Malware Analysis Report

2024-11-16 15:52

Sample ID 240207-1f72lscfhl
Target c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe
SHA256 c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07

Threat Level: Known bad

The file c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-07 21:36

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-07 21:36

Reported

2024-02-07 21:39

Platform

win7-20231129-en

Max time kernel

36s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000f1b8f4d6bae79c3edc371e37e4737851419bd66375427540466e3632e015eff2000000000e80000000020000200000002c72e1e2c07d27da02d752be9245573dfa365ef6ad7053603c31eb3034d26d4b90000000568b1aa2734400bd02aa3b8a864f7ac8b9db04121be5b63eb425fa6e2a2ea176b77d79af5b14a1da4c9a6f1043732cf67902bfeb3db90d37b243efb81451ebe158b07dd28fd1cd71b511f6fef834b7cb6ab1da94350f84c4323e86f90c399cde1aaa3fbd1eb1bad4e86a54dd0137c218d167a15353da1c94bca26a57d0cb88b0e78aa2a607125bfe5aec9f77f7366d7440000000741b66558308100f5812708f872c5453be4b308fb5cf0c26bce8a424f4fa79bf010692e96d1cac9badcd819c3fc7c35f40d63b83846cf4d62d22c5024e918860 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD2535F1-C600-11EE-AC1E-72D103486AAB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD27BE61-C600-11EE-AC1E-72D103486AAB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d78000000000200000000001066000000010000200000004ab1b1678180ef7363676c5838df12042782becc350d1c4d36da9c82e55e4e2c000000000e8000000002000020000000f3b2681dae31958cdb9a66d31f9113e436f9ca5001ef12150e5a317000954fa920000000d9d0fe2dcba6f63ed01dcdc47aeb7e7bbeb0652bbb843ab6e035e28a0ab2e25e400000008697f73b27f80c77d0b4a74a2778e90be8d9c02f6ca4b9de8fced04a07698b747171e9386791c10ed08a8ab03b0656e2a120e7a27cfce7e056d26c3196dd1a5a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fb17d30d5ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2268 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2268 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2172 wrote to memory of 2624 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2172 wrote to memory of 2624 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2172 wrote to memory of 2624 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2172 wrote to memory of 2624 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1844 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1844 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1844 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1844 wrote to memory of 2748 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 956 wrote to memory of 1792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 956 wrote to memory of 1792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 956 wrote to memory of 1792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 956 wrote to memory of 1792 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2268 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2976 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2976 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2976 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2240 wrote to memory of 1544 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2992 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2992 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2268 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2268 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe

"C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6599758,0x7fef6599768,0x7fef6599778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6599758,0x7fef6599768,0x7fef6599778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6599758,0x7fef6599768,0x7fef6599778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.0.1726634306\833054612" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1164 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e27081bc-6e07-4a3b-8b8e-b35a0e7bb15e} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 1312 1420a858 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1288,i,15859724359969953023,11716466175940492642,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1288,i,15859724359969953023,11716466175940492642,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1308,i,18046515028902077232,5355572931887485523,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1308,i,18046515028902077232,5355572931887485523,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.1.69576502\1664661839" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4063a76-fb14-42f9-a9ff-2c96ea5d92f8} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 1528 d71558 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2652 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2680 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.2.1807298542\503194478" -childID 1 -isForBrowser -prefsHandle 2560 -prefMapHandle 2556 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {268e8bff-aa34-4aa6-95e9-dbf31a47d0aa} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 2572 19d69e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.3.945894519\777858937" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db316f2e-7a98-4c81-8238-5538678e3b15} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 2272 1c3a6e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3264 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1612 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1308 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.6.1477105967\1223455708" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48798cc0-9c18-4232-b647-bb706cf556d9} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4004 1f3d2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.5.584652556\173064569" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1295fc3-2d36-493a-b581-ec49c745c668} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 3840 1ebd5258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.4.76045176\827263553" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3688 -prefsLen 26212 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b309ea5-55ff-4ab2-9633-3acd953907b4} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 3736 1e555358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.7.167039013\1793221913" -childID 6 -isForBrowser -prefsHandle 4312 -prefMapHandle 4308 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48a745c4-dca4-4e07-8c6e-97bd06b36db7} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4344 1eb7fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.8.1485324888\940597863" -childID 7 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 772 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8750228-cdb5-43d0-9b76-fe1354b9be9c} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4364 203e3158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3844 --field-trial-handle=1384,i,755174195898701828,12650188798558494616,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 92.123.128.168:80 www.bing.com tcp
GB 92.123.128.168:80 www.bing.com tcp
GB 92.123.128.133:80 www.bing.com tcp
GB 92.123.128.133:80 www.bing.com tcp
GB 92.123.128.157:80 www.bing.com tcp
GB 92.123.128.157:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.238.194.110:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.180.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 127.0.0.1:50219 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.180.14:443 youtube-ui.l.google.com tcp
GB 142.250.180.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.35:443 www.facebook.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
N/A 127.0.0.1:50310 tcp

Files

memory/2268-0-0x0000000000680000-0x0000000000681000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD2535F1-C600-11EE-AC1E-72D103486AAB}.dat

MD5 3c9f6a9fd4fdc72f92ff76b63346608c
SHA1 f6a52a30e919195396b320dc5f66f2498bc52467
SHA256 2d0eba525ce87243295b74c87cf8c1b26d2af7cc4f4a1b12e6eca7f2acf452ce
SHA512 19b84f68fe88b3656aa7f5a5fc4ce4a9284e7b9525827138881999c751929c8ff9ad83ef10a6047ebed4bb2a4fb8270339d852dd1dfd6422440849e4a2006550

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD279751-C600-11EE-AC1E-72D103486AAB}.dat

MD5 2952c10a260a95e6c184d254f0abd6e8
SHA1 2ba6445b7f1b7eb2d25fedec2da6c4e786418680
SHA256 17373c386c3ec5a70860dc6440b90264a6cd4d433f1f97dd22ae26c75624cf85
SHA512 4444bc0d0071d362adae344cad7bb8b8e37005b61352e997ef885641116d587f03298e223af97630eb5ac071ae3300b91a3cd5f95b88e2062274eb0c8e7703ea

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD27BE61-C600-11EE-AC1E-72D103486AAB}.dat

MD5 3c14b40771e5067f63a50ccba0fcd9d2
SHA1 d47ae98794ac8d54f4a169c8e218e0587eff03b5
SHA256 2b3942d7beed834b7cf1bc59dd338cac2ced3add158753544690a5430416c1f6
SHA512 8287b3f993f25d52e713049469330ae7583ca7d2a076c7ec4df182d9bc6f9272858b32faefd6793ed7c5664037f592b31bafee7a810f995724f44e0141870c48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 cf5bd34afee97742651ef8bda53ec88d
SHA1 6a7578df8edd389ddf1f3898bc56564a7eca06dc
SHA256 ba4d85284fb558ab18e955d3c5d14ab73713f12b5928f9fe8e71d2d77a850106
SHA512 82950b0fd6136ed33edc241761dc7e18a7270a77bba7f0d9ebb4c682da2c06fb9766f47cada78920e7fbd4bf5ac74f676917d05ccaa3133beb58f2d545fc65ab

C:\Users\Admin\AppData\Local\Temp\CabFEC9.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarFF27.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62afa1d199d9755bc11bcb92e5f554c1
SHA1 b9daab44f60c0e60fb8f80bb7f40f22ebeaa820c
SHA256 4b7aba7430ced10f83c183a8158f50cdab8bc1dcca44e1abf2411a149911cec6
SHA512 f93b933975f10f2676fec995812e6bcff50bd2cc77110b7516147365d35912c3aa99e21e4b76c66ebb859441fb1885ca619d6c7abde82dbe4849f4fcb12100ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aace874c22d76e2ff980ca92c4a028ea
SHA1 178f8d752a8ccfaab0e73d3baef939a34bd6b6fd
SHA256 b4e9445c38e31616870564d46ada2d9acccd10ba09e337548cddffe3a294a688
SHA512 a41607cc210eb698f640aa632bde7fcc3be11c799bb3cf35ae5207e826a3ef626337ba66c578e19cff8295e17a23204d247732b8b7b884a65c765fa07fa0addc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cd2ce8c66ebd65432e91f94127f84f4
SHA1 938dad6923dd94071241fe0bfcaca37d45b519b6
SHA256 b4f21e5c98ae4d6c519b789b323515d56e52af120115d9361b15b33dc5cbb555
SHA512 e575d265f2d05c39be64c1907699531de51fa257e3e0aecc018543e6339838154bf6ff4e2692591501578810e3c2a32b62afe9b7a82e8641a11afba15be12015

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8fdf310825b7bd791ba94d25222415a2
SHA1 35d9d8700fe5301a02417be0ceb3a3022ee32866
SHA256 98fdaa2e439990356b4f039c1e5abc5e496ebae126683321c00f41e40d1067b3
SHA512 1cfd5600c2dc8d9529fd9be8d580d1ba61869c341feecd7e97534f13206a5b5b4b0dabf1bfc4e0557cdbdb225fd43117a968160721e7a9db4e927e160721e9b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 39e3240ec7439e4742a43650ab77a597
SHA1 08e45710acf63850402e12e7962d3617205b9da9
SHA256 0a27bdfc577843dc384bd04a1fa83addcbd20ff44f4d1421ab7b8e8123be4c0f
SHA512 05fa446a47ebc973c97bb3cb32fa5916374370ed416b9cd1f297a1e445175cdb0d0ec25ae1507bd1d8bfc8cf67149b0bb9405634b534709737e29baaa08824b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e60a5e00f1230748a7bc7be9d8ac89b9
SHA1 21acbcaf34902efdc18eb79f81d35d9421b268c7
SHA256 f68ecb0ae966fb06226f03b75e84a74573f3cde201759dcc220290a667237124
SHA512 17dc74bf0752f76e3a97a0ae4a58faa80db52317371d40666b04f82a2772dabd8ceb48448caa54de08fd19d90ec1cbea319cb93144a7c558b22b6e512f01c19d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bc7c67096851c0bad95d401f3d7facd9
SHA1 56f6c9550ef78485ea9b6ee0b6e5b0bfd9590b08
SHA256 1b8aa822e0656ee3fddabf876e7d7afc3d80add233edff91c1dae039f61cc07f
SHA512 005dd4295041b8719a1b015ac9056918128fd0462ff56323029f1fce68e85785dd07ae26e3134db78b417fb27ba0c0878f0025c8896605b9e61358978e3f9689

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14d3e0e366cccdb306b4030b2045260e
SHA1 efc679d57953c2b19a517088f7f782a8b1606758
SHA256 f00caffaeb6ddbe3fdff2e5c230be77bb59728d7734bea0599c3cb491024d65b
SHA512 4e1480b611c826891db27a6edc4a0b446ee767b0a601b4b6ce9a32f7a22a798b90586f37917610d398d44b478ef302667ef7d4fcae3b9fafd839f708f0a89deb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5c8a85c95610a91e6dc302e71b06e26b
SHA1 95bab71f21c7d7e8b6f5c1b977be359b931674c7
SHA256 116ad231b3f92be74cd030b233b35799b18041cc3d59e0fa52b24a87b0d2c267
SHA512 4f99638598642e6f6029a1c60006582e334bb6336e4c3a6714acb05d8d72b1df9c283359a76c5e8d9e4b1445b8e93ae7b4b8544c7e4e4ba0d6403c08972d901b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 41b6b59c335461aa7136531bbea079f9
SHA1 d19aa25db13743768f5b910a8c284562531f6bfa
SHA256 da43b0117d99975bd1b755b271acc33c62fb4f4e6134e65408f6f40fb0dbabcc
SHA512 5393668cd4e591cf3460047361122c5ff1efbfaea8d26e2ba87c7be872db1fd33ac967310015c675d01b50d725217000987cfcdf94e87363719989fdf66bb45d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7f0cac2ed42e0ec7802f7f9fae077b7c
SHA1 e29b85ee33618e02fe41f7ee4770269abc40cbb1
SHA256 b37f4f8a0a8642a8f7dc81d63512f80f48380cf59104f89f812b0ca728124d76
SHA512 f276e151f55abfb195f73c9e145844d8842551aad57765fa21422b54335cb88dab89956675e2dd6b592675c0318cea12bd6bd07c72c1a71e74771e27e4423662

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 75ab16774c9ce7fbd2a847ba5fe390b5
SHA1 833208dc945111282d38b71e3f94bb12d95f7277
SHA256 fe60a803d466d2f25f1056f2f39ea9f5e7c4d6bdfc320403b2f19124c5b7f3be
SHA512 282047c0c7110409a0b293469ecee06e543f63c3c73607f4723de4541212a499aeb39433a8d8d135528b2e410f40f525eb0bc7e7642cafd57118e618797602dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 49b59e97b1e5342328f3ae9b2f3a5dea
SHA1 6cfbbb2d9cd5488cc2f475750efa27c684d239fc
SHA256 fcbe2d0306f7122dbe076858489e20323c486c3695ed84898ed6c23f77aa3451
SHA512 2b0023a9b50ecac4c73bb1c2751dc1624ab5a8386360b461baef6bffd75a1aa842fb8d9aa08c515f142c84f58657a402d8ac7911d1fe5beca2baaa96bf0c70ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 953012ae91e32eb0280bce57b6f8d42a
SHA1 a3f4d3c078d034d0277922154b6dab496c32db0e
SHA256 2826b836b9f1b0fd025e5b39c75d12de513bc74f35f46911da4fefb1c591334f
SHA512 706ea4222154ddcbd4fdf283e3f2cd35f70c7fa4875c16ac24e03102b76bebb16aea331655362d4e0bf47c3cfbe5d47151a89fe1ac812bfe576e11f8cf793c3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5afd3c08c1083428658631dc1ac8bb02
SHA1 8788277db3e12ff11398b27d484d0e32cd70fb38
SHA256 f546f06cf316d262fad6020d17f30d15a4fce7a9929ac2d50ba3b422c27fabd7
SHA512 cdfefe84d33f89038de2062a81615e86206afe38ae5a2cc1aa37d9946f03ec2c8035c5d9081e3e1f5573522eca396a01164ae244fce1fa3ba2ee8adb72c0771e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 28c70872521226a4f7762b16a4e3ceb4
SHA1 09c1f8a907d92346742421f05aee4fcd590706e9
SHA256 d61de43a6a3804d574cebfebee3eb6510900e1a2ebd6a0f6dfad70d4f66812ab
SHA512 64d0c3a106e84674e1439a1f6da038b6b3b081f3c92a5e23e6e92b8a7d56dc51bddd3550232b7fa001b46a45f169b117c131e95a4308240f3db0208ef11c3eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 8a21e4e207626aa28c97fcfab0ea187b
SHA1 d8dac932b53ff7a6dff7b02ab04d5fc629eb037c
SHA256 e19e3ebca9e13d53f40bff9a598684d8ae59917e06bcb009b2e24171effddf51
SHA512 a96f54e2c0eaf80cd47b8e57fcf5629b125a70091afe47268c4eb3ee5c9f631d821edc6a876ef337444abf330b40cfa080ce5e5fff5999fedcff60ee00b53d11

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDBAUW7S\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 4605dfffa83473e15a6e51efb870d85a
SHA1 9e694f224a8645d9fe66fcfcbafee9ec708a9e24
SHA256 3d19305dded9ea95040ce9a496513c9521671accf9a7bd931cf3cbcfd63bfd26
SHA512 068cfe5cc470c1831d3c40dbc3cc7a3a6263cda9475e7a5172da94145b13a5c7497ff7322d458a8096029f46160427d8744a300d6bf7693c4594ae87b39fcca1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IBNAAJG1.txt

MD5 7c4519942faf190b2ff55f715a594224
SHA1 a654eedbc0bc12206dabebd71f1cd9c959046c4b
SHA256 93d71bd0a5f843b9886ec57c4b417ba62885f0ae1f9b8f89a99f70d0ad15e2f7
SHA512 bdeded990f277239b1757cdd6ea8ed6cf10fd8e681a646545627baa0d38a06090005d8ad208f3c21dc152a09bbc0d0f5ffacbf4be1960e79968f38361ea99d37

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 280cfe891c5e1fea6c7a2c5d299919d1
SHA1 e1461bfcf1f30c457ec370865590da1ee3509c5f
SHA256 289ceb7765474b50f41f14436688c6df18a39cc66c456042d42ce37bc8b7c48d
SHA512 18d5563c0dabea4c4f42646d3360da26d4620796fe79df32e655d2c781c540418c4018bfe5eddba5036d11461080d4e123f7e315987ff8e374734fbaf2c617c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 92df98879ced9900e1b5d218ea1295a7
SHA1 6cc5e966267dcf5f210f81a4e21b5278b48c2fea
SHA256 ae80aea27161a71733146e094d7f357945794ddaad637a3d3b04786d18db5cfe
SHA512 5a488b9159673f3b01184f1aabf743ab5ab480a69e4f4b859aae3ad5b782228b6af3553ed85320a45413e1af3bee99f70d071787818059f6909beed3293bdf3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12LDPUW5\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 71fac9f2be731468e3f6fcf84143476d
SHA1 545ec43a55fd530a3c0230a74beb21c782dc6d65
SHA256 c85d0ef2aae41aebd99d3a239be03f3ef848c00365dedce13d7ae0c6fae829bf
SHA512 f722337c667e3cfbad6ef35a2d022fcea2f221dc0ad676f2cf6753a87f27e0f87ce5b0dbc4dd8f2bc8b1d3619e2ae69a11ef368b0b9eae4e7a0aaa2edd945306

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a3d4c8931d10216c76e6fe0b143c8a2
SHA1 7bb3186ac8c19e772ebc0d6ed3af354e57072117
SHA256 a3108fd5740505a3e47d5bde5481f50d07b778550c2b7b151f290eb9423d42f6
SHA512 6f5106467a20b16110df2496e3c58c98719fefa5100f84e962f6c501fb4fa7640ca8b162fb24e3575f1438994c1621ab557b2ec85a7cffb1ec598e0df6a0cef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba21a8e078dcff255c8318c414627f1d
SHA1 6eec3672cc2670a1def2158636c103574afd8e5c
SHA256 e8c534a12275a035a2bfbaca21a7835ba1ee8e2afbe9a4a085b24e6f2bea5c55
SHA512 276b152b811d8eecb8c7a6d821e80fbca89996e640426081eb01e70649545677b7b28cbb14e8929d76d5e1edbb756d8b124bcfd2e74fed214a273e73e4935a04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6049c9aa54a3112edbbfa7a3c19d3b03
SHA1 d969f45938b2f50364b4fcc167cc701ad55e61be
SHA256 54799dabd8c90f66ee603d1d0135de21180e4a7767ac5c5f5da15c8439b3167c
SHA512 856167fe25524f26d8ed8b1ec9e12fd3e93c2512e27b3af7124c92e03f9f4f7895fb24c7e2e23e1299e0b8586e8d684760597cd16d073a4d4c0557f6664e0151

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2d91a284b100eb814c9c4c07afe567f
SHA1 b8de43f3fe4eb188c46c020a6084e510ccb6b541
SHA256 4b2db0ae9a6803f8f54a144775bc614b8fdae7bd6bf0a8d1397fee40fd69c6cb
SHA512 06f301671fcaa6427c594d8e72aaa592738942dbfb136073ee723ad2bca999f03ad4789b72e76c31fd5d213494c437f2defa96cc8c787cda9d10fc46a8a87c4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d56fc1c2666633e463e9c075efdf43a
SHA1 c2fffb17550ae037225c97c6716cac3b092cb8ca
SHA256 172a86140989cc98c29322de85cc988a19f2b82e1001073efafdf99c1ba7dbd0
SHA512 e11bd88abadd8a16ddb80eed3d96196d1bd5660c45ff78940f3b0d23a8bb1652df25a51cc7d919f4f01fc485ec71cedd463e889be2119a06cef2e7177160ca5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec82de3ecb4019e42af3bde266d099aa
SHA1 ac5c013160889dbaaadd7a70349a5d6bdf1efc96
SHA256 3fe8172a124252921a8648857b6113e568f2bbd6be5f9f9f898538ad31362d8d
SHA512 938d9fb06df77befdffb38e0619b91a4bae72458983a03c11c94a75d48311bf454a46214c37c05d21412824e7931fddb606329eb8c36a981e33dfb4432f2c755

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bb4b88fa872066cc66b9d1a3a4801d9e
SHA1 1c522f76d2f971cdde15649de48e484200dd3dcc
SHA256 4c8a9912274af70dbe819734fe22269265e0410e831f0cd916bd88b0e91ac175
SHA512 5c36c7c2fe76ea5b35a61c11e22f7d9ca9ca0249c78337eab33dc543fe961e5c7b7fa58038af72cb791b9ff11bd85a07dc7fae991c47cdde2abb1bfe8d1a3c31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 648e159f85d2c04ca44a60b646176b18
SHA1 13c54e593407e6bd39ee6ef07b4cad95dedfab71
SHA256 73fd24917f29bcab22b7d45b68a550773e482eaede92c4ed4fbae6e157ca593b
SHA512 923169071df9b25d5e488c7fdc4114cc05369b923bf04976d76bb4d2006ef11478fa0c70c3a160c7c66c761a305d52afe730b88cc216376d8ab782a5ab855889

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11c41ae8716e750c35aa307a2e25deec
SHA1 e8fb907a8a8a4e557e0288ac13c111a8c7a47d61
SHA256 ffe9db80b4bc70e72db62bb2a41e3f34442f0eb2ae9c6474ff3ec585bdcae9a8
SHA512 7f19a8e39b6b7309b3c78524aa074a758b2d1cbaf8b20194c6548f5b7a8e26b1c281d1923ba642bde3af99c2d4fb05bf34e1c73a322bfbc3def20155c970857b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 849602bd536052ab56420482bf7b5613
SHA1 802018d86c8dc9f1e90333f83cca14a517961529
SHA256 93a50a7d825d3a84efe0ae703e30b3812c407d18cad157b1a469ea01ea5f7973
SHA512 914a5d7e67278e491c3b20459c78d9548205f591604c6b4824845825ea2434c828df54e4df73f1083cb21380bcbc0bcf244ad524eb6b6cfe4549edb52a913df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDBAUW7S\favicon[2].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2268-945-0x0000000000680000-0x0000000000681000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc224701d3988dd5549f5d4adbf10fe4
SHA1 bf7837f102c82b785f087208d907c86f3de96bb4
SHA256 ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21
SHA512 da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1832_CZYXTRRCVZLWWOFZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7970d0f6ebd7d3c0b058a22c96d319e8
SHA1 463a1e237711b820689cba0e59c4d9f7337e75ed
SHA256 b34dd7f420b55e112bc23454000a2f974fb61b730ea4f3ef05e12c0d73bede80
SHA512 88129d804655a8056b5b97debd1f71415e6e6059047611f6c95d3dad58b96ff68ccca5bd362536b086e7f6ecacffd8163679474aeeef634b25f29ffe9a6ec9cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4e12e435-b147-4b15-bedc-ad826e6e4863.tmp

MD5 5f51474156ce45e94b14c870a1fec080
SHA1 0b0eff70bd00c926aecb9c0083fd0c4da3a51907
SHA256 8efd995abc731203520b46fab7730ccd05dab99e16010a55c1a298fd99f3be9b
SHA512 944fb1700ec6b3574c56ee88d13ff6bd5f15920321c6fe25503618c6b127e99aecac6a2f9c7f9106424b8726d986a9c400d4d11429c1816f07ba7f9927f8b5ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 23cf92fb1e414734b1a7f6ef463de3e9
SHA1 c9e41ff93efbd0ad143d479afef509eae788c764
SHA256 9ed4fee27de0b421dcf6ef2e0a8c29fdf819539b81e66f896c58b44366985002
SHA512 8986c8b9d64a5873a39e160aa8ac75cdb8c034e08afb161b32e6e6d211fa28e678e1315b90167c6a965bab1591d684f3d5183b05f93f19b4b0b6d7d4e352c1ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\ed36f3fc-a27b-43ee-8ac3-f9cf77292c9b

MD5 0a9a84df05616e67f49a66ba628abb5c
SHA1 0c9db007570ef9cf81253cc0b741adfbbdd4394b
SHA256 87eae13c3b0ea9ac6610c7411b79bf07f6a7f43222029130ad70e7b245cfa3ea
SHA512 e347249230a98e053e5911b8185082d0496c721173941df288774398846b4af61d47cc923a91be1d47c1e692b158ae1067c5a9da1e116ccff48c8b04e182d2f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\92b44ebc-4a82-4017-870d-7c6350bc2806

MD5 ae91c0c833b442ba7b82199b3c061244
SHA1 f00bc81ad94dfaed408a90244662eebc85cafe90
SHA256 11fd4ecad5e70ddaae74c735bab42b8dc930048f0fb22acee557af2e8792a1d4
SHA512 403ead492bbc0332f83411b3a0ef724152e24014f5d62166a4f6bb5c6292d34308aa23fdc290bbdf05ca18d1b36583c99e1e481535f473cc6bf670e69809def6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6bf73eb9cabc188845275ad8226cc23e
SHA1 aea9c7baad49f33538bfe2d17eabd574810532f6
SHA256 58d6e388be0053af03d67f4a6df943120c69dffc2c689fcf18209170057eb773
SHA512 53dc1b8435e0e04fa758d4e1c6230e8a5c200790915bd56bad6a2053a9cd787e349f4142f28df0bdad3c25b7a57157116b7f50da50f8b4a01a6cf2414ccb0413

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 525c169052301cd9c503ac6c258af9c5
SHA1 d44a4269c88ecf6e2aadd2fa141cb257bff7dab9
SHA256 e4432e50d2821633dc4550e42f527a9150bf0e25d62319b0935646ae1237d5a4
SHA512 fada7e8c00a87fc0ca29274845a4da7c60595046d7792b546b9e46f300e9fbc0455e28aad300af865e7875c7bce6f1395e38a4fd0645a83e2ca378ab4eee1670

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 f8603b1d59ff31e30031f8a4c6cb1f1c
SHA1 31ceac34300c3026d6258d1aaf9a7542110ce2dd
SHA256 ef4c5f7f6c0e0f43886bf92d6a41614101ed294a7644511f08452594d4b4a66c
SHA512 49576b4929fa3e03dd47a5694d7011c8a188e1913cfd5b4c12db4018857ac118307616fe3bbb2d223e96a9962b184e1d991e3567b440e917aac3af1353ba623d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0538072a253bca261c6bc3d431bb8dc3
SHA1 137ec923fa75de78755b6fb7339f6776254d32c5
SHA256 69309ffdde803301edde4da099394e8b197f5ea33188dd0e114507c283317faa
SHA512 cd0ce7fdc22a9cef9a3808e4c3758f2a08b0ba8efd6198d036858bedc8720ebcffab0b8c87afd3a68525a379664a2b3465de7fb683fff0a5033022bb2c95c15a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\B244729BC80B4AC34542A2CF7ABB28C54E8B5AC9

MD5 bd6f4a31c95dc48526f2b6f220312adf
SHA1 7020ad88fe09e2ea958ace20c14c36f651f375ad
SHA256 02efea1a8201c47a47d83a5282ca87846f79ee0de27ae0bebde9c672335bfb39
SHA512 5758387df8b541e57880249c84c79ec08ce0e0036632d42e4a557bba9744f6f17617048f6b83cd0ba0604508c540e8f87d79acac6beee4e9f0e1c8a46e0420c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 21aa2faba4597449eebfe19b5592662b
SHA1 674e5c484aeffae2423bd1d3182716114349798d
SHA256 4520b916c0c7351b81466d81bef9d426d2e32248e01b41c1ae5c082b709760e3
SHA512 438782ba3636dd42b37a5242f862dff3cba8ccde1840af7ed192df394292f192897747b1ab5a1d165af685076db4414146724c710827ea4dc2b52705e01269fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 59a1e5b56c4ceb808f43595f60b5c136
SHA1 7eeb5f8a27f688404966860598baa562c8016994
SHA256 4d0f0af23c8de3870551dc5c2a44cfec9c6207e1038c7bdad26cec058dd40856
SHA512 5d9df825e91b86ba8fd982a0c3e78e99dc2dbbbbcd9b62ce8fcbf7a7c285ba6f468c6fdad3dd1ebc01027b1b096ef560a9d5d21bd2d60b86dd38ac3a51c19a7b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 58a07d3494169e4e0f47cc743cf9ea04
SHA1 0dda4b85d259431133527e1b938abb64b756fa47
SHA256 125e46ad3a0dd3c91989558f89f5e9f69b22e11bebab6182a338f880293cd869
SHA512 6a02c5c9a10b21fc5ba72487392854251afece6d1ffb325b6b33e5c649622b2bfb2996b3115f40bec56d44af377601c544a0fa47c470c36797e04523b6d76145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 437af61bad5caf5af01c1b3804586b61
SHA1 c74f378d76ed11c7ed4ce7201b335122aeb23bd6
SHA256 c0cd4299b7c7df185121770399ae0483a8fbf42b8064ec1b292d40ea5bf2a34d
SHA512 2f6ec2a280285d379949d4f366fd15dd6d5293ecb8c5d113946783ca634e5161ac8d6eed12e4fc3887e204a210cdb9b9aadae929793c70ba0565017b1415de1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 d644ddc7e9a237397fb67a8d50d6515a
SHA1 5eaf465b59efd95304fe1b94521963d5bb914a03
SHA256 920fa02c6498f5c921381b94c74022f9e2e298d37fe96b662e5d1ebd18c7bbf0
SHA512 fea69a7cdde52b3888fedbdb99c385e0cb5550f9617a6b444ea9332b458f8841d80e477ee524e56e3cb2ebd7c705c0bcf2b3e3dc278532e1a968c9f13115fa53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 069bd5a110a51e0c50395bd4ba838589
SHA1 11d7654037323d78c5b4be238599ababe5177c5f
SHA256 3dd511508c8c450dc6931a6500eb16756446140eaf557920be90bc1c65257e40
SHA512 444fdd5c6bcad6e56b246fce721f05b1dd874f88a2416c845a9c0c5e65726aeb7fcb820941f63fa3ff7a77c49f1fd28213fd0b7e2858c15f54e9ddfef340a274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 314516c2c8e1e36e57dcaf7de0aec0d2
SHA1 7772b08d848597511cba5be914c23d65b1a683a2
SHA256 dedc6550a5e53d8a6de195c36585aec6c61e928b43c551d7a8cde4e503fc0c19
SHA512 aa7fcd17f5376538733b61e19ade296128ddf141cb41ef2ad431e3f2e8998aa57114e451a882e3710096fce06ae1d9a444d5b310d4a448bdd9a3fb49b1cc29d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71330ede286340101c880fe514117fb8
SHA1 054e129b599586de5802f94661db0a2d33c8864a
SHA256 35e6b023f79d34f83b32d1e50ad09ba1032807908371b05173138f555a07a74f
SHA512 5115e1fccc5928b41f7fa1b6a3447f464df1d25a5efe5ccd9a0baf5c8d0129b07b20bcc90ec5e66e7b7f455d5efc89b7da16fefdea60cf90e80f6e32a539edf3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7466bcd5ff0e39e2990dc924a25e460f
SHA1 024c536668fee7b2fe75c786e92122900246ed92
SHA256 6a8813889421b1026aad97946fd3b996d06fef8988bd3e253fda0de9f35b3309
SHA512 75f9b3a6d5090dbf3fb516cbeb1e231b2c53bcf2d314db7ed4d8f0e655fac58c9e23287ee0ed5a8bbdbcbc304d381d6cf55ca92d2e48a6be777ce0ddac368b8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77774f0e23aedbf1d3155f3abff21f61
SHA1 02a3e565d20d6bb28ad8d5d3b10b61a4831b092b
SHA256 dc2233c40a9bdf4d3c066fa3ea108f2145d5ae5089c12ebef78cef4e7d589d77
SHA512 d2974a1f3685c085b8c56d066889db58cec5aebd5ce81b555f8468b1da996f83d46429f9cd5c4980c5603b0d45d2905292f589bc0002f2040e09fe9492ad881f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c0c673c3-9a88-40ee-b4fd-90bd69b26a1f.tmp

MD5 7781999ce2894409e651e1febe9389a1
SHA1 f597601b691898fcb043e7c0cafc642585e64f30
SHA256 0812f41b7fb40adc3da16de00548ac92204a27d6af28d051cfe839bd46b359da
SHA512 6e4b1e02911a81b49500a129269f6df648980b0b024676ed332fd1756cc4f1474c1b3120fa1bdbb35942ff8b2cb74311334f51fb6944224df66af12a5c2ab375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e1e395f052db16281c5fd91a86ad951
SHA1 7a46c54a31ead3208982cab9e65e54d8e7a6d6c2
SHA256 ef461a62982bff327a922ce358eadb8cc87479485885487c825df0012df56fa2
SHA512 75b1d2e2f6010ffb287139c885d040f2db9fa0bb272772f98ada4ed7474fa0890ba920779c93190a86425e2f0afcc48cdac0c5a286f97a307d0fdf9150ca1d3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13cff65cfb721fcd2406183caad42daf
SHA1 f6c574e85b98bef20a4bce8c3b7af48373039ce4
SHA256 55f2244be45b449e4205076bd8c5a35c00f1f8cedc364df452e22e572fd7eb93
SHA512 6a42752a08b442fae16cef1b1ebdb74395b42227f8d1fe9f30b9e1b1ebffc55e53ed7d0593c37a48d23f65df4755f909a416c13e65c6bd6913cb0e189608b92f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 dc247badb918d7cb0fd70f1a64b0d846
SHA1 4b6fdba762a9e0a47a6aa62730fdd498b9cf1a21
SHA256 8cf0f53e67f88640fcf40ac048fd1bb957fec6070ac286d782a0e466fc239761
SHA512 abfa95012253c3eb6f8734fe78443c980543aaf559c5908556f7fbf8bcf25427f47f8b587f5b968d52ab581132ec47bc4f08c36caa32d85bfac89d064bfefc99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98015e1ad8ee51f5cadd77f7aa282983
SHA1 a46a199f9756f4de913cfebdba58096cb8f42920
SHA256 5f43f71b0fa785b0fa4fcaffc7e17f7d6662da1ee5758851989e2fa42ac42f2d
SHA512 0c28b7163cc5bd429f931ecb69df73ae9a5cd8b1d5686e7db1e29a6989a48462666c2414d64bdf7b230ea68e9738b96fa401ef7782581d067acf6ae6aa66c0e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3c48af03b6ca66d1a63e22855f9cb78
SHA1 f783a45db5a0a2dc5093c620cc49c7970d4f7af3
SHA256 88541731f56836dda0daef35405b0a9dd686f18c27f94f2575451adf0fa2dc24
SHA512 f852fd84777a2886970a12b79d7bf75f5a894c488a5957fb58c29f2c4379fc27fabcd8c89087bf94d6bd88a8ddaadc163cd44996ac0a21a2c1ad25b847cc1b83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 176b61e042ccffae1c057811c0d422a0
SHA1 2e94ffe834494315954920088360edc608262be3
SHA256 415ee68d90ad33459a62415754a16aab5fbcc40395b85b3563c57fdd06114e40
SHA512 be0fd4b216145fcaa78c87b6b7525bd3eac2e2e8d3909aa152d518b29871c99e44d92ebd33f1986f769d7aced2f6b7cd0be8d381cfc6bd9afad3a244b1857d3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36a01a802d1922a6eb2f45049c3aba92
SHA1 803b102d15c1903f3785ca173ba3007502a398b3
SHA256 664b113fa7ef8d5012744a9545e79299e504c48ca6bf40b886a65d31f07c3a50
SHA512 4d9054d7d7334b490d5652d93dc139c4249ca82db7279e8300e816d3048a7fa2c747ca06be02556ba7f0a6219c94461f5b44a3373d5b9afdccf31b630a664219

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-07 21:36

Reported

2024-02-07 21:39

Platform

win10v2004-20231222-en

Max time kernel

6s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 556 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1228 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1228 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 4388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4028 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4028 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 556 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 556 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 556 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 556 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2776 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 556 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 556 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe

"C:\Users\Admin\AppData\Local\Temp\c80c6fb5e6c5f41d286d0354de36cac15f2ca3e8e1f41dd695ae40f4aeac4c07.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb09446f8,0x7ffcb0944708,0x7ffcb0944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb09446f8,0x7ffcb0944708,0x7ffcb0944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb09446f8,0x7ffcb0944708,0x7ffcb0944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcb09446f8,0x7ffcb0944708,0x7ffcb0944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb09446f8,0x7ffcb0944708,0x7ffcb0944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb09446f8,0x7ffcb0944708,0x7ffcb0944718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcb07e9758,0x7ffcb07e9768,0x7ffcb07e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb07e9758,0x7ffcb07e9768,0x7ffcb07e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb07e9758,0x7ffcb07e9768,0x7ffcb07e9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,7114204857699809355,5519609181952725069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,7114204857699809355,5519609181952725069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14346258685503824621,5226130875411764856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.0.25748646\1898520367" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e71671a-222e-4589-827b-f6a13da0ae0b} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 1828 21db6ad8358 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14070634761051219363,10737264069743425454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14593173708640947378,8543869972098330330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,11403448187245421114,3363936766409474272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.1.2122972564\1694760569" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ee94c7c-e7cc-4cf9-9a93-16fa4ae64a9a} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 2364 21daaddd958 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.2.1747162674\1036400289" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2800 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b11bdf5f-aca9-4fcb-adec-a4cb3782fae6} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3048 21dba3f9558 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.3.156904185\190414037" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c36130-ee97-4153-806c-88ba6c4201fa} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3540 21dbbb71f58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=576 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2012,i,13720574013306824082,3214926121034432387,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3864 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3812 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.4.1282437093\1764900385" -childID 3 -isForBrowser -prefsHandle 4948 -prefMapHandle 4884 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5578e089-3639-4420-9488-8bc8c0a90e69} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 4900 21dbd38a158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.6.526396558\131513456" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 5220 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b303bd88-91c6-49ab-9cd7-1a4c6cc75803} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5340 21dbd5e9758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.5.1172252333\1362260442" -childID 4 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8a1643d-f903-4fe0-8b9c-b8c1644bd21f} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5124 21dbd38b958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4884 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1980,i,18439509067104792488,8527786772781941608,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.8.1520090363\2104730142" -childID 7 -isForBrowser -prefsHandle 5780 -prefMapHandle 5776 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11f4ce53-140f-4d16-9093-56a1bb5cd71c} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5788 21dbe49fe58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.7.701841888\144150269" -childID 6 -isForBrowser -prefsHandle 5556 -prefMapHandle 5188 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bf32629-37ab-4bcc-919d-355f91669aae} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5364 21dbe4a0d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1980,i,18439509067104792488,8527786772781941608,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1352 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=2012,i,13720574013306824082,3214926121034432387,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:8

C:\Windows\System32\WaaSMedicAgent.exe

C:\Windows\System32\WaaSMedicAgent.exe 5365d3527253e6ac1265b99346c6644a JxN0PTbQCUKlWoWCoEf99w.0.1.0.0.0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3240 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17320456465645171474,5606793723671301966,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=856 --field-trial-handle=1896,i,16644553212890962185,11497802228023625341,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.196.35:443 www.facebook.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 85.160.77.104.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 www3.l.google.com tcp
GB 157.240.214.11:443 tcp
GB 157.240.214.11:443 tcp
GB 163.70.151.21:443 tcp
GB 163.70.151.21:443 tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
N/A 127.0.0.1:57953 tcp
N/A 127.0.0.1:58850 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8a1d28b5eda8ec0917a7e1796d3aa193
SHA1 5604a535bf3e5492b9bf3ade78ca7d463a4bfdb2
SHA256 dfaf6313fd293f6013f58fb6790fd38ca2f04931403267b7a6aef7bfa81d50bb
SHA512 51b5bec82ff9ffb45fee5c9dd1d51559c351253489ea83a66e290459975d8ca899cde4f3bb5afbaa7a3f0b169f87a7514d8df88baaeec5bd72d190fd6d3e041b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1386433ecc349475d39fb1e4f9e149a0
SHA1 f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256 a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512 fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

\??\pipe\LOCAL\crashpad_4904_UQQXUXOMDWXBOQQV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a43c5442720748bc3520106b9b6d4737
SHA1 3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab
SHA256 0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c
SHA512 9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a361cc8579a3a0d50d25b0bdcf2a8b99
SHA1 4d93471b9a2692cfbabc06d7c7e6b3a0e9d70443
SHA256 556aeb7537a81c59e172544351aae6ee9d12fc13c0eec5340f8e4c1c64ee71a1
SHA512 facaeb14a206b73920d800660b6e35543754a7f65fe087f4d983c4f760b8b389223dd06c64b636bba34192d0762b9bc730d695733a435a14935e3a82ff52c360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f808a27f9e595b061e14b86679c020c0
SHA1 f1b9608b1606cebf1c0381d253fe597909913580
SHA256 b5b25937bc046484c51b52411d5c9ce9b2b74170667997ad045b8b1052d3fbe3
SHA512 a70844cddc275d0c5e1dad2932fa54c147eb48accd259c8b59f65d9dfe4fe4f415baa51271e2382f842675c5d89221575e972202296a6f57d1c05be33c405f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97222305b0174e18513b73572f30d89a
SHA1 98a39d8cb434bd6e9d6766228011242edf1c1149
SHA256 a1dd31dadb951ac01e5d16b241ad45187334aa2dc42ad75f271a8d6b3811f184
SHA512 04ea7bfcc1066df0ab4cf2b6ffc59653ff254e84a09a3e15140a978c23a4a555e1db15c41c42962c38fddf1ad71b7dd39e97e42b6363e121da2aeba6af795f7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4025248e1d822e4ef5130213c863b345
SHA1 7e33ac790cedfe99c3821c3540ba83a419a3f785
SHA256 69cc899a770f4e4619275f38406be852e0ba92d51295b04b3b45a336bc040857
SHA512 52a462db55723a06dba5a227ab6d87552985c796451860454351c1cbe7ace926b0a372128622f30d456e524ff0706bfa751c566b963fe993968088595b55f0d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 245ead2d73cb1d5144f083e010005571
SHA1 d3e41c09a0b46e03bc78e82eded91074a41c1b97
SHA256 340fe99c50ac9c818767fc0555a597f2cb7e7f815dbbd77c736586246ef3094b
SHA512 94c5b333b86efc614f8df0c92b207d2bff02ac02cf8f38d39fac7e1bf410e64c1447b48fe7baceb0c0068b300aed6ff976483f0dfaf60d9558ddd6e94c7a2527

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 398bdef54de27dd8beff06c45cd4ddab
SHA1 87a7010b2b3c1b1bdd63f6a14ba849026b85fd80
SHA256 b81479b8b9847afcd29edb2c54ddb1b4aeaa26c082e6293e16e98dbc9484210b
SHA512 2ecfe6e5e4294e6ea89c0ec94ed113b90ca99c93c54443f99c1fe9de2bd868fe18ad62ab55ce6d5144f2c7695a7a114fa533375624521e8e6954ce1a1c9ca81c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\941f88aa-000a-4a60-94ec-49b77cff726c

MD5 474c60900ae5eebb428b33fcb13e563f
SHA1 ef9c7e15090f1e948b4417550e99c32e3ea64341
SHA256 1926dd7ff85e202d644175438dca59a1d95f2864870dea7a7830bf71d0deb11c
SHA512 f539753872d4fc17baabd8e4aee4a92e3c4b55f8d9b054dc0e8a283c2339c28e31a988dc108f3cbce2551791d26199d94dca4e5c9fff51cd5c7f1189f28446be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\d7118de5-e6ea-4392-9903-268b9c3bb8bf

MD5 afbb4143911cc5110e15af04fd4c600f
SHA1 c2abd1763213db89398c4d76fdad25f135bcd5c9
SHA256 ee28c736809b8f5bfdc7f42515b756ede7cb638beeeb76a04f0677699127e5d2
SHA512 50aab3be85fc892b55e81eab9507c7fb95d2b3524dcaea04132b247cf1dc84a9483ce06e546cd9ac50f9b801d79076298fb5b9edb5fee800cfe3ba3cc8f4b5bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

MD5 02d3007f7c4ff71b8e6464add5824573
SHA1 ed5807df1bb81c48c3aa289a1aa9223421d49062
SHA256 7fab6eb274cb6150877d217e508c559048c35624f880cbb89553607b5547a962
SHA512 3ca6abdc69976ad56c86e7244b970b0099ae4ee3e40ae0041c501093911cc9ac3eb399d65761b0d63b2893df357161519dbcabe94354760356ed2c0375b25315

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 2fa570afcb0ba0bd92789a1ac44afa3c
SHA1 91febab6289454763c63880a88e6b8bf8897c52a
SHA256 14bf969312e3151f968aa1bce5bf52695514ff7ff4213356241cb6354523cfc8
SHA512 ae06d79e8b9776968741d408bf4aa60d86988198268df2935b725a8b60f53f2e3e26a4f7a395ed8eff1501e0f4a3f652ea440b3bd8bdc809af8ea6b32d5a8a4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28acc511b4dd62cb843bf64b1c62ca59
SHA1 2806bc5fbe383a85f421ffc31dd5dad5bfc4748f
SHA256 c199947fc23a72acb7e87f22b9af6e69ba06c04cd07c1164bf9e4b8009bd55a0
SHA512 14c417d3a34c1709dc4ed88b300cd80897cc495e5d57331511e895d2ff1dfaf3ca362bd27e2cea2e07237a615f8d8d5983db5e1ec8b4ed1ad7e3920c272a887b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 01bfff7c536a8974eacb01d6a1e6f67f
SHA1 95627e2a1c26894dff2177535e79b55545a3f387
SHA256 3cb1139a5bda29b7f751043f2e31aa492556086e3e3db4184387b02cd1e7d211
SHA512 e7cb5176437856e58fe8dbd164a5fc433b91e5427439d9c97756fa44c90da4c8564bec3f3207cd99964516847f368f5516ab95cc5baa2985918fa480b62c52dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1e551f77e9ba8e4e72070809d81a6ef7
SHA1 02a60a5f8c406cc1083629b267239e7a5e955d46
SHA256 48c4e44407894516c4d7264e4ff9fca0d500dc7479d24e9fdd39794931f719f0
SHA512 5143b0228e927de946a58b7b39b42df89d64c0b9fe5d7b640b3944674fb52e2045c91fe6a42f8083f5f011c28ead0e3ba9f49d1da8165afe611b4f3e01d8e354

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

MD5 f39f82159e3b382e2fa45e26c3787095
SHA1 446638f2aeef8e43e2ddb0a2cc8ca5c73719c802
SHA256 dcbc39f93749b8ddc50359a7512e9adce197dd5ea85ff1e896ec8d4c996ec438
SHA512 1e64a146cc75cf91ec17f32eb54ab738c0b8336a1b9c77b0616ccc22ea91fccc520c4b70f3810498ee3a71d87153d077e18bbc7c3e690d2e3ceecb67e792e60a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f346c23026eec4bfc9b938f0d301fe67
SHA1 b4819f1279aa4c85805fc646eaaf3c2efd595815
SHA256 42721df3c5e5195fa5251facb7627ac1f30e8da8820aba935cfeb1b17e4c5309
SHA512 32275669a03ff56f119c6546cc22c518e9214d5aa54a49c99ddd5b97a78279b7860139be7bdae5fda51f3c8906b319c9856549de700975efb28a37e0ba09075a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 b4d663893c2b43dee09a4ff5b3dfea5d
SHA1 9103273434ec9ab09a82dd1149f2ae2a389a8156
SHA256 9fa6339713c6f263821dd5fba2be5b199c2ddeec179382d7c4ea279df11c5cf4
SHA512 8dc0b9f8445d5da715f2484e88a6496fd39096e09662e393aa7bc9faa79e0a41b1193c5e0104ca602748b506c692f02e5d8dc3b88c2e614282e5e9f8e0b2f049

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 4ce598cf32ebf67b1cac2989663325d6
SHA1 6bed2ca082384075942f2641b0e51e89a4299bcb
SHA256 0b24605b06038509be4d0b76b2f92bb8b967782898a15af123d214422c9e87e8
SHA512 71cf0f466c2e966e81b0929ca1650e427ed05a2b6716e1206c816603f119b0cb633a6bf439f8cf76c93d094a70a2d74faac74ca4828460e299e1933116769e59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 f1c735d28ebc5fcf333421c87e21eec7
SHA1 79bc932b980cfe015a0fbc5b1ad686f7ac8a32d1
SHA256 0154099a7df1b8ba0ad767e24894682d12535b351d654fa8aa197eba58a1838a
SHA512 080fc4827854b14c8c8ed048e71c8fb5c7656897a587e7ab787e120a2d4af2f12ab624f7c766a1371f312847ce41728d5626cadd6996a1680d9b4e39bfbe752d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df0fe49cd1698f83fcbbecf08857aa7f
SHA1 dc070d744ea4b93486cdf852325925a9057daa72
SHA256 f505697ce9af7a7e2b5742f273d6db19eea932be1356719fc5b7b24a3140f9c7
SHA512 a940dea819ec54cf37a446c2a91aa411615c3ff3a4c83cd2e288bb9b0d67b6fb05d199510fb13040bfaea355838176e6c024d00807114bbbd911ee41ecfa42b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 19ad2fc3c3edb2939e950734a1e99f55
SHA1 33acf3b77c704844325d4a676ebed049ed7bef3d
SHA256 6d4e6a81a6882a881cedf54d95ea7f9a591bd2020aa56a6001e44cd562268850
SHA512 34127051b3be6f0e3ea59da76d4ce376d00db098ec9eb1457b7ac7969b92f2c4832e35d980d2510753761aeb2a1f79c77052ca460384b84794f56f9ca1568ede

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 b6ff6f176951b8fbdd95f04136a8e1f5
SHA1 54883354a97769b58a1c31c14bca25b65033f815
SHA256 77a9de5733809a7115a86b6810eacadd4c398f8c9bc89be9be774ca8ad208463
SHA512 bb2fdda8a1fb313f83c53b8fc03a65682b177201ee6951946d5634d991cecd114461dc947a2684c70e265c548e58a7995ef3081ef9c8b3c2809098d6b84e11b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4f50f0962b1a3655d4f3d521076a6eff
SHA1 f12f6d0cad9d4df1e71b4ea1fe6622d8409e24f4
SHA256 cbf5954a8db701c5b458c84700a107c59abe24751f0a2cf48b4966f19cdb83fb
SHA512 746d4a95ab07c0b0b8815faf021751e2325f30482021489d634c59193ec6b50ef22d4fcdc5a591f8bb1edae90469ac155b8b70288c25c87714f936daf4b0693f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 09669771a406b60b62b161a198e46566
SHA1 59b8fd31bddaa4b535fe4c13768bca3dc023d3f0
SHA256 71ad351ad4c777c29f07da3a383b9f450f8fd390f18e6a23605d72d5c848786f
SHA512 f1391aa207abefbbf67465f0d65b01f0ec89ce5bc5e7907efd4077e24e1cd384b43c0a1bebb9360770f63eeefd9a3eec94c216f394ebc873597f9fa25d265dc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 d9ba3c801004e9d2ee9b01cb91a7b6b5
SHA1 c5b2cc80f6096dc83ba7e7cce40947c7f7b6db0c
SHA256 bade569eb5ff5e523c381fd81a3adede02c6279513ed6e87908f776d35618bf1
SHA512 1ef5c909188bf6c3f83b80b7e56f9742fb1845c92a423c1a6460e7332adab1695df3ce3946fa96361e1abcb2674a13973021b7c0b7a2b5eb5c1361add56dec05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 02ce533b44e01a3656dd78ecbf617f2e
SHA1 03508dd1347d05f64dd44a1fd55e0f81ac406258
SHA256 34aea36d44cc448b84d9ba1890f9125d52e6ee75dfbd726080c1810babecbfe9
SHA512 ea19a56ce88462196a8d5ea55fe7d006b748928b39260777b787a933af2cd53230512e77d40898285bc5d3fb87d3ead2d21500382881225272ed4eb2e3eb6a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e664066e3aa135f185ed1c194b9fa1f8
SHA1 358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA256 86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA512 58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d6d00fd3e82c7311cd8242f7f547127
SHA1 87c98e53344b1c254acf19aa37764d56cbcd5163
SHA256 6a35747c346ccf51ec302e09e341f2a27deac21677f3743373ac95e16e630e08
SHA512 33f140a62b8d84f3a9dc782924bd263047ec4ae225d9c3217a421ead67acfc3ea2c1cb974bbfc2af3a39180ec73f74a1b060b8fb7d84ff29b93a9d3a634c6ad1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 e5b06df620ab1b4de3756b4e115c7572
SHA1 0434fdfe944dec5031d1e61350e53f81ae85c6a2
SHA256 149d5f39230ee21e74db3a449705cd798eaaf032a5ead56086ff51759ffd8bfc
SHA512 11b664d4e2ebb916300f030ae0a8981f83869512185645b827bee74d86f3c882766b0fdaeb33a02158b85a5dbce7264198deb77211165bc4741d73f4dbb65fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 ddf820f3977b4a66ca54348976172cbc
SHA1 6d4d1f20f70e5a5488b7002b0e9053a7e518be73
SHA256 1d8656c5248336db462c188369901f4b0353792cff1430a81ba86a91ad03dfa6
SHA512 720bd6fa11fdf8df86bef5046c3e4fd94bc1a6a5650bcdce080df6a78f9d39396a94e73501b138f9d28b889ad29bcd518b7ebe7669ecc6cee312e50b6e2926b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 8ead488bdead432c5855020da0d8a66b
SHA1 618981efa77772eb31687344ff2034585a111559
SHA256 69dbc59f20a1e7951e073d2aa5069613739a12d33c3526ee9d4d47ee0f6a33fb
SHA512 63384d6a1ac958965631eb84af82744c6cfbe71a2982a89bb8f101b8e6f9126af6baf448093e06d922c25a68b6a6763667ad7cb4728ed5ef1550f9b5b7ebc409

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 7dd1c1fe5376c6dbbe4da12f8c30bc3e
SHA1 0251a33f6147638e88344301caaabaa7b36f9682
SHA256 79e38bc5d86489ea8b6b9f12f297e9c1b6b01a37603b30df75e0630547e9f839
SHA512 429ed63048333519b167a3e98b3df93aa87bca4046ccbf58df703217b7b776aea1319aa08a7910f6f62a545e4078c7c227b7916b1ae3bf2f61388522e7f10423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b1776fb61c59e35b44a5a4f9b302769
SHA1 18cd9c4331e09fe57811a3df54991f2b4cd17d01
SHA256 81b24585029883e1feeb9a0387b4b423c15875a4c10ae468fbcd1e5c70e64fd2
SHA512 037bae4e3b0e8d255f8b3a194e21cbe0dd80b688c4e0dc356be5ed66b59be08a1549df37c13c84bb852491d0c324b630009e59d67fb866e2894e401a43f04267

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\91327050A5D76DEDF98ADB9E359869511B7AF892

MD5 6b8c20c1de413fe32dfe0f5b9ae077e5
SHA1 9b15775f629138afcd9fb4794535b6e98cb7e50a
SHA256 c5b6c3269458bd398a61d10d2a0959a9de9c2d10931e01a48b2d087dcba0fef8
SHA512 872959a4c7c790484436b029b35fe87901ce7435ff5d202b273d8b6150bbf5b55337a6dde487be9f5bb4af86a94aaf6d12ad399ab3984f6c6d44dbc6406929e8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\19E3E649EDA06DF28A84E691244B9A32F8B84E43

MD5 e5ea15fda23ea0ea1219416fee101ed9
SHA1 3a1bde0c4a919348a4bf2819dddb7182db7dce97
SHA256 2a94fc55f08768a67be1344f2a86d0bccf99fbfc171f9d637032569d09df7a37
SHA512 86556ef797da989bc54302c9466283cbd47e2c8bc6180e33850699c117d44a4238b4a2fd35e0ee94b846cd95a42c65812f5e49b67b500f38ed3079db97452b02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 b65693482680d902651207e585d54754
SHA1 350b7500a9b255669d38a6d6ca0cf808038c7767
SHA256 4c60d0e17bfb7fe53b6f4881cb5f92def77a64ea36fc7b5c0522498f0dccbb67
SHA512 399c4c77b4bc79a08745dfabd19f2e9978099adb2af42b1fc8fa40506a9151950d972ef71c0a7e4797c3a27baaaf67f0fba75b136595dbc253cbf2e2ca378083

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 b0c5c1ef7f27177c540b6fb60497df48
SHA1 246d818afdbc952735daab5f2e840a0613eda6ad
SHA256 e6c9d7748770b84b93c4551f9b32ddd9f206d04a1e19ca541c2638368e1d2ab6
SHA512 92abfb7aa7867f807a88d6cbf934a27ee5a7f73b6de40fee569d7c7a214c7e3e7ea7cf29c2b3ed51ff6f3f2c0d25d9b456a57bdddc7467f12832a21fab692cd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 15ccea5858ec7100e61b998a0322fd0c
SHA1 c40d1c23fba86b05432caa6e11a31a0b04090acd
SHA256 5bc6dc5f5e7ae78c623bc6a5fd937919b67d41af2ccfa3bb01df968985a463ce
SHA512 1c04c3ca958331f43ce65deaf4000c3af3703e3622311035f3d940b8ef8840e63465b9a98af78ff0d3b775247760f3721876829ca4a3fe8e5376c955cdbe7008

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 c48ece6248398a3765efbe7ffac658d8
SHA1 f85ec59824398e4644abea48a94a93eca1be26f2
SHA256 953bdd9528a2914339661f547421a4386d0c729cbea0ebd5b96aabb4b798e931
SHA512 5cb36c505c01831f3b0a39c5975488712e83d95e9ccc6645ec487801f062fe11062a0c999160dcd1f0212116135e2c1ce94e29105cc69da93f7c1090432f3bfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 5564522fec18980edc0cf14a1da9cbb3
SHA1 cfe6a9594d23d1907cfafa90aa3a1ac598068e9b
SHA256 ff2d83a95d40641c2536f40c0bcb7f512fc354c06e4b0ff6e69d39b24faa9294
SHA512 f7031fdcc0b108bb7d90d98c6e4debd9a60ab197496822cf34338c8096a32ce028df4774e0189d6d0724fa60b5b0b1c9abf9422a6a26d75e9645f698d5666aff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 add676e41b69dd2fd894b24803521d6e
SHA1 34a7baab52b9c0b212e2620d0e3a4df72d941472
SHA256 3da7068fd7c949e586d754cda53980d098fa46b0b6fe5d4014d649b4ded611b3
SHA512 43762999f16c42a79a4cbd82f5d36487f13786155244becf442aa55e9861f5b1742e6b5ff444f389e524bf257cca0a93311fb1081c0c4773a3edfd34dcf2c41e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 5944eaba4087da01c31efab06692f901
SHA1 d17ce6b1331847706d92dfe076f109303e292815
SHA256 e619181abcf27d51966a6841870e0d251d1f3c35082d0b2079e993a73feb9342
SHA512 26f370ff875c17c30f5267dca52a59986efa3a9472ca002ee3e84740c91cf2069207962490cb9991d6a312d80f3efff89520fd108bd92c8062b71cc7901b2440

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\B133DDF0D8F41ADD56861F1EFD730E17B19BFBF7

MD5 3d64253ffa20e7f6e543681534fc7c5d
SHA1 38809c34146108f75078ed3bf71c8a936185dda7
SHA256 3940ea2c7ca2d83dfbc5e161f08c953549507b8aa4d77b245479e287558f070f
SHA512 6e6c6ed0abd6c085e39baa7ac4d7abc49e57d0e865b5673a3a24fd404c0af7474ccb6bd4350ca41f665342357ec210457f433ecb05222d4f1212a7b635a91297

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\CE2340AE810A716A231728C03DA77EF03F09814A

MD5 dc9e026c663604e33926def3997fe92d
SHA1 6201eede50968fedc01f68979d1c00dfac00587a
SHA256 af5611486e02d9f1ac477cea5c95febe1f95c83e8b3c9d0ad9273a3debe72014
SHA512 db3aacbe78da27897b86e7d664b610c4130a04d6a5b40461e8f6b085273993e67229a0ed2ca1bc022852d00c5750d34c86e8b6665845bef51ffe972dc4e70021

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 5ac59fa20ad6d8a999ff3ce28b991cbb
SHA1 d7ea9612fb214714e95b2df6ea57a14a9cf1d808
SHA256 273f467d31577bff91a94102fd3eb042eef382784ea204f31287ef4f84b250ff
SHA512 7269562acc2693c72bb2b9f0ea389a36cd7c019b2cc8bb7f57924cbffc2de45d01c32d3a8648d961d4f72561bfa529f7dda9d76f5d046fdd91ad9e62dc7933d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\70F9110B15BE4CA3789C4E686EFE371A84369C0A

MD5 6e89906aa6366f13e8d6e054469d55b2
SHA1 9eecf27aaa31a5e5bbc9f0a85b21ed8107871035
SHA256 df736ea514d7eb106602525ed776451df2e95602ce7f7cf779328f771c1f7641
SHA512 bf0a1068f5be75e7345b0234af0a00a074fc7a60c74155adc73788e5618afec6bd89bd5efdefc3cadd56f50da043e4320897cd00d4d2327c4b2f0f7ae0665237

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 56735d0d02f58110c95055d28ff1d75e
SHA1 e02842d5d16f0c3a1736feee8618b91458beeb7d
SHA256 d721f074953aeda94bf1cbf78ddf8e380e20b6e64276ed3c96c73c1d24ea95a4
SHA512 527a1742266acdf35d9e0d5eb511f3a9abeeef6ab94e221851bc1f096af817bdfc9df98e7569ee3689713713f72062ea8b2d8a89a9b4d185abdf0a082451e15f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 34f19fb6f85ddf70d3e183f5a4c9db91
SHA1 6340ab7ca8ca59925f7974f7680ffaddaa13fef7
SHA256 91265d725414eec5dff930db37329952a7362392d7f025b0cec15a1e204ab8d2
SHA512 a383e6ab4e8fb34d8d3d89857fed3f38483dae7f7c54441af9736fd6b76e67518cacf386a9bc54ffb9bc0f8bcddc6c601e1c517c362a7909c48e9f448abcc4dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a5c80a74fe1e3b51187d7189fe2d965
SHA1 4d6b37247c0397ef5cae6083fd6abfda099c9630
SHA256 aabedd0bff9121ed2b374ea33b2896dd18a822e1e865f368dc0d82d810234a65
SHA512 32b48824da4ea3ed134ac885465b7a25f84e6e98c84a2c633bb1252493cb009c0b4a9ad12c9a4be36ed2e682169e3d5a6f287fc07257bc83cd42e7cad534c4bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 809a97a73e739daea92a1c7fa35c69bd
SHA1 df56ac71521e308eca86b46f44087c007be6e896
SHA256 ca55b55408b55a3547e0036d56b26c3f4726c35f5cf3236bf6d2fb936aa06324
SHA512 9afdb28e870702ed7c17847c7baf6adf0a218e9cd367863eb2f37da358e7ddd29faaff1dbf58254e97ec7e5ae1a6c3767054dc5caab938dd7432793d2b7b99bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bc4b.TMP

MD5 6c8762099745bc9734c1213fcee8da00
SHA1 8405f2befec8aa9c33f7069599a277d05c34404c
SHA256 32dd9c17378a8550555163b51ce765076d5453309d93577cfc8434540ab452c1
SHA512 2b3ed4e1e891933f4f71c2e27feb26e5bbfa68ccb3009f719365a6706475348fc1f352abf8206fb99a7f1a35f3c00a5e6bd9c3ffcdaa35dc3119d4206e8b342e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 41a4ce5185d6fb038fcf5d271ff40801
SHA1 8adb33ee505e7b2e95a5bc6c82547199b908d3ed
SHA256 91b19f80140dbc21ee61debdbd442266453a47378d4c56650701fd74c8d64af9
SHA512 0317b47ddf59c4bc4434564f60fc6e3fa70797b5c9f2a54f282c20bce174b8bac573be6d7a54a62092110a53535b2705f2cfc473b9f4345e5de3a0ed1ea2d2e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 028fab682d253cc406f1070555fa6a5d
SHA1 e33178fc57e3aa9715f01e8e9f4ad53071b45fb3
SHA256 7c0a636221030baba74434496606004d5517dcf9f974a68d86368307633944a4
SHA512 f45da45fe9dd21351558302788ca705a460c84832ab1f72d8300a12f2bdb06cb20584a3df7248f6b45763d642055b5cabc3bceb8062900d71b7d56a7db82e961

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 ed41e49fae7ad95c8bd0e0829ebec931
SHA1 b7feb6cf6bd51a9b1b1d65c45dea614c1099ac9f
SHA256 c4e4a84580d42f847dbc70808a9149331e8d760d97f4f528b5ab93b68dcce3b2
SHA512 917d49216c12e90d86ea52de5577af07805aa300e8e28475b5dea8278eeba7de3c4647f91ec74b03afe7f5058fbc60e65ab779f50a5196fa4af93458e2d598bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 b3f6970ab83b9810ef5c73436a1659fe
SHA1 638c9370cbfa2d4084546e74c0009c77d9d37d7d
SHA256 777789e5ff2326104afb06a36be5be11146ab12d891f1991bad43c80a56dfeb9
SHA512 8553752433b5b9c324a82676a0675b22c51b3cdeef371cb13f082bb431c0c9fc159576c5fb9cc284f126830730221d1050fc5aa7551559ebfbb1a62391b14a3a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 95f0c3340054cc3924b2dbca599a0fea
SHA1 6630e5907febd1b70ccd852ad54e6fc01e437471
SHA256 b11aa2bc2f3e62b5d8c2b207f9604487833d7d4c4b23838a959c2ce1bb860507
SHA512 051fda00d2d2f7ae18b91474a1809e1a7c45c7331773f64cc1d7393728bbbf6aefe7f7553e834664f6887eaffda6bf322a11f46d15dcdc000c09082be383921d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 e104eac391d67047d028f145a33e5301
SHA1 baa514167b00b8f7ff60c0238e4eae98e2fde886
SHA256 f7614b8d4dbe3e9397eb5f72fb1a41d8acb6f644c54fd200b1f9c6532fae5621
SHA512 f5e5a42301b6fe64a31423fc1deae00fee946466cc8fa0e473a7c808720b68b2092dcdda3b3876111cc27d66b2da8cf4b30716d5ba4a500323775c6dae47f27a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99bfce108f48c80823f15e5719062612
SHA1 11a4765d888f5d7f9df780eb4adb8aa27ad36703
SHA256 1067b297a8fec4665bb3194905b43a2ba3a7f674da6c102ae297a06e397427c8
SHA512 9f115f628b95d495dc9d378a1c7665179589762f6b1a5717b59e88dd1ccab72a80506f21af8dc9bc8b0414b6c55f4b02644cd898d7ba8b2c17390fddb5cd6152

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c91f657c202d1d522fe628348a648fbb
SHA1 8da694e4a83ec070c139b7d3b07a50e77d84792d
SHA256 e7519b0489de54750205d9489ec069927391a174ab42e095d03903c23f5a8370
SHA512 48f8d714b6fe59c4ca1106b7a3837c12e5a313e5eaef993bb9a877ecc2a15cf95c825e6f6482b4f1c71250ea4e7bde08e9cb1f8be7644c067cfdc603a04d412e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c57a8dbabe54cf53b9cf2b4cd096c4ea
SHA1 24de3fd8e66fee2903b3582887aa154502e24cce
SHA256 c0e7a361fb98dd33a4e880d6c543fd4f1bcc8cede6314a3efd18c5cb84b016a5
SHA512 9b47cbf193a6e972eaee27b3c604c65b43fc620404132ca775453750cbe7993cb9e49fa18ba4d9251b25296345c8442ac88ac247e5711bd5641f76a26f2dd430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 91e876d7d84a13bbb36d0d27b7aa146f
SHA1 3c90079711b8f78d24e7f6662f70206eb0141bb0
SHA256 b904bdffffe1506b419b3b96cee9e245f7b6051185bd92c39e8750146670bde3
SHA512 8876631607c95453cd05d3b402b381b9fb03c3e5c769da540075634d72f2c410567511993f159eb150c73fb9a164648be94db046c98d4104c94cb6f4e7ffb771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f22874ee21dd2502cd5b98533a23f0b
SHA1 8cf3408b1dd481106e10fdc9f7070d5b44647de0
SHA256 81700e9e6317d5fa49df5cfff777e067a76d70e3f52c32e1ad1338fa800e654d
SHA512 60f258d3528129fa5e2fd9bd53fb69094936f66cb110dc870a8563500de100d0d2acfdaea1be3cb41ae78c0391ab12c64acf4219ffcec857ecff141853179bd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 92005f6b880539e915aa62560a26f793
SHA1 d5e010f61911b572058f1639ffde8e07e2260f80
SHA256 d70ea2f947baf8c13aa7c8f882da2ae4fd422b2edcbd54808d30349a39487449
SHA512 2ffdbac1e9e0d72eac52dbcd9cb6c0a6d4d436029a178c92014bd81d832e06ec23b145976297bda945699ca6c914e5c49d6c5ed63e9029ab1d74aa9c77596175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 07b15bf9e38f2cf87bcafb7deeb90b3e
SHA1 c9dc0ac291767132848b15bcbfcfd51fece579d8
SHA256 7ab91b17b3a190d0d80870b3b1f5620fc67defd66e83b0d93b2a6e105c56427a
SHA512 914e93d1654dc1bd9b25c2aa75222a5031d03363feac32d4c83766f313339fce8d43a2af214d8d3c340ad49b6acf9f054e9168aa683952116a2658cf086e185a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55bd43b714318b7ff3a97d6712845c55
SHA1 87836c2180dd751c3d818e87227e2f2d3f6371ec
SHA256 8e8183de2c201da995c4c22b1eb267b3ae1319b8d0412a84339fd8e353608c56
SHA512 47f97033cc27dce48af144a728e4c1d60fed35697f16b1c10577243fc9bb79666454e55977bddf99551ef4d8bfee95f656539a55e12bb29860e921604e08d043

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 22b36ed8f44f52f35a345c5721f37226
SHA1 d3ad2fb668a9cfde01ba29acbb950ca3d0eaa053
SHA256 0435c6bb8b4fd39e54de831af3a112343abc512de888c7cbe2f9c2a62d86766c
SHA512 f7899a41568f4b29944b77865815653745257a2c816ef5d77f08635fea4c8cd14ed92f58c56c11fcc9cf24a8617834dd301d8cafac2fe2ae1fc892210dd822a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\46fe4a5c-14db-4ca5-a286-c492276cccf4.tmp

MD5 684e1e8ea7dce2794e283492c16a2e76
SHA1 761eb91a2121e5ceb937d867821ed5b3c52ac571
SHA256 5f7ea4c9e2a49cc61843ff3bf3a108ae4280c9c3d1c7708b562237990ba7a1b6
SHA512 b7736df58c7319e097622be6803ff618f0ffef2967926d223dc9cc903c1dae0478f027c40f17c512eed47fa69c92133b72556727bfd9af0ffeb36e9a5214e9f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b47e58f23dde1fe4c96378e825334333
SHA1 591e5565346216f8470e969572ee97b20d232f93
SHA256 10c8092566a01d9449c6a301a023b74709b2f3f0af0bf99323557aae6731d135
SHA512 a3de634904b2e70d25b43b188a82297b18bee70305747b04bf1eb69f6e750bb37263859d3cc2ece97cd20993a4245010baebe4ee825cb12aebaa5d947786cfb0