 ac97ad4aeaf4138985bedd9e8ba32cb39d1dd19fa9f9f832415c120245b4bde1
SHA512 a9d2a0c7e090297d0e28ef5ec78b27dec67c30791942ea28fe039d601599c04159650f26db0acc49390e25088467bc195b392fbf25b447019df6d25343804b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c7402bd9ed6c6a32cea95ffe398ae79
SHA1 4b0a94b03ea189f3c7608fcc78b443049cbdb6b5
SHA256 b6b09a7ca86010336a892f3645e97b81f64601493deaccc6f7e32637e9753500
SHA512 8d9cdff087ae62168a80d761579c53c4f1895174ccd07acf55da5c20a755890b1b0c78973b79a78ee034b9862096cde27de3d5bc03e37b0dc99434e42f812526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2853ee3092707e7dfd4e35300a71a07e
SHA1 9bcb4792918612246baca085542056f582763fdb
SHA256 8dfc6cb228a63df95302881e55b1ecf679c060b3ba93f7b4184061e06721c3ac
SHA512 8389d8ac463f7fb52cca61b0fb3ce6ee7ee6e4b9c66d7eae372676126cd1b9326583e35e59ca4b0cc72be572d265f900aa463f498b595f52e73ec1de873d1f53

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\prefs-1.js

MD5 0ba1d44898d3846f2f86d3fd1f032592
SHA1 297ed22eba5ef9dc0f5e9d411e79813c2a067987
SHA256 0b5056132fe91600c1d8dcfd8394ef093d410a93d4e79a239d0afe7039e0e649
SHA512 19d7b4dc0d5ac6aefd75a683ab832cdaa9722d1dcd4f868b84fe03a5c999ac99a73c429b0657c1b4b4dc3a1175d88840e33d4e730893254cc38057f161ff1f3e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6793407078182d12e3fa07df35ca16cc
SHA1 fb4273b00480554e143b50a6a071dbda332fdf41
SHA256 41bca943f4e6687d80aa9dc2433ac2851df14a92992a736b673cc03aa53bfc2e
SHA512 3cc8fcbe77163628c05b2b6342ab0134b501fd4dd4fd2016194a55eb31afda82caa6b60b2f7ce5db0ca1e6a8073bbbea85a193c87dd75b3573280d48ef080ec3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xm25i6ct.default-release\sessionstore-backups\recovery.jsonlz4

MD5 253aba3f85ecaff284c10edd27a5ea54
SHA1 df93262caee3a25f3d2825dccc606610088aefde
SHA256 31d43791537c4e8b7dcca60fe3e79e7ca0dda9b41a5b0d2594f515a02b27bdba
SHA512 b2d4f4665c474a8f18ef744bafa590e753e9208b9fa00153c4f67a308d4207acd41f3d010625aee4922f7c9063bd472c5886c4cfb8c9ab280c041065fcb27960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78441e197e33f4fd3cd70590b7562586
SHA1 f05b4e74fb8d5760eddb02420a78068188dccddb
SHA256 47c44658e6fc88c689355caad6774e279dfa540470d8172e85a3a2f381d3fe6e
SHA512 97d78d3f215fc57fb024c455197740ff8cd477749ac21e06be50dbd0bc249d8483862ffb9131d1e54b9f9193d102c1390d52a4b689ede97e6003570c73697b62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\35ae14a9-8f35-486b-afd2-ef6404d88ad8.tmp

MD5 ff2e06d08a8147f3e8cae6eeb2694ec2
SHA1 b5cf3fe294ed7c6d4189334f53fcfef43ec03aa1
SHA256 ef65a74fa0ac4ac83ccb1baf4f39cf82e73588b3bcef63cba2d68d0922bb429e
SHA512 ed4c371dde8d175cedaec7f0a3e6555d9af5ded1ceb5c2bdf4f692a4794ac3bba42ab5f00d9cb0ced07dd2341e2b3fd59009254ab277fe0e3da5a1b0563e3775

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a6af40b60dc64d35f18eeef3f8b7968
SHA1 fe69e3fd33ba57aab00de879a14dbe8d11f5b647
SHA256 e7351d63ac439679429efd75ed0ef32a3dd19ed107fa4182dee2d5d2b29177fb
SHA512 e4e0b3b594b4043a21605d7140bf81949e820b5448fc52ea5fa901501b4b4b711183fe402d51a4afc11541e0328552b2bb10f4b675c3d75cfa5ba7ce86549620

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 14:56

Reported

2024-02-06 14:59

Platform

win10v2004-20231215-en

Max time kernel

152s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1815711207-1844170477-3539718864-1000\{0774C63F-0391-49CF-849D-64E07CFFCBF4} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4740 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 880 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 880 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2468 wrote to memory of 3264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2468 wrote to memory of 3264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 1924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2076 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2076 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4740 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2248 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2248 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4740 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1512 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4740 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4740 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4172 wrote to memory of 1844 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4740 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4740 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff970cf46f8,0x7ff970cf4708,0x7ff970cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff970cf46f8,0x7ff970cf4708,0x7ff970cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff970cf46f8,0x7ff970cf4708,0x7ff970cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff970cf46f8,0x7ff970cf4708,0x7ff970cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff970cf46f8,0x7ff970cf4708,0x7ff970cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff970cf46f8,0x7ff970cf4708,0x7ff970cf4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff961e49758,0x7ff961e49768,0x7ff961e49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff961e49758,0x7ff961e49768,0x7ff961e49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff961e49758,0x7ff961e49768,0x7ff961e49778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9868030128619911911,12821072691756692875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9868030128619911911,12821072691756692875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11065795828625804174,9627734038812784653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11065795828625804174,9627734038812784653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.0.1887855703\386133774" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9704e6b-5cab-4a2b-8de8-9699d8a62a75} 688 "\\.\pipe\gecko-crash-server-pipe.688" 1948 10e144edb58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,2797741906628901418,4880600258179268526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,7071822791140755934,9741657670116428243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,10291139627786077389,534877380351866381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,10291139627786077389,534877380351866381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.1.616054136\1855620004" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2384 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f7c6c9-44d2-486d-b034-c424745d507c} 688 "\\.\pipe\gecko-crash-server-pipe.688" 2420 10e13fe4d58 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.2.825748501\174411381" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3060 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e267e9fb-50e1-4df1-8107-6f9c47d32cf2} 688 "\\.\pipe\gecko-crash-server-pipe.688" 3036 10e17d4be58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4004 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1996,i,15899218743798162372,11807753264775813544,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1996,i,15899218743798162372,11807753264775813544,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3764 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1992,i,8133819178931651775,6232278710661183348,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1992,i,8133819178931651775,6232278710661183348,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4500 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.3.1111232282\500102158" -childID 2 -isForBrowser -prefsHandle 2880 -prefMapHandle 3480 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2b8f953-52dc-42a9-b51b-99d561d95320} 688 "\\.\pipe\gecko-crash-server-pipe.688" 3028 10e14468558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.4.1257177830\2033061291" -childID 3 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbc7f851-d095-46ff-8e7a-29a091f23cd0} 688 "\\.\pipe\gecko-crash-server-pipe.688" 3920 10e07868458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.5.1894396533\10477666" -childID 4 -isForBrowser -prefsHandle 4608 -prefMapHandle 4104 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b394cd37-fd74-4f0e-9e4b-494e86f7a060} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4620 10e197a2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.6.2061953645\50850599" -childID 5 -isForBrowser -prefsHandle 4784 -prefMapHandle 4788 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee4bd92f-4c52-471d-aa18-5a8c8058e434} 688 "\\.\pipe\gecko-crash-server-pipe.688" 5216 10e191f8958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.7.1160429243\349499882" -parentBuildID 20221007134813 -prefsHandle 5828 -prefMapHandle 3212 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fa117df-2f9c-42c7-8b57-60f42a063a24} 688 "\\.\pipe\gecko-crash-server-pipe.688" 5836 10e197a4358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.8.1208287124\1319941840" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5836 -prefMapHandle 5848 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b42f4d6-348c-40a3-8a78-8204996232c7} 688 "\\.\pipe\gecko-crash-server-pipe.688" 5952 10e07867e58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.9.1485758604\1159287357" -childID 6 -isForBrowser -prefsHandle 6112 -prefMapHandle 3492 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a6154ff-8585-43c4-9155-bef06053cdd1} 688 "\\.\pipe\gecko-crash-server-pipe.688" 6152 10e1a478e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5464 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.12.1305446732\2100413856" -childID 9 -isForBrowser -prefsHandle 6496 -prefMapHandle 4804 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a171821-983c-49ff-81fb-57ef92a634fb} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4604 10e16603b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.11.1054855657\771440366" -childID 8 -isForBrowser -prefsHandle 1712 -prefMapHandle 1844 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a05039a-2573-4ebb-a0eb-690044cc859f} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4804 10e1538d158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.10.1698309611\77635861" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85579163-8b0b-4f01-bf9a-526e7f33cfae} 688 "\\.\pipe\gecko-crash-server-pipe.688" 2576 10e07865658 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5468673611851342507,8362439077325034921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4120 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 --field-trial-handle=1888,i,18236801369099785453,3875149243650812686,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
FR 157.240.196.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
FR 157.240.195.35:443 www.facebook.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 www3.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
FR 157.240.196.35:443 www.facebook.com tcp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:58396 tcp
US 8.8.8.8:53 rr2---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 231.130.217.172.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:54220 tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 16.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 142.250.200.3:443 beacons.gvt2.com tcp
GB 142.250.200.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b120b8eb29ba345cb6b9dc955049a7fc
SHA1 aa73c79bff8f6826fe88f535b9f572dcfa8d62b1
SHA256 2eecf596d7c3d76183fc34c506e16da3575edfa398da67fa5d26c2dc4e6bcded
SHA512 c094f0fae696135d98934144d691cee8a4f76c987da6b5abdb2d6b14e0fc2cfcf9142c67c6a76fb09c889db34e608d58f510c844c0e16d753aea0249cfc14bbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d5564ccbd62bac229941d2812fc4bfba
SHA1 0483f8496225a0f2ca0d2151fab40e8f4f61ab6d
SHA256 d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921
SHA512 300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 11e5b848083ca1c7c3b0b6e38065d219
SHA1 8c080b8fccac5b53c800ca9f28557998832ef7d9
SHA256 2602060f155395b394b10929bef56a70f94a85c94cfcb0a219fd4a5471a08b4f
SHA512 b76a646a090a90bf0146620b8fe90e0c77c567c2e2c6e35ad2bc146acbae9324e82afabe6cd2e42cfe267ce49d7bf92fd5022244b220083bd6a5b8c9e37c47d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_880_AHQVTGWMKYTCTPIO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 91dfd6f503a030a1bf3afcd9a1026677
SHA1 46df3ddd096fd98caa3736b6c0421c967db5ed6c
SHA256 f3029561ac647dc4ee4122d079bb5b966f8bd362992dd82186a15782e0af800e
SHA512 2e41160f3d0d5ae4879ae18367d8494d9459bcd375dc6df25143e3dd2d9e7e10827a29a32f7bbde0ba699ccfded93916777642f8daac0f85948b4665943a78d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e111b7ad582860cd88eaa6723df5abe1
SHA1 179decde1959db935e91e2f6c6098161cc7bdf6d
SHA256 c583860a197aa51c266bfc95da05298eb00a01a5b672785ab5cc98c0ebd032a0
SHA512 dc2dcc5be3a32332a7a08c9fe5b89611befe092e6e7352ccf35752e4fb7808aa18e75020fc6ae707fe3aef6eabfccb9c2d2360408ba78eea43bd1671180198b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\77b24798-0bdf-4100-a249-2eba64ef7073.tmp

MD5 6b3c9715ca183737014793a5b74980f1
SHA1 40e64bf527c8f467ecd21e8fed8aec21396326f6
SHA256 6694d0a368981adb95c3f8984a95b2dbf41f9e45e0cdd41efa434fee0b968dc9
SHA512 593c63b2bf50dfe25d315c8657214e96eb49b30948c2d641efb172c092a7529cea2d4107a874908cfbf723f19d1cc429efb9b16393be80e2ec7de814f64644c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8c71ef36d48a6893507395990ffcd569
SHA1 528de66eb28b8250fb3945f107738fdeec4c1963
SHA256 c718f40e61a24f2ebb9e8d8aa98d404f1014b9a6f34465af735553e2145a9c05
SHA512 63b720bda409face728ee85b1a78db7f2495b007899cc1a3a366f6c4fe6a378800ba517fe6c044e13a78cd410d004bbe18b89ca0f21d84313c7e3686a907a731

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87d001fe57d64bf975ca0f93c4a8ffad
SHA1 59d864e3604c8da2deed727424c1ba931f83c34d
SHA256 141f5a686ae67d9e43c12487efb71bcf31cf507d002d206ffc00752f507cc85a
SHA512 321c959a174c27be78f1dcf467ba5cb251ca4ed82153e6a55289501350792ceb191daf20f936e4eab9972eec1dd9bfa40b36e2da104206809cf024c107f0fe21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4144475431473d9b1df255fb2e1fa003
SHA1 be3d85cfc19016d931556cd68a99269f92396740
SHA256 149559ac1d4f93f6c3f33aab9001208ff8da7174a54c8f926ecbd0c0ac47eb79
SHA512 cc2b5d07f8fe0a6d567b9e725e0b26296192957bba5581059acad7867fbdcc02b0ab90b088a59b43a29982e0a135fcf3d635f7aec3029d2f45448e72fd8431d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fc8d5b7081b978c0e79f0c5feafb23d8
SHA1 5fce2a6d1ce16ccd0b5d25c51b930bd611c48f8c
SHA256 0f76bb11913b77998db2e1f44ed75a7a283df201dc732a718605d296c6f4c2de
SHA512 d5fd838d9239bf2658c870252017302cab99d197eab1589d3c27f11848a89ddfea5ece6a612cbce33d940b84346bc25e0177f4c3f74197f7d92c3ec4d9312bca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3fb82681502b542544731f08b62950e
SHA1 57fb76d445d5a5bcec271b893eace3b96e280e3d
SHA256 1a230125cac3a7d9fa1667a7d410bd60a0aa42b4352854246426fc6a48ec2f75
SHA512 d814c5081ecac9369a75d7d473244b69b38c491e2efc83280b1b60e4e0a1b794b8ed3ab09808d1f8c69538d747fa9fba283daf7eb8df47cc446951ac35e7edc3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\datareporting\glean\pending_pings\95757e00-8295-4767-ab6a-306f863ff118

MD5 e2f0205ca72c3f5086448124fd8fbc62
SHA1 1a617b5c63b60eb08d7d440a168336b181efcac9
SHA256 3206437679a9d59edda2eeca813a2eaa9f8b6b2308d08e2c048646ac3c4eec6d
SHA512 cb229982a97ccd75474711adc9bf94599cd8f2914a841583408cee9003d8b58a6ecbacafa3e2f9a9285974da9c22a7dde746f606cf65c58f1f320e3cb1c9360b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\datareporting\glean\pending_pings\8bb9fbe5-5ebe-4836-bfd0-c4db878a0e5b

MD5 fbadec652b9c4668439285ed6894f473
SHA1 989aeadcb29a9f6c4257047a287abd18fc931db1
SHA256 0ce6db8e44ab8a004fd7c066762580584f6d067c49d42d1ff3bd7ffebcb305a3
SHA512 3e589cebf058d998c9ed2fed1b14447df6d3379b65bfcae627f4eda947abdd413d57a1aacdeaf8fc475bb819250270d79ed6737eb44698b83e5eaa5ecb15e10e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\datareporting\glean\db\data.safe.bin

MD5 50cf5ea41f68eed4b1a0c29a65aa4872
SHA1 6feb830cdcabbd3660b82a8f4e420e6b0e172cae
SHA256 5338203b5e6f5e3bb7d8e27e487197170f9af86493c9b41929875459c70da0d2
SHA512 31f1841ead2c90022ea7ba6c25fe324b2253dc930c24b68f5c91970dbacb53d1b97e1df1ba9742b46ed6fd72225259461e74650de0e66b3d94265357986f6876

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 be1ec6fd06ab36ca43543f94918e12b5
SHA1 f76cd5a00b52d4bde563978cc652999a9823d5fe
SHA256 268d58b764cfbb848651b5c22358f05046b517e5212c2830e2e2dc93f4841166
SHA512 89b6826d3c44ef2866fe0c979c68072b9fd18a71cdda4c2fa6ae8164bde569beb4b94828336f547a5a627f400dc3f3658a5bb18d547fffa1c554796c00c63e72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 5bb3fdab6d7f2e30870579da570e87f4
SHA1 9e153b9bcff492ef1285d250397b38534e1f63c7
SHA256 733500fb77dc2c398e5221ca3e11356c2a78f6946f99bbb0bd18acc34dfbe0f5
SHA512 c6be0200cccd3c98275e48f49e46544455eb22970e54631dba871f44594b9594e7d973525aeab04ec4458633bcfe1eb5a76da685b1ee175404033ec29bdd2a01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 31aada78006c1aeba1213f5777a019cb
SHA1 faf01ea60f39904d4d4fba3271740fbe1be562d2
SHA256 b676be1d81dc4d5f24ae9a6d7ed7964dc4b2257b063235f9412f34bee35b3d38
SHA512 ad61e9bbf572c78969676302a3bb1846d758e191f6ab9caea7d64d765c25c366534718b24e51c561caa34e9809f4a4981382d8cbd144925c903327858806a760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b8bc66210dd3eed3137442586dc1262c
SHA1 ad4116fa54810e9d303185d1e2313daa8177cfd4
SHA256 a091fc519c639b23575301623aefff48b1798ae5221e5e9d6f403e54545a176b
SHA512 b2c8cc0e80daadb5ddd424493bbb8a639c1eaf2ff2ba6722b8db7dcddd5fbdc1c58dafa9202b3db61b5c8013a3ea30df7c2f9fa6fac9e5499934560ad86c0db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fccebe4d441014fd8caee12894151699
SHA1 417983ea71df6efbf23860c7b943bed7a46c60a5
SHA256 55e93a4467fdad5a3c6df8ed0ebf96032baeb776911e36eeed59f716683871f6
SHA512 ea0de75ad5fa7c53a33aaea10d12744ef07c1d7c45ea9ce95a6d1108f44830376d62ac30133e1b5bd24bcfd4347060108a75c815a885ec0fce2e89ac5a32ac0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1d1c7c7f0b54eb8ba4177f9e91af9dce
SHA1 2b0f0ceb9a374fec8258679c2a039fbce4aff396
SHA256 555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18
SHA512 4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\prefs-1.js

MD5 215df42506df3db32d44dc89fdf65836
SHA1 5ba6f4820ab565c029edc07ed313d71d9ff01f9d
SHA256 a1675bcddf1fae4b22b26c2edfbd588f07076a1d86130cd233806b7a3a7b9bab
SHA512 ee450575acf6e9bac5053f8d0caf73f08d1fdc16569b9ff28a78a9b8638f0b29926a92833cf92be3cd319162b27ef46ca41ad11fa129e68ceb21cd8b51bf3628

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3af0290fe76b90ec45dc7fa6630736f6
SHA1 1737d45d4accd162e85e44eab2cd986d38fa31a4
SHA256 28a48568bb1ad1e8fee5db625dece1c06ed064497f37c88b640c41532ac2b678
SHA512 3dac6cce520e3c3d1e691c95669d2bada616eeb8283383f1b2c1a0296f18367bf3e8e17bf3a4e269f87a05469a09b321efad4e5cbd5fc81b90e52d61b6f457a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\storage\default\https+++www.youtube.com\cache\morgue\126\{62b3d15c-4f31-41b0-ac07-d0edf0f1237e}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\storage\default\https+++www.youtube.com\idb\2545189889yCt7-%iCt7-%r8e9s1p0o.sqlite

MD5 3501f9a513c592172623f1db6c1b09c0
SHA1 c217657bb5681cef2a942e5010072293c246355f
SHA256 23a482693475115275915813557d3f239b7984ad62bccf0f2d6a37f2c816a1d2
SHA512 c61f6bb0ec4d560ae7974b1f42e6ff39449a53c8b4744a4c5c7ee70b17873775ef72631a3b49e857774f17a0b931f4cf5bf7b51a8c93ff6da0728d57c8f8dd96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1c804d653241837dece396ed6ea8d89
SHA1 7d44aa588873f4de609766a2847509465269898e
SHA256 3e68e2c743abbd073a569ab22aa67177ff706ca1dc89edd308fa80526b1ef531
SHA512 f9b43af7d673588483785a330925d7b6177810a8a80879e5e07f30b0ba35fb43bc0d5c9fa570bf4fbf45ed2c3629e2d5578feaa96364168c559f875385c75f76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8af6c8d5bbbd3b871bceac15dab4b2af
SHA1 3c93a209970001d888a34d1fde438c55bb9503a2
SHA256 cfce648dca20fdffb296ce7e7ff96d11c355b347cb04dad0715f5dd2af450778
SHA512 d45fa12de375a770205bff1655f451aaf44a22a6ee8e6f1c8b45f28401e43e849b91813033826c85b92ac9c1061edf8c368e6b5d4e866596dd17f1d9ee478ce3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ebd0436f53a15a6f1f25e998254b8476
SHA1 eda98f36cb6108fee186ebf3f5e190f95b3e927e
SHA256 6092e011edbf20972a83301e16be15daec24ccd2b7e3978ea37b4b98dc4f9d63
SHA512 fa643ce7e45a81c7c672a817de11f8824b8d8061fec64e20056085e37f3124eba98e53e2a2e27240bd707a4c15de810259c727901d2fe0233f4fd03a536021d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 13b557fac5b38edafe500b6f38d8d381
SHA1 24e2fa42c9d2727a15667bd87b2121ea1a7e14d5
SHA256 08ac1a7327a1db87776aace18bef3ff1c3053fec213e0142b8bbf5fe7e8b1634
SHA512 e8c998e68030d70f3a54ebc24072cf9a14db9a8357f61820164be6c65a4d4aacadf81424dad586082844e5b29ecda792f4c51a552ebf7741c6f62f8ad615b87d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ebf38d6daa729d69dbb86988ee247d05
SHA1 382d7d1ed347061ad0b455225c82f11f57b3d006
SHA256 1e8f367b47d47ff98e161b8c6ecb70299267e5e679af5b73a248ae5604635956
SHA512 42c5c16fa93625b6307911d9b31762c785b9b5f5f350302b2058baac21a0844cc23e9b4406334e2499a68e6d2a51e7afcc2a430392700b2b7486c4720cbfbd0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581325.TMP

MD5 8dfd8534c8fa10ac635c0d4f87401626
SHA1 678758e33360ad50ffed3537bc9bd6295ca320d6
SHA256 304599c4853f71b9436a9e19271365299ee03f730c9c4b95b34a3d147772ce79
SHA512 8bc274d69175f47c63532fcdad975c4797568168736f8abf11e86cb8570c9bffbaa469506caa6dc693ed91f9901b1acf9d9f21e04869340558301269840db585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc1538173f61de29e9b722d970ec4d7d
SHA1 43f4b275195cb428e3333e24404ba0001b8ac938
SHA256 e9edd59c0f55ef54ff8dd0e524d64edc9ed882d6eb636028bc52d2b7e1072bba
SHA512 8c0d19463ae16ecab09d8231057699818baea30d1706e738ae78aef23b6d49f85a5fbc7e3ab8718a80ec350546d974d95c9eec7a955ab123a9c9a95c4b8517fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\prefs-1.js

MD5 270e8fe1edcb99672696ba4a917c4f84
SHA1 f87bb70c933bb8ebe47866f6957fb04fc78cee7b
SHA256 b9d79f1c9468bfaa06e6eadb72fc221f53f72156dbadd3d543bb9274ab9b33e4
SHA512 af23fb2b5a0ce90ea90a4ab9b26ca05a4b97bd27de13c63ccd94dc15d896e7f03845e02ea694dff0295e45b52c524910d5b5a2d8bcc984cb34be682783f2d32b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 b1375326603fe65cd42df7fed7ce5c45
SHA1 a7fc9a7c979e62a0bed17ae5e8da74738d3e25ba
SHA256 c9088547ff6883a0646b7ca0c27b0696524be01431ce0059c4ebe765d48dae06
SHA512 1a381b6193bd8380bdb81934bb0b5f75a514c5fb878ab70dd1f7ff5c5be397298d0ca4cbe1c65ca245074ee2052322f89487807b9f73f780851f3a074f74ced3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6a72e550a3762f737e6e1d1f7fefc7b
SHA1 9683c33b83cd74300be04bed3da071905c3b1fea
SHA256 1ae916f6432986731ac7a7e70950974e2f9ce7255f910d45e0cd554ae7346222
SHA512 f90a4528d5da51f834778d9365036d62219d7f9cdf368b95e8455535389bd16386036ba04bf3b04455d31587f1ac30ca4b0b811decc09bba84a1b038cfab7337

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2248_1892693345\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2248_1137425479\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2248_1137425479\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a68639639980f7b55925792bb2c6784
SHA1 9fab2cbb8892acd5debc78cab0f919dc4f6ddfe3
SHA256 de871c075c413c560dd78622689e2ade4276193d2a5c6c6e69c3dbb67168f324
SHA512 c29922f0bfa0233da01b26ae5e851732dfcd4d969355745affe41014c66c4cd4ae6157984611469e9bdb53df630acc1373962f4afd1ecb38f446cc450697f92e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 846ab642783b32e3a4ccf277b96d1042
SHA1 39babf0e228ca2adaea8f9546235a511a1540554
SHA256 b4c42f91853c865bcdfa5e286047b16ac7497af181c8eadbf345eb1a24fcd6aa
SHA512 5efb0a090face6063101c36ace492b706ab33862de3fd4d0ca02b8d8c1f28f543c33ea1334ca199bd4b7aecb4cd788e70b5c919f40d59641bbc2b426d8a25c47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3ef19010d057f0c1eb897d78b6c7182c
SHA1 44f55ef87f562c4e4d7f4c26a286953f8e48b0e8
SHA256 66d404484d5fddd5ffbbb67a97587dd67e4c0d78b0693e632f0fb6a6cde8bcae
SHA512 e6ae8505e3cd8dad5f09563846b9475144b763fafd716b2e53110874536c7f185cefd965d913346cca7b3125f44a2eec685fa7cad7ff7462b51f00432be5fa97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de583aefd4417025f6a703b385b04bf3
SHA1 baf1ba22aed9bcdfdebcf785eadafb26e2b5ae5f
SHA256 09e0c4d0a2002779e430c74533c0c8b83785c2fa1109030072d843f4dd203966
SHA512 d8b2e3de1e72dca4a6f7e6fcd0b45b1f3f16a9db0204ed9ed5d203d386c1d904549fb05ce4ce19e3389a7e85288e0d6ded8d38f82deae5b42a5de715694d21b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0dd0c3b5d9bf04b539b96a5ae5047e81
SHA1 2086eb51edb11bd79b1ae115c87eb518fa41a923
SHA256 9f53d6b33a19d12e78d886cc5e8d67a6d94285c6935770ac944fb50f936da430
SHA512 c6098ade3ec5f077f1455223872a5afdc485ce6db42d6539b896d6ce71e740e854a5b8394023168eb657634d022eb037aaaf63d05f8f1e5f95405ab28f8f5427

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3b01fe2ff37c1112480c745ca53fd92b
SHA1 0d45afe225f5f099ea3e82982023103ca56d31a7
SHA256 b5c97973af9619ac501b6a59e9e04e3ce664b34ddbfc7333caf687009760b6d9
SHA512 c5894a9b6261f087aef0b985de1f82d1c26590873cc14e43b11a144ef3666c049c744d7e901d3f0506a833d7e27ed031a495a10f561b396d06b96bef9a8df21a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 703f483531b8111217337e3f539cc91d
SHA1 5af2c38cd7da58aad63f1ca2a21c562be3344830
SHA256 b24ad43b11de69ea49f2f9deda9a878ba84abddf26749f4eb3c966f4280aa6f9
SHA512 c858ad16b77ae4dfb18cfe1a74317e167b5639d8a4794a65c1d02b3e2ef8d27e3dd33225e5692091442ca9fd9c8705dbb31c4b21b5c0803f6f2f0f13fa7fb340

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74314eaa120ef7ab484534cbdf541c26
SHA1 9aa82f5307c59c5a559fde9e384f4ecb8a341343
SHA256 618f5a8c09c65bfa45c489330b35f303ce32ee1e2d23730695b04c2d8cbd4c56
SHA512 671752e16e3d2471542c59acb0064009b5b59890fc71835a1b350a575b852566923378ab0a6cc9d09c33de9aa2f127ea3ff26fcb5de15cf68257dfa2361a9036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 44633b1ee3b5e0b791a9ec4caf298857
SHA1 8e055148c7c281b0d2bc4b45d0f224e92fdcb9cc
SHA256 cc77751a7c42ecc60591384ee2b2f6c64e627cb46b77ad33311302c383595eee
SHA512 ffb5a99e63e1e7d6259c5bf7bb90e0d89bf73a09d4084634d548b5d4a09ff087dcb006d6fd0649888a83099cd1b68ebdd2a0bef726ab663b40d6682fd084ce2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587af7.TMP

MD5 ccc0fdca90a4e2e4d0f7a666ce356c15
SHA1 38d36c9a800fa50e54bc4db59fdba6bb66ecbf39
SHA256 c35f42e63f2673a8aabd0ece26bd48d6f282fcfef628e65574b9e9f94391ab49
SHA512 0c2eac463d372f51252115920d2e4e04872da691a1ac51fa868cd2a86e160e5881592318866a978c1933fb61e91ea664fbe0ea04f59c94c07c542d007f18bc29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d94b57bb61e6f3d91185fedd3b0068bf
SHA1 940693a701e30922dc3eed564a5950c149f14776
SHA256 25171bcf82448e8aea88c6518680f1368439cc110e3bede5072023885f0a23d5
SHA512 df6e16aac283c21b310b3777e81bd7724bce5cc2d1b736e13309d959ccf36c951ac404f3db9a84ee67d7019fe9001b2487962c174503d71982c0d9059be11c93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4949d770f4017d37f583e38d4ef1cb23
SHA1 81a0bc13052b4d96ebf676c0ec7a9de50f9f6cec
SHA256 ad91bf16699b2c585c92ffb29829d04318c295393bd76e004d0e0fb293daf9d5
SHA512 2db8fa43ff1704d3f30c163508e07f4303e799c7812281486b844aec8fb7289d2a6d312937e1d7f0b6d0edc694fc603bc752ff5c53228656e690c27e3cbf9e61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4eaf3d0dc2a91f86abcbb89e4cc68d24
SHA1 7a4ca32c101d5c5d4d6ec7f9d01c32fd442acc54
SHA256 203716d77465724e2c618716702bee4d5f6491851649500e645f02a401401ee8
SHA512 ea4bb5fbf6f2a137dcebdf65f585335f7b7e2266e77716461be6b8326e78ba71e804d32913fb92def89529535b6a9d29aeaa0f9bb17dfb1679f575d2ebbefbe7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8465bdaecd18e6563605e1914aad941
SHA1 48ba094a03899aac4e9b03a4565444c64156933c
SHA256 2ec1abd55ba32b2fbdba53c1b75ab963c689f34f54c83b3aa4ac329249a99717
SHA512 150709faa8478253b0866ea7c351e30424b629a1c381e9916a449acb7d3588906f04f82f644a03b622d4c30fc0b6c662f65354bed107069402bb9d533e8e9eec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d20ec4d856c02814527c007d8e385d14
SHA1 85db26f03bf518846a7cf58ede386792b9ab8e1e
SHA256 c12e195f707f41b1ddd2772e43eb2e8e53566881b776118cdf69af3824dd1de9
SHA512 37ebca694fcadd5fd3623c3f852d78f214134796f4599b32ab6ac7cabf6abe47288341bc7bb7b123109dd2e6c9328b9c7645d4df4c1daadb457c44048cecc051

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58bddc.TMP

MD5 40c2bf1c706acf4c8e70376efae59890
SHA1 6f5db8f3cd2f3b5fc7c0a592be1e78d9dcdf6a15
SHA256 34006d27bb068c9d5d653f8ffd8fdacf034b85c438c3cbfa6f6a4f9e8656342f
SHA512 eecd53a46cfcd4e2a0ec5499b6c9d0ac932e1444cf0d62f7d4d82d8f30bae15ffa90be2f6bb0c5b32079f618519fd58e8c45bced09c0c6f0a562f97a3e2194b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a43a7b1531bbf2b16011f5595e75f39d
SHA1 366330a5b8c73bd2b5591980af951baef37a811f
SHA256 1845e5630538a73247048caa0374c4c3cfd95a13e615b26a4aba2a6637f260eb
SHA512 5ae8561a77e6b022a6ae57b1780aacbb5abf07a4093904ed9d1124b387bdca74568fef7957e3da8aa7469cac86c7c875763e930529a1f2118f4f84562013ec3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 3ba7e6919bc260bb6ab523197f2be3e1
SHA1 ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA256 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA512 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 3b2df667a176193cba046f74787e731d
SHA1 0525109b7a249a66df8c8eb7d24b49852cd076cc
SHA256 f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e
SHA512 f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 75a53e4d49710e7cffd90b9b10b78f61
SHA1 7e4f0f004ae8030b6a836e2dee1b8841833516d0
SHA256 646f92cef63f1fc4441c1801b691daf3b826eece005fb364cc20dc04e1c31751
SHA512 b29bb80d9217afd2b32e13c7eeb629021d2acec392870cba7d5588ceb8c906bd983ffe3284cb5a418b76301b8317bfccb4ac879d5b43acfe50b5af9bf3260ab1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d7e74c5f4fbc8dd14e5dbd0b2c33ddb8
SHA1 0504385c971afc6a776e4317db549c73b8953525
SHA256 458b329f16c9b0cc30f4efa247ff5a8cf6e04339294285ae155c531cc962d279
SHA512 bbe1097b721ba0c71394ab0784f7d01e7434d01c73ac7d5583d721ad75eb2b6522ba367fee01b91c82d7d45674204f079727eb4366e459068984c11488783eea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5c0ad5938519dcb94473922aa2a503b5
SHA1 ededce6c09bca8b82d663d40247ba91fcf68c164
SHA256 83dd2d8d5621ac870a4cd1477e2d7d5871a5c7157ce3e5c309d8e21dcc077fea
SHA512 d90993041235f59f3f5fcec3a50166e5a40b28d4475eba4f18968004c468d4992c2fa9513eacd287a62269fdee1455491249f292c202fcb49cdada01287f9fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01df06b692c0403c60bc416de2c03f9e
SHA1 7bccdd36cccd51a5328ffde5d9a54c0943d88e43
SHA256 b9399a0b7eda2e78cd17ab66be2065523b7f021cd3fa18fef99db1ba8409ba25
SHA512 6ccabd9d542653015fadec092829cadd6f3037c7478d35910fe7f653e3a8eb61131dfb42c209fa92664367d0c884b0597d71dcfeed72ae536f633a357e295350

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 27028f7ce82e375e5c14a8b6851583b9
SHA1 d4111bb668536a6431a82c83441f092fd05cb631
SHA256 eebd88b9c676e6ea82c895f91816cab44be85f090190b3109ddf7c569c731008
SHA512 4b61ea47e8fb727477818bd27c7512340bb247e54e647460538f0a0e0dfa2512604312d382610afd3eeae1c5ba89b94db16e3917736b342678499375331dd97e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 627991b062b3afb5b1705383e5d620a0
SHA1 20662c2d71a4ccdf4b42021dda497feaadbf6efd
SHA256 a309eac49aa3aca8e19043ef0c0ae8e33435e99d95f081c3f4ec597222d6b2cc
SHA512 494915f052e0e4d7fabc52c801df80f27f7d96be6d5a5c07815124789a2bd82fc63b1f4c1c772e47a64d49f6b3cfbcf3e326c5b4e568cab8fb166bc8e69792f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5943e5.TMP

MD5 87460e63003843551ef24cf50fdef6b3
SHA1 7df140dac4b7b5c14db5bca47a738006f3e30128
SHA256 31c9f0776d7108ec7c521d035508ec9d906fc8ae4b94a07294d39fffa968e00f
SHA512 f995cab11f3c1f338eda04b18f49447dcdcdc92afc5be0b6d11e582b6574a8fe0c4a5badd5b33b2b7572c4a70b538410ee1aa8a6a3d04f9f4cbd9d4601ca5280

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0202989aa429f6c1c09ae4a343f2e4dc
SHA1 f9f0693cd5c1082e521f8bce2dd364e91dc821c1
SHA256 867544b67fee2743690e2e02aad5871ac50a5c80051541ffd53df94473af8c56
SHA512 44a4932af31b568eb4581a42b8989ad2bbc1a8c63fe0ced57cdeedb856db1e447cc8b098210ca0dc9be58576a9c655734c63466765a90a2fd8606f02f86fa89f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 aaba5e872ba07d60f556b78df854279e
SHA1 93d1494959f4027195f527db143e5aa89d60925b
SHA256 0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512 fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 bbac7bb99faedea9a0cb17dfcad195af
SHA1 409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256 b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512 727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0ca0dbd3ada64a7ac8d74257d42675d
SHA1 d6191f34a82141ed7a5761a09fdbdce6820d3c40
SHA256 209e6dcfc80a961fdca9096723aaa1bf5ab332f4c5755506af2b9aab069d4476
SHA512 08e6613c56deb169f7ea1c6308b086d0f16cb683edec491179f38aff2c9fe84f3dbee0a643882001623ef2c3b5b1f5a988d994c24da1fb3b8025e48cbd0de032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5356ae58c5bbfe4d0a755789c32b81e1
SHA1 f75e7b51d4f9a9db701391d68f113b7e07e1ca47
SHA256 7d2651d3f5116fbb7d0486768b69bd479718b9c6b7c62970899f648ed6473917
SHA512 cd14116a3efd35e7dedc33cb2c99be97f6e7f5ff387eeb98a5ea8da923bac4cd82442c1b1636f40414814cb51c8e3a7af6e9ae9eee3bc9952709f1384f4c35b9