Malware Analysis Report

2024-11-16 15:50

Sample ID 240207-1jtndsba88
Target e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe
SHA256 e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9

Threat Level: Known bad

The file e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-07 21:41

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-07 21:41

Reported

2024-02-07 21:43

Platform

win7-20231215-en

Max time kernel

67s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0B40F71-C601-11EE-BE47-DECE4B73D784} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f2a5760e5ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2568 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2036 wrote to memory of 2808 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2808 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2808 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2808 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2916 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2916 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2916 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2916 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2568 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 804 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 804 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 804 wrote to memory of 2196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2568 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1740 wrote to memory of 2940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2568 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2684 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe

"C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a29758,0x7fef5a29768,0x7fef5a29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5a29758,0x7fef5a29768,0x7fef5a29778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5a29758,0x7fef5a29768,0x7fef5a29778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.0.988064325\1175679854" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bc7cb58-83f2-4441-8cf6-ca64460e25ad} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 1324 f8d1b58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1284,i,4564111498188390807,7151254059830917044,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1284,i,4564111498188390807,7151254059830917044,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.1.1466466331\1998628467" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1504 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1097c556-de5e-440e-b2a3-f40707e91d52} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 1536 eaec758 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1364,i,14811822709126596503,13580577525299762553,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2084 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.2.561016670\33226545" -childID 1 -isForBrowser -prefsHandle 1848 -prefMapHandle 2188 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09360275-5ac5-4e68-a5d8-6818928ac7e4} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 2236 1a108e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2552 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1364,i,14811822709126596503,13580577525299762553,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1156 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.3.1894370423\1318504097" -childID 2 -isForBrowser -prefsHandle 660 -prefMapHandle 656 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e28baca8-209a-4ad4-b506-853f30953e30} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 2764 197f5458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3436 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.4.6624356\1078071634" -childID 3 -isForBrowser -prefsHandle 3824 -prefMapHandle 3412 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3275a8-409b-4794-afe7-09b41b41f57a} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3348 2067d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.5.319515677\2132204178" -childID 4 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb9cf64f-a46d-461f-944e-6186187cadca} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3964 2067db58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.6.1418365893\589812924" -childID 5 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51aa926b-043e-4007-a364-bda9fbb8244c} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 4128 211f3858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1464 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.7.1717894955\1810702008" -childID 6 -isForBrowser -prefsHandle 4172 -prefMapHandle 4200 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58a06bff-d12b-4627-8d9d-351aec62b284} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3728 20ac3c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.8.473757470\1293539850" -childID 7 -isForBrowser -prefsHandle 4416 -prefMapHandle 4420 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 584 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0e06ba2-def3-4461-8f1c-af8e714d455e} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 4404 20b28f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4220 --field-trial-handle=1356,i,17664488349830577509,2045939107116910601,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.206:443 youtube-ui.l.google.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
N/A 127.0.0.1:50029 tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
N/A 127.0.0.1:50053 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

memory/2568-0-0x00000000025B0000-0x00000000025B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A0B40F71-C601-11EE-BE47-DECE4B73D784}.dat

MD5 9b495c553f1c11a019b1840a50bfd34a
SHA1 bd5e09eb11b09bcee1eeb5be10b83522af05b207
SHA256 3395b98897e1203369353b0ee2d0610727fa8439f6e4f71c746209fa0c649a9c
SHA512 90444a2f5c070048bcd4ceba807e9cc4e9cf7693e1d31ece88ec64d43d627c39e2b3f1bced4b6187da9b0fc1a37a10b6e7b2203a10425a4ce023a0f40f93375c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A0B3E861-C601-11EE-BE47-DECE4B73D784}.dat

MD5 0201287342bd2005728c82a46e838f0a
SHA1 e65ce991b9cae870c11cb55950649ea0cbe53b94
SHA256 896a1a86795e0e7a3bc26da21de8474ce9e2116495c510a542081e9bcc2e0013
SHA512 6dcb9a40598631fa0c30f128b080a40862940b93041f67092fac0dff6e0609f5dcd3d7f4ceff7c3d537a8dff4268a9a2127216ed90ff59c96d0b4718cbd6e531

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A0AF25A1-C601-11EE-BE47-DECE4B73D784}.dat

MD5 7ed68626d79fa84f585f192b291b23ae
SHA1 a3cf5050faba7015cbd6b56a185b91cd85df63a4
SHA256 d1f9f7dc1322ce4fb8a005628612c6940353940eff2c1def9c17c62ec4ce13c5
SHA512 8aa16c2a8650ecd69e58dc950a216ec55d37b68710cba01d551ebb908b600f046b5061a1c60f62b55f02d5b10e15b71393aad410255447612628b4cb8be266f6

C:\Users\Admin\AppData\Local\Temp\Cab5228.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6f72b380c8a7c6722387ecad51b5be37
SHA1 924c699befd29cfaa908bb9333b47f792a0fd48c
SHA256 a5730f12dde8495e8ff590cfc850b31c809c085609f2e26f2bccef33f21c5e92
SHA512 6250dcc3023fda6cf2a633e706327a917eb7dba446298ad0678d3b1aac2cb58114b2dd8d8fe8c427353434af7c9f5b3dad46363047e506b769a5440937d9f46a

C:\Users\Admin\AppData\Local\Temp\Tar52B7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5c8a85c95610a91e6dc302e71b06e26b
SHA1 95bab71f21c7d7e8b6f5c1b977be359b931674c7
SHA256 116ad231b3f92be74cd030b233b35799b18041cc3d59e0fa52b24a87b0d2c267
SHA512 4f99638598642e6f6029a1c60006582e334bb6336e4c3a6714acb05d8d72b1df9c283359a76c5e8d9e4b1445b8e93ae7b4b8544c7e4e4ba0d6403c08972d901b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 dfa6b23f6962a8b7814cff4ac4c97ce0
SHA1 f8d2ca8108ec3a9488bd509bbc139cc697acd0d6
SHA256 5f58dd7e0bd5e3399b340a0adc2754c9fdd0fabb59e9dcf0bdcbd65adfbab37f
SHA512 bb6387f0c141002d402a34ee4db2d3607dd7846ceab3d7c46d0747aa15db60ee74aa57df9f8b66a247500fdf68b979b792ae902992d5720158d0575269c6f1d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3824f8be58f17852a68ecfa1e12ed5d6
SHA1 324f33b5fbc0253ebe1b03c993b8e8ec891f2286
SHA256 046af20de2560979e7b596d32bc940e4a01f42940578217fa003cdd3c676749b
SHA512 a94c7861387e73a7ac6c628787a0ffb930e621a83fb9ac7b0a2fb0127653bc0bcc37fd62825843a41e792e991567d5ca5ee9897fc766115c866fe9fc1b26a6f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 602a2e52fb372e9475bd2f6015091aca
SHA1 58f23a31de9b06a5d64a05577786d5f4a3e6ab6b
SHA256 6cda23e1e80886b458d3bca141215db6b8b42709211a7d6e3fddc6e232bf737b
SHA512 6ad710e25a71c0455b1d61ba1a5e130500d3162f0f28846f9f97a11f31e03c180f366960451d03e4b9b549a0e6f0e1626a7d7f829c0d10ccd9deeb4c30a478f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 99abacf3cf79e5f848b7280aa8685978
SHA1 3c433b93cb1ad5101b7e6895ea9dbdebf4006ef1
SHA256 06bcd1a0eff5411698349590bcdbceaae6354c94bd35eecd67172c37cacf8962
SHA512 7b20102df9dbe515bd5e63d4b60ec5df0d040613d6c950ee77afdedd9d5e44b0a01d69c7c044fafb73da64ddb3291713d0a28b81fe6367a9c69f2b768191f32a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3141b48fb1d54e30b8ea1e6942d26ea3
SHA1 a89f58604cab6ab5f8a70d8308df5ed132f7d226
SHA256 45998133518a5820df61d795486591959ca2abb130556e9fa04d2af6f37710cf
SHA512 3705f1e709c4da64040dfa77a44e29e2e287db865a5b8f0ed41343beaf0a2503aa21ed1a2989e9239656fecdda1286a2a375bb6cebacb52424d1c067adca7000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 2ca3a78aae52e184a686dfd32c7126c5
SHA1 fa8bdb5d684abde8637f20b481d16044ec08bd7b
SHA256 4451ca26f7a524551085dac4673820c265c254e30e093e599d90d3c735392746
SHA512 931d182ccd7297352921248953661e4f91bf6f52b76b09715d313ac134dffa1fedf2bd0ecb89807e94f4cb437a78ec7e5cfc6c88dccf0fae6c88bdf32717767c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 eb4431b24300284bcfe05bd2ab6ec619
SHA1 8033df08ab54e89eb8161629a4c0603f51c3d029
SHA256 7a705c69c385d815f231c2730c74b9504ae25455caef8185b342950052289da6
SHA512 364e898300310093859202fce3f7ffbf36dbc1bfa1d81fb2d4fd9eeb4097688cd743f3e4dc319f66e2d78d132a16c968d9414b20c982c219983db32a82fe32af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTTGCPI6\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 5542553b6ffcc9e8cee0cd585eab6914
SHA1 9fa6ec19681d5edfa6dfd1f3e5c3c9a8ac8df9e8
SHA256 d572f52efced73d49395b97e1f0b5a41f52246ed221678ca20b1a7bfc082ad66
SHA512 f6b18ce675d32d3886cbee0eb66d5c7879f49a3e4ff0bbd0cd0a74c7a618fe9d4d2baa366f3c97bccf627e5a4b0977169f52bffce31675bf71410d5a05c50d2d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QUNGE5EY.txt

MD5 702c673a82f59412c45771185ae99411
SHA1 6f48062dac19160a945d793f0eb71c766abb2d88
SHA256 6a61b345a441dd6e8a88eafbdbdd58b30211786527111b99dae14fb66c1c4513
SHA512 e092e1e512b951b40f92121cc39adfeba3bb1bfd5d5463c6246a683e081787d2c755ddce09de170e6e724bb42ac0da91aa62b6ab127f29b2b754010d848bfab6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 266305574810c8003f2f4404fac94b44
SHA1 229151f3d0ec145c608a963be23c1f1d474317ca
SHA256 7b69597ea4d31eca1ef2fdf495eba6c4ef6a431697aa5f33748d9b3857ea643c
SHA512 6fb583f0929b20e32bc6078437e68ca65256d70d21d7c5a68a5eb51e0aae4b1ad56f957bcd1c0c20b218fa8696331a4dea9bf7181b3152280299d590b32d030e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

MD5 32057dcec3eea3834aa14a8aeaf801b6
SHA1 a7a9c6a4b9848317e9af860c43561eef06e05826
SHA256 45063c5e537d018caa9fcf0bd1c6d5e7ec8126ce5313609ce3d8a0355dd23bdb
SHA512 dda2c97d32b21206620376413f4a19148e2bfec405ca00d091537cae45bf4506364dcb1796c79d25682d438e0f12a1a81dadd4e4cfb38285548f66ea273a06b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 877f4c33fff50f36f5f551e3cc96c7f1
SHA1 0d25dfb94a24ba0a1811ab37a3f5610a4e6dd86f
SHA256 837747b417d267df661f900236232c0501bafa573441125739b18d65028dee18
SHA512 d71c9068f3977fc6496256cd2601fec3582e7f344787ebcfd18563f3915a9331f7b69749629bd86917ed6db9a6a83a14cc3782d6e36f18b02550d1d190b0939a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ad597743a56ba9974f8bd348725705b
SHA1 66a8838ded903b57df2e86cae4f0ef158641fba8
SHA256 dcc9fb6e55dbfc44c9436d29c879da3ea5d8996f0b463f611f6b10843591fa9f
SHA512 6d27cd7b6f51e91cb7f2445d9a8f5464efa5fc6fc86234565fb354049556e5910a5657377cceee1da7b77f7feef17bf79b7a129ff24cfe5a893ebccf7805d523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afecce8dcd0ab717890893941585cc18
SHA1 6a041a42ce6979eba348ba0f522988605cf18b02
SHA256 28c770fb48e28eed956e2d37dca4569dcef3a86c3d7ab617d4be4edb47c7df44
SHA512 2b7b106b19e8b25927488bd45f2a1979cbde8b9586d20ada5469ea9d4a015ae5b7be54305ab2d06be17d05b1cbda5e702836f25be487b0193fa115cefb70d896

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 506d22bf3857f9539f29d7d35197de6f
SHA1 9940bc68f05507f167ad833639a46fb953beeb78
SHA256 5f2b0165ac5e439edd3b0c9a5450ca4c3a2f23bca77a672a0fdaa916b07e070f
SHA512 248303d2a457f03cd6dd4199075efadb844fa95454751ba6f8c54d509c11af8a73c9eb8c480e04de20adee9933c22299dbb5209b4d6ffd2a367f82463eb2136a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbf0fcb21dc2a95136db8262cccbcae8
SHA1 8f7b4817bdf5d2f91b0fc8f95fbf05e4f95cc1fc
SHA256 5257974eac4de805503c2eb0f0fedb0e9823787ee963d190dbd062be7c241bc2
SHA512 dce1c2532e24d2b8d0b8371068a396bf8f1b65e39218bba4f85d7fc3eb3b61fd4029f6f386eb8d3384140a811a13018ca8c87db3531b81adeb369e894a2fccfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4f4ab40ca5139b7d7a33f2425e0b5b6
SHA1 34793e01113e6f12fee19e2aacd142a1a7fdf6c9
SHA256 43d25f9ab327b2435b1fc9be9f3f417faa7e8e83da76f355342d31200176cce8
SHA512 a9b7dbfe08d198c795127ae2d6dc8e04fceedc9eb28308dd80dc9aef1593bc0f3b18596203c2070f73330633a913a10fe4587ac5a57579d5b6bbde7e1492d982

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2de52fcc92acf1259dd36804d0faa953
SHA1 31476d82521bb0eed163564198b0a2b41a8d3b2a
SHA256 d86d719471fe1eafb69f325c629a775ed860ab062898c581cb6a9eae5f07f48e
SHA512 ebc79a5cd2d28ceacd0597aa28f37e9652388c74f39abbfc12b058e5f80c6e85472a2d8947454c7f2180be0e2cef3f1f60bb1308a54159b073ba78b2507269ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85e68ba536c388dc32d72f571e5cc90f
SHA1 ead40c515082f5fda7dc127ad92dfb603e8348e3
SHA256 ed356586f8e59126b9b1687f1e8e9a3779c97f00312ef73494fcc92dfc089ee6
SHA512 475abacf84afa73612747b677664c6f8508a0c926ff6674657bf5b3fa7a8e0c78f12fe3e002d9bd69432ea0375478dd47f16ebf3fd16875150e8eb01718c9a8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e223635c86c43c9e8629dc1a001ae43e
SHA1 bd938dcc1bc1469bd8c7ba625f82422cf663127c
SHA256 dabc32a7847aa47f7a204bf8639e0c5948dcee510db5c96069bb728437655b98
SHA512 87888a3492b70b75c4afc22830b4d1da9124283bdfd87bf82869d658bba3f5fc00f9c0b7a2e8cfcf8877e457c75b0fde84379bbb6e4b071a952646c30de82b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6d2493ed40e857efb54cf5d08a01612
SHA1 12a0215fbbbacaf84d316847a6ecd79033ac1698
SHA256 a8f9c8f46fc62e6d26149ab707af04b32cf83de0b32151960a11a78913fa1a3c
SHA512 2ecbf8526aec54639db6debbbe0d182aa461a906651ef4a34ec77a001aa0e36f8e8fe3bedd0daf3720f98867a575e7f07f6c8ce0d15609f9bba623ae52faf836

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 965d55fde1ceee949624dd8aed38c4f9
SHA1 ea5740dab40d433c8bc701fdc3f48baee7112d2c
SHA256 2ba4cce3b87472376e606dfe76db4860df1d4a67d798e421cd2bf88ed23f9992
SHA512 cf3e869f598e0787588aea7aaf1fd6483b756c3533abd35d0748fd349d921a0bcd8aa04a8a1c6b26b8ed5b9fad6e6166fb931bc85387c7fa10a940157218df86

memory/2568-780-0x00000000025B0000-0x00000000025B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6992aa2d747756123be1c5b182f9ddec
SHA1 ca793310391afb6484938a731839ef59a13ded93
SHA256 89563071fb7bb4205206469f561504c6b36e764dd658eaaf8d02c0901d7dee26
SHA512 022312f898dbc857d3d9bcfec3b8661e61e46bce311ea4b885b30527c05b739fdc1b3c0a0bab6f6fc0b0d972f1dc03a7ed1027b7bf649bc6b46d7a73ccd4e864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2892_YYTPTJBECWSTOWOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2f10e36fcefc22abdadcf9a324d536a1
SHA1 a6d2fdc021f4afa501f435cc277424fde3778cb8
SHA256 fdb9d98906d0849dbe58e45ab1eef58fb37b398c80eecbc7c17556d621787e9f
SHA512 4f77ebfe2cfdfd3c084e1d6b3ef31c0b0ecb56e75ad2f94437907ae6cc10ec1dc3009dad5d2c37dd2bbabf6a258148f1654d465645868cd3e88245f6fb52e2c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\72c5348b-7109-481d-b9a5-6652cbdec2fe.tmp

MD5 90564cb19f91fdad5af081b959f347c6
SHA1 14522e0e49f1dff83035e7d4d20deebc03a87035
SHA256 cfe0419a9868adccac10a717bd05006c3ca205e0ef5511a4a5265a6a4ff30281
SHA512 eaf221cc292f9e6f4a943f5f1614afb549231016d5e2d26f1f442480b9d852f8dff05273bcda071ac50e752a92d1080e84329a619968c6fde7b0ed5e3f11e158

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\867d8ad9-5e5a-4771-82b1-f675657bb8c4

MD5 36c62ed5c7cef26f61d806e55c595549
SHA1 848bc343c44bbda592199d07b59c737f50ed5f38
SHA256 4585b3427ad8e5c9efada8c064e3f336cb513172f4659eca09f48cf652045d25
SHA512 ef6c4ea1d5561718af6e4a236b9cf3927b782c9ca5ccb125580ef8114248a95d196f768040737aa5428f9d0e2062085dedf848cd1bf4cf44bec757cd25f0725c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\db\data.safe.bin

MD5 12b4c4a798a05700d74bbf77f7bb4720
SHA1 564a72bbea109dc9b747cbfeae1a0418d54f6df8
SHA256 d6f97d986881ec6c50a3c3aa8f34d52da3665f42306c90ffea57003a083ddea5
SHA512 eca1c5735c919ec666e15198921fc26c7fa8461fc6808ee18a20d7b59cc7e18c0e422bf038074a0aeac3268e234b60a2236ce538cf7ae4faa75fa9b7894eccae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\39fe016f-3706-4635-805c-0acb15d33970

MD5 2cc00d7845bb4ff4bafdbe40a2dd2a0e
SHA1 b6e8a116c30ba1f3dfefbff9043e67fc7cc7275f
SHA256 75fd990ded98c8b2866e09281f08144ffb0f42fd3421fc8de9098ce3c8ed844b
SHA512 5c7a75b23fb2ff4c137925eb7ddc6da5e0fbe753bf24d6cf8a63aad6ffaba4d25f78dd603242b331884d2f5913cf062c8edb629a62c8065dbf98bc4de89a3315

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 42f055e712706af8dd847fff2b3bbf18
SHA1 84e83a77045fc0fd81138f163bf1b0ff42aa6883
SHA256 4a45b38b72e421ea1cdb8b03aad202323b4fa5a448b16328d81323cc5ea894d5
SHA512 f92334fa28176a26afbc920e7262e3921f304ba014e76e88e8663645c7fa7cf2136050a1a1f0527f3181a63d289ba447de5553afe891d38b659d74f9582d524a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 6fb66188e66bc6d8486405dea8413795
SHA1 d6dfb58e7316e8208b84dbf2f892e6e1d9d23333
SHA256 afcf56d836ca6872784828f65f8febfd0e7c727e893a110774e2983c4250328e
SHA512 2c2f95af94fa5b6e28acd0cf506a161012fdc23d087bd44d3ad6189c66ea36e63275d36591ec9eb8af20e2bf8cc3cc5aaddd85bc40dcdf6c9c63ef7b4fa1309b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 9c95004d15d18390c74f6adfb88e6da4
SHA1 e4ec0a54338741519b3c218b1aacca9251b8cc03
SHA256 d28a19440d6088e66cf4e65b10362c3a90ff48c938896c9cbf631889a9e3b1b0
SHA512 a45837cdd9950580a67c6c585988717a403c198ed7ffd523d9d84a8b4352530e196b2d14ff6ecf2e25764302a2353495b7bf09333227a2166273327c96ad56d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 8833ace222b15bd8ee8fa0d859c1c0b0
SHA1 94b53265a53df41029efb5d640f8c3bcd9468329
SHA256 f4af621f1529425ef7f196c3bd180b269b7884290d2c6501f9937890519f5fd6
SHA512 41494718f904b8d0f844d0f6a0b7ce190e3e5d2a9c26f2e4068b530401d996f8c9c30cc59fccc950eb2d8b222a889bbb36bab20583905d83b281aea6d8531c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 2dcd475debf528fd300cbf3d01cb858f
SHA1 cef45ed721d1bd385779c1ac868d7256c5fd234b
SHA256 33f4c7ee7a8f17ce8c046874f246cb643542008993f5960a998376fcc01b54f2
SHA512 c33de80f94ad78125fdcde9a70ac98da8d5a4ab11a4390419330fdc003f39094a79fa4a237903fa955441434b1b1058db28b676a87bb67ba530e2dc10525bc46

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 394f37cba58d254011aa12035821abe9
SHA1 402453cbd3bf6d670d8ac2d3532eb268b0f17cab
SHA256 17adc08a2e9dfcbcdb66b774148648d0f2be44e37f6422e4b3bc79cb34c54a6e
SHA512 af2c9b128283b3bed2cd3ed88cceaf9a2381b255ba3de90549aca3aa0084ebae7e805387ee3e8bce6fb99f6a388b7b3f89adc50bbdea862149fae883fedc6db0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 36d5da44395f394d30236dbe6a3b6532
SHA1 025a1d748debc8cd250e2deb0b1493ca1cd852a0
SHA256 864c059e3217656078e5ec84b63307bdcceee2311654d672a8a56ca1d0c50ea9
SHA512 5c6984879c660c3497ed144e467521ac50ccc9d415e97e589a13eed968c2b5591e52eb85c42c8cd77e7d1c585b7f7e829ff613b722cd1a94a055a7c8838c5a70

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\57054068E8F46678E1EB22204AD60C328D6D9232

MD5 c632a9b6be026db035a6964064b7768b
SHA1 f180a993bbd8b5ef80555ddb60570fdd338c4548
SHA256 0fa8440477bbca9c13b739f6d090c32b2c8e47378feddecc2c5d79c4b5b3f118
SHA512 ae62eeb8cd6cf4f0a9cd1206fcc1d1861dc67598c3c1f8f525c55d23096d1a725cb52418e6ff6418a21eb826612da7184b6c2e8fd44fd0237d79c182d7a4e90e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\DFB939E808B2A1A8FCFB7700F024E9C333925B4E

MD5 a7189e36a9fb5ce586c72d94fd00ea1b
SHA1 df060fef93b2ca1346402c7a64df057dc4c7c8cf
SHA256 9dbdf5670b4d4e97f675b2f7136c92bf4f9710d6eed28125c8af4164458e9938
SHA512 b71798138968a3641a43d14d5a7e5c2a50e353eb7b1b8baf1aac63c7d6af7d82fd4932f53b2aeb537f18d933c59f7fe1739d0a01b84b92dd0f07da827a126ea7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\B133DDF0D8F41ADD56861F1EFD730E17B19BFBF7

MD5 a3a55f3bdff37ef81ed850d6b9c67400
SHA1 5a0bd500bdeb5ff3acffe2d34f0d5321a3507fa9
SHA256 2508d0368b5fb0c8b55cb496d3a06a9595cc5657b79466596c318622b38fd4b5
SHA512 b6374cc932dff9dc1fb7aa979135a8bc5870788383a993751d03bda073c89bac9ca443fcb40069bbf820774245d710c66d9c37c732dc1cc9fdaafe0f166ff1b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\44A393E465E51794541101EF0CDDED9F07BE507E

MD5 5baa40651d8c50c91e40ae0a6eed5cdc
SHA1 24b62bc1531427afd4beddc667694fc018c63bfc
SHA256 0a4246970c9719e1c0ce9f13a46a171a7cc044f64f7c9a6987319e55eb7192c9
SHA512 aff9916a901c54f17d5a155c82aee46f1d61cda3b0a2560f8960bdbd2e5257d6a126be17b580ae7a6031e753ff566bf3748343f26921cb630dc45cf64827bd1c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\5386253589D09F6437E215B7DD9D35AC8A9667C7

MD5 dfed61aff0f20304d406995b8ec4fefd
SHA1 3c3a00c485304cc750d5bae1da60e31190fb1b41
SHA256 917de45c4feba2c7b9b50ff15556d1d0b3b8533e9bd9a218bf20411a9915bd77
SHA512 144fd47fcc6a48e72d1bdfd223cbd48b69338bb95c470dc7a64b327ab49d2c4a74fcb1196b1c979c10d4d00994ff8cbf7759a987e3b364feb4409cdd5bd5cd64

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7e57cfa32210a2f8c2d785428209d675
SHA1 e22cd126d60d076856489ddd09aa09db32f7c7cc
SHA256 98a8579f71d917329bedc674c98ee5bea233d0d18a9c3bd9838be5d299373c61
SHA512 60da2ab10f43b685a7caabba52e45778e262ba3979fa66321d035e8bc3bca03c22ec89aee789c5994121220c81ad192ec2ea4cc6ed36c96213185efecbf524b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5738760a813424410783d4dfb4200bc0
SHA1 fe3120de536b6a2c1d1ad36f5adcb5c154407aa9
SHA256 7efe584f7f32c04913b5181b670860a4ffa3a668f176b7a33a798e4b02b9dc9d
SHA512 4180e900a4396923e0bd4036e631128cb90e24e60d72ddc9480f1c10b49bce54aa5a7db30fd5d43cd0544d30b1e0d2bfc9aceadd5515994e7b57faec20b2a95e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 4448d3437ab404cc85262161aab6bf08
SHA1 db0363b154a6744db6c75fb40d74c8e0d36482ac
SHA256 66d8b13c5314357735f6b301509ceb56432dbf504a368d63e635e6d19416d2dd
SHA512 e56228b85ba40a0b872139bd5b4b190881bc27cb1d8f9d5f3b63b3fc9f12764ed51f9f3ff6af200063c8bf5c30d674c5580e2ab0d84911ff6944d9c8f36d01dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2780391c-14e4-43fd-b72d-d802ad503da0.tmp

MD5 eef680b58a24088a4ec5ec51d6a85523
SHA1 53ff4b73fc233f7b397f737c6136817fc6c7d125
SHA256 0620b1176d9577a9a323ff0dc7efe0419664be1b1115b735fb5641de561f6d97
SHA512 801e3f5e66f70d2cdec976109f77636a1904802787a9b2c9a7649b5f7375aa9891bd09abb977a64d0915362d4e387c386b65cfb974ba6cbe4fcde46eb029ba7d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 966266a69d2ef918054d54336c319291
SHA1 5ce12f9f849ed70dd456bbe569a35563389c1818
SHA256 9d6a34f6bd5eacefdeb720b5156159026bb62b19c89fad92a829cd2fe180e76d
SHA512 36f780e43c89e6799746e7509ac9bdb3b8e27af1e3994068170ad7ec7815b8ecbf3832983beaa1a6cbb7b128f913ef131dd16b033e2d0d507d7a3ff9adb16f14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f89672b296f96c593f19abcda30fff29
SHA1 a10cead12c59f9481c9b3357d6ecaced815e826b
SHA256 a9e911ecc79b498d9b2fa86a486243aa20f35ae08b760b062296da4ea4a6e4fd
SHA512 8d3cc3b734d1b76485c35a4130add61a6a6fa8220066114fdb7be59d61763292792c837155b2f50839dc304a1725412191c4998cb2db7dad9a09aa639a2cc8fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 204fa5cfc16960a225684e4341b7b177
SHA1 59663d9df6b60c39f05aeadc4dc7580e2a2b09c1
SHA256 d944d3c0f65ad68351b28806cf9a5e6324213b0d4b4b9c57637286f9dda0abc6
SHA512 829e0487904c3144de8e1ee82964c4d2fd1d5b93a7b2fee788126342d7eb503d954171b96f9039d915d542582068ae8edc715640784e0fc4faf29444ed5e37b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b699b508288f6a61a87bfa7b3f4c8510
SHA1 ffd0605b07f5e3a464860b6026c6552338cad12a
SHA256 222135d65c8d8ad1a4b37490df4474c085f03cb98307f55f6d1d7296e002acaf
SHA512 654fc13581a5b9d5be85b834058cdb7911380e1a263a2a3caf60c79f7b9b9b2d9b947bb814d637177fae7d5da9f6e688b7fd9022591768fd59cd981c8ad44364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09d2783d913076e081631fd1c0624b1e
SHA1 274fbe7b96827bb573ab687f1b6c86ff024945f6
SHA256 ee390ec26a76157063c9ea8c164fefe95ece33aa9bc10b9291cdc70e96130314
SHA512 1557346bcdbc8bc1d8a5d511121dec53b2618baccea6649131ed8400a50774c599d5a83bef579b19008b6ecc7a49a49e765fb32690630a6ad85b4a869a29f2c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

MD5 a075545c0a38f69cf871455dcf795f74
SHA1 80e2692a2f7c242d10e404350335db3f4f5d7937
SHA256 326d41d0cddb70784faa6f58afaad1de14f52c608764a63ee0f1551769207f70
SHA512 8ba2391c291b35082500e31e6ec16155ec97e0ec5c2446acbf7e21c25834bc2c12298de5ef5781620cca714f2bc234df8bf685148ac3054352917510a0e02c9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08cf1add5f72b82a36cf8c11c92071c7
SHA1 53f812e168c059d95b68f9b00b2e19526e933831
SHA256 9040b29631610d3893b1d37512dc868b5d63d09b27db724406b00dfed11f05ce
SHA512 d6875e1e8b5262d2a70328a403f2184092e5ffc29a4b6d4ad8c3ea87b3ba201715f2e4417cff6c6f693ac648a7f5d7d6fb133945ca565301a30ab54866f49e9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7058a2fdc3e67dd115d64bb3d82f2a54
SHA1 0e8a1a7db02d49fcaaf282df91d84f640aac75fe
SHA256 deaf3cf970a34f519b72212dae22c11e3a52578cae8011dc41f875f631509c3a
SHA512 9297ae28b5808c416dffc03f67cb53718233bfc0fd5d19c0fdda55baf95c2c6bdd9f7348974c1db8f68cd50e35f6bb8b8554a981178ad285248020f44662c3e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5beed9b70ac5b44cb8bf2c4e4d07d5e7
SHA1 b4fd17460985e75318d2d4e2a7900bf4adb612ae
SHA256 e78bda5f69932d07f8aa1a1e81fb15b70909cd282955c7177622385e8e9b53ef
SHA512 38ae1c42981bec6aee44bb8fa694471980edeebb797094389e3ee179271bbb90c8fdb6743f1e38bd98c95740ad27a5dddc42d9269da145fa929e557ba5354dfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4eb8fd72557f8952d5ba7ad3945e36f
SHA1 fd285c74f398361c91a64aece71a1c6c24594f5f
SHA256 dccb7c4d8d2d71cf2ae136cceb5b07694d777be3db67a65932a4a63c51d30b14
SHA512 c37c41996d35df0517a1543063d6496e9b766f3530dcb8f41b1b8d8087101cf17a31d0737e7b38f98d5705c42acfb46ad27b7194fc4d6057a6aaff7229abb385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d25af7e4a9577731fee4e92c4f225bcd
SHA1 a1f10b9efd6ad3f3d59a41f0c6e433a96ec28ac3
SHA256 c27e1ffdfbb69f4baa4b3d1b24f134759c01089da41fae8547afbb900c7fac0a
SHA512 4f2bddbc60135d411058dd7248eed4a2b469f44757496f43d00253a5d2333f67c2ee13175351056950c61782d9f8523fc036e9c24f0b09fbe17c15a3f7fbbed0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 04ca16f04219ab9c7a4bb4a3330b8738
SHA1 a9cda3e6434fc88b2b5f3ea1ff840d2f35ba17cd
SHA256 32a4983ffcfdd33b30bfa7c8dfbbfbcc7f043ba1146d595a5cf7c95388e1fc71
SHA512 2da212f835c7dd0be25cc7a187f837dd98b11d939588e81d265a72ea8a49debc98ce4f64f29ddf9d95dbc2381af47cd94d98d3624245128da55a7f510bd01bf9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 ed0b71316b432c9404b899b70d64a5d8
SHA1 22a60fc9d3f4dd74337008ddf95dae9291a0cc9e
SHA256 4a0fb72a09faf5915bb496a8a32c93d76e6a85b5aa4b00657247abd58e326c86
SHA512 6d6fff547b6a786053a710cb05b8b37f06dc3e23daa63d0c38f01f061680368f5a35236bca7040b1855694d992b27de9bf7c0221ed94be4794a2a1f28509ae57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ec9b9d4260a4ab76592c9ef17b58173
SHA1 eb860a8117126a9d165a2ef6240adb3b40dd1ae2
SHA256 d2f760f1dbb4679c90be73fcecbf6d5b9216c5a3d136b68235d9f9a7d0ac3d04
SHA512 29e1ba8ba04a8384152b1530a432f9026a234d6a888512ab986e8c942426416ed7765446a73faaf6bae24b89ab9821f8d242042483d2d81333b70dc66f430852

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f72434bdeec6653c6f1d6ab4d661a229
SHA1 c969b38107210ada5efb0c66405096f5790fdfd3
SHA256 c3becdd5dac1d3b9255a92b8e673630ccb494978f055d15b9c31d4e47b10f939
SHA512 bddc965e953a4b151e4031aad82c110da0ffe6cecdbcd0b7778af276b6e8bc1eed05e613b13bfbe7127b1c0427ff4987dd642cbecc82049ff85ed164e0d4f5fa

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-07 21:41

Reported

2024-02-07 21:43

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{F8D33F43-F22C-4916-859A-A343DAF62B90} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4036 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2708 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2708 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3508 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3508 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3964 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3964 wrote to memory of 5032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1716 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1716 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3408 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1792 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1792 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4916 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2224 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4036 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3788 wrote to memory of 3224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4036 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4036 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 836 wrote to memory of 2760 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4036 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4036 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe

"C:\Users\Admin\AppData\Local\Temp\e434fdd3d5a73d94901f8e4d8f7ca94824ff0d4c95c7a406f85caa504a8be1a9.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c2446f8,0x7ff90c244708,0x7ff90c244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff90c2446f8,0x7ff90c244708,0x7ff90c244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c2446f8,0x7ff90c244708,0x7ff90c244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c2446f8,0x7ff90c244708,0x7ff90c244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90c2446f8,0x7ff90c244708,0x7ff90c244718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90c2446f8,0x7ff90c244708,0x7ff90c244718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd499758,0x7ff8fd499768,0x7ff8fd499778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd499758,0x7ff8fd499768,0x7ff8fd499778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fd499758,0x7ff8fd499768,0x7ff8fd499778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15590145592731970603,11834818703142326162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15590145592731970603,11834818703142326162,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.0.877946158\889351322" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21976a2e-0ebc-40b4-9497-7e007dcb68bc} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 1792 14b0dad6e58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11241732320055842670,8852363460285800584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11241732320055842670,8852363460285800584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,3207285786010755503,17050320333832537882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6131070918262984432,783084489766218614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,12495650643916321338,14914656779270197873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.1.1360488998\1454370978" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaf9ffce-b206-4149-8359-682dfef5300b} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 2452 14b0d239b58 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.2.398046078\972785215" -childID 1 -isForBrowser -prefsHandle 3388 -prefMapHandle 3384 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f911ecab-b7bc-423f-ab24-8a8b024c1f52} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 3580 14b11438c58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4144 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.5.722253978\1298388330" -childID 4 -isForBrowser -prefsHandle 3872 -prefMapHandle 3876 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6bf7940-7377-4f0c-9f8e-e99cc9613cd5} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 3864 14b11b93658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4984 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.4.32385291\2031049224" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3132 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc096066-92ae-453c-86e1-c4c24d7ab47c} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 3140 14b11b92a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.3.711260904\1205122726" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3524 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a094978c-1b47-49e3-904a-42bf70ebf24f} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 3512 14b11b91858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.6.888343041\1523953845" -childID 5 -isForBrowser -prefsHandle 3248 -prefMapHandle 4384 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0b26393-acbe-4b48-8765-a8afa6789a2c} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 4464 14b00e68a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4764 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2004,i,2459310605545045211,870760421467496204,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=2004,i,2459310605545045211,870760421467496204,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1704,i,17698732912080208781,7407918439023566206,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1704,i,17698732912080208781,7407918439023566206,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5384872820017373117,6501671464864901356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4128 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2540 --field-trial-handle=1900,i,5387375174251676839,14782076400640196459,131072 /prefetch:2

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 188.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 142.250.187.206:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:64860 tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
N/A 127.0.0.1:62197 tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 136.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
CH 216.58.215.227:443 beacons.gvt2.com tcp
CH 216.58.215.227:443 beacons.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 576c26ee6b9afa995256adb0bf1921c9
SHA1 5409d75623f25059fe79a8e86139c854c834c6a0
SHA256 188d83fc73f8001fc0eac076d6859074000c57e1e33a65c83c73b4dab185f81e
SHA512 b9dbadb0f522eedb2bf28385f3ff41476caeedc048bc02988356b336e5cf526394a04b3bca5b3397af5dde4482e2851c18eca8aeaaf417a7536e7ea7718f9043

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 011193d03a2492ca44f9a78bdfb8caa5
SHA1 71c9ead344657b55b635898851385b5de45c7604
SHA256 d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0
SHA512 239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 88979a1699fde16b4c698f9cd10ee87e
SHA1 8a61fb3cde8d379bb8a461a7be8dc2e93b5ad2f4
SHA256 d147732816cd1a5a493235680728ef3dd4fb9be1713d565f63d72c0cdbf1a898
SHA512 fe0de028e0285c3dd5c4e37be64c6a5985ead36423345de1eeb6d3f5d961a3a811e14878e9d3c42de87744be3b5ed32d07a78e78ce5b0eca4edcb6d84333e3bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_2708_HYRHDNJZOWBXVOHR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7976572a50fb7c113d56d889890daf19
SHA1 019618e190b14c9982d40e074e10715a0cba3515
SHA256 a9a3595852c58923b8abfc90f528908b2be0572acd81fc8e12899580bcd5d658
SHA512 c45dd2fdc75978303fbb5dcab1459b0184a3930f96661a70eea59689298c1c76414109d4b6826b7d70c7e12f85357f02f2f855cae65e9cee9f79eba4f423b946

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0c1bfe8cafb7194bb1dee434d7da58d
SHA1 24dddb01841d4867ce3c4bbe2473614fa572351c
SHA256 534dae8cfd12ef29930e4ea65a20a4a55da0855592e7f4d10bd9eb403e042634
SHA512 0fba20b4571c47a88d56977c7a7793d8287c5d91fb7f1fc8b04a352c274615b249120640c0c7ad49c796dcf3b44d28c1ef98dee1fff8c4279948667160fadf79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73e05743836cdfe7d1b6fe45a88330c3
SHA1 305f7fbb628747cb3644aefc8afdaa0dbaaf6d96
SHA256 a3472c43fc86ee3fed6f56a8e5575f49594528a4683a97fa17fd7e22f35ed9a6
SHA512 acd9e0b6a7ef2532c763938515e5439de4543ce11acf7c6c2a1cf1d40683a12a1c360ab680824242c3901e3b282b72cb8162d31ea201a63ba354523f9dd14825

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14c3662ba5806a43a23e0367b8386f4b
SHA1 271bf4e1f9170da2abfacb0cad39d37a296f6185
SHA256 45701fec1c276cf769fc86c754d13584323a74c02f3af555de159516ed504126
SHA512 af1790d6d29086bb8b3b6d5ba7484fddece574f3174bb1043d02449d3c750a4813fe3b61624baee1d9237698f662de70158f4bb767ce71f6ddb58a12091a9212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c709877b91801070f9f9cab8bdab9cf7
SHA1 a689d401ac9666bfbbeedd4605168e206a43a9d2
SHA256 ba2360f3c4c7be478a7556363910db8fbe0b932d11d4e4e1b57bb1287e6ba881
SHA512 435a0d7202534aed1e1892105a0226f01bfe1a564265a16af727f990c047bca549d6faab0a202d10a87492be9df1f44a30233c6797e111e55f2503e65e08dd69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 904692f443a7059f4cc4e84caaa05557
SHA1 bd2530ba9fab0b63b6e2c36502479e3603af9fcb
SHA256 d6c973032e1cd24be39f7498a271d4d22e66f9d279b7c80e4abd2202f3d527e8
SHA512 925bf2c37d2929beaa1b4e51065c247f72ed38bc80ac4a17a11b35357b36a60df922cd221e82dba9801cb7079f84b27a586119a8fcbc7ca4576e795699fad2f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c5a89250c2f438e8d59fae884851916d
SHA1 142d46d9e9e1bcd6cef227d51103da7f00d92a61
SHA256 35abdf83b1688387e75ddf96a1d9fb9848e4e95fb41057d8510047bfb04bff17
SHA512 6dd2ecdbd4e6f7ac0119c736fe4de61f4a31f8de4ea24e164295ab0bd10c4fa2d8aac3bf3824f5e857f4e15fcf8c7de4de05d85af6b5a6322f6654cc684ae02f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bc5a2435-ca21-45c0-8bd5-cd889a49817e.tmp

MD5 414c0b86e70bd6c409d429682cc91da4
SHA1 8b66dcccc252013814ef7e6da6189ed0d7d7aa1a
SHA256 9b5856026d61d4cd914df6167cea7d494b5d4639ddfcc5e8474fbcaf7a6095ed
SHA512 8b54ce547992d4abfad71d4d743b16715f5a7153bc007f0ff65e7db8dfd675f5e133049457e7148eac0f6436ec84de2c5bd42dd52106c38cffaa331a364198fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\db\data.safe.bin

MD5 24771cb38a6153960e5f2658195b31a7
SHA1 d40db0ca9298d4e3bf49d2e3c168bd0da64db365
SHA256 6e409e332dc8c42bc521f3dab06370f08c5327e7357be40f160da1275dd0e6e1
SHA512 e2c90e37ae8059cb03a6f006f3b0b9548d21b41f1e8a0cb74eaf1320b47859aa593ab4c6ccd9e0cf8f4a99a1bbf4bdda6c8164ff4d76ae213b65b660c26b74f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\8a7e8677-074a-4435-ba58-45ef62b9cbdb

MD5 f54526b36ab4a1cff9798d05834c7b53
SHA1 e0952616c28c37fec86da155ffd9eee3b0a9c0b0
SHA256 8a709c23591c0c841cda8fd92d0e7762a8bed81bda080fbb48cad83c533023f2
SHA512 90f1ece9846c4c2d6b0eed50ea3d170d6d17d1e7d1eb3bb290155d6d91d4f45d757e04bd89a62720aa0406516c3a5ff4b5d9c9ca55388bce8301f1fa95f96813

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\4d1e1ad5-f6ad-4068-80ad-5ec78962149e

MD5 ae195312f23e992a009424a70a174a1d
SHA1 2ab35b50d8c1f9b98fb3e65152562c3979430450
SHA256 abd42813625032a78dc433e96e20f20cb068023a7fb8b66baa5629b25d41b041
SHA512 da315b998dbf8a8baf42bd3ebf4d3b12469d4ebc2b883c5cbea05d26e7cc6fcc79588db0ac686219e6625e6700771189a603a10830e210018338ee8947d40ae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1bd251010f40d2f9a5248de5ec953dab
SHA1 2dff8cfcfdf1f8e14436d997340b1616740f0550
SHA256 7f51459d68c89983c9b5327a3cb9e45fc003f403f9696eb8d0e0eba62114f3af
SHA512 9cabef3298a8c9226534025a2be52fa935e69d5320deb0b1a9f8ed509b19ecbe2272f32e0ec539fc50f8bf7f6d40ae5daf6c37a2cf38ce6bdf46cf5bfb94c28d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

MD5 125495e5e3384027cdd1924f71b7a705
SHA1 d68fa5845e293b1f7fe9f759886a00ddaf60247c
SHA256 63233ae4c89b338520603c1b51cd864c011cdf22e9cea7515ea7b2ce4a2b8d80
SHA512 dc73e94b1d280b6bf7f720934bfe716de2e9b575aeb1f1f32df7081b8a941e16f8956ffa7c47f0727a60de5f28767fd3fbe91d81b591e620ef2bfad2b9ad354d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\A94BD1883256993FA9C8A5A425DA932BBF2381AF

MD5 3f7f5e8f60fb3267900d44558603db83
SHA1 374619f5e21bd9b8f4d17c519f57abc5d1d66281
SHA256 16bba00236160ad0b57ff59a5e20781c6a7903a9525bd2c5bb8bf3ccb93586d7
SHA512 1dddae8b8ff1e92c82d353f5d231ff805c76eb6ef5c9ffb761238afea8a55e58b8bd36ff732efdda3310da5cc9928dff0fb57f167ad53b6a6120505ec04771b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\F62B972AA1E120022CD72DEA32D1C3A1D2316958

MD5 2c52d6d9e8e1ed4cc7a02aeba99bf0b3
SHA1 12f9ebeeba4579c5ad575a509cbbe9c7266fc795
SHA256 a0dd2afab9bf04c7ad9b9ccba4e51506e6961e93056132628f2ac0b11d447ec5
SHA512 1566fa503ef6130387ee944017bad0cce1e9e35c7caa8ef0a7a38693b8bd962ac1ecbcb547f131420b66509979a6ccf20aebcdc95f676de5b20df542a427fbb6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\FC3D3C3348D1A09E29F8224EFE83D53EA7D5AFA5

MD5 f9cc2eec765c9e821f775606af897769
SHA1 d29630f6a1de8b68305d7930c357f928c719623c
SHA256 29e0038fe8b6cd284be1bc3cbefc66facfbfc1bb9dc8d1dad95efd7f256b5c85
SHA512 12ccdee2d2659da911597a69d6dfdd54048e7c283e689763e886f4c24a767ed19dacf46f4bc153c8d5148a24b92ca04eb34bc85790de5fa1db5437ce7bbde529

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\6DE3B287583C69153D3E33EBA0B7051F15BB81CC

MD5 2253ccdcff8f6400eda397947e7160e4
SHA1 7253bb58006e0dc75d0c266ef2cfc6851f3662ad
SHA256 5e26f769eb7193bcbd63baa6c5fb143edbd51a29406ae0ebb396432a94cc7571
SHA512 1a56a0321b18d73021df7aa8f153a9a56c9216256beeb813e4f07649aa45bf03518542e053e9d6b1f0d7ecfb0322eebeebc6adc2fad8b82ad38289b990bdd0e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\D84C5E508BEC80CE1E91251C07B589F488FE6928

MD5 6b2a426d343b845c598713b3be3c2e5e
SHA1 6b6c8163b0ae4eddc2cc05f6a1b4f82d6751ca5c
SHA256 414db111a1f42732667a123cd32d99790518ee5e46c8b8c81d7649833c57c8e5
SHA512 8175aa95beaa59ab8368c1c5d67a3fca54a1d75be411db7ca9ff863243a971071cc6b11e62b6dfc4f3aec630e486a680335225e5c081026fa85e173f257606d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\9F7AEECBEFDAFEE489974DFD64FCFD92624BE5AA

MD5 aa22ef5c01ae8222ec9aec25c3b78b7a
SHA1 0b00b289507e1e5aeefc5fc5950d9d1882d02b93
SHA256 c9629f99cb7713786d478c8ad29d0d5ed35862f4ec5d74c1f129b9734f7ce1a4
SHA512 3222c04b7af0120e4de784c51f0af0bb6117428d8631f6cdbe360fd97b1af90ab14447b3378ad4d48b1fe9582cad87f0943ed4a29dafd53394d77002b5e661f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\23483946F88D2C428992B148D3B103A9C3E4F727

MD5 8e863234fd0620b1989f1418ff89f9af
SHA1 cac61d5714282b0062b54a12743ad694a6c7c15a
SHA256 25dfb15b3127736740639ff3f2a8e481814b94dfa711fccfb9a26bb17ad8d851
SHA512 c0e7454fb3c69024c0a712eb830a94ec1754cda4bcda5f699e5852b87ff99b00ce2b3998cfd371b2b476bfaed88ff562b567fb74ec8dd4741ce73027bf85c236

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\95DFA68221F2BF4E501906CF7B5D93520D59AF77

MD5 fd85460db23c23191f0177225bb3cd66
SHA1 c8a0882b1dd530db57e7d2912cfb4a24bd2a73e0
SHA256 b42f457e92f23793bae787a971c16560eacb47733ba5ee3e43c1b92c6a345c8c
SHA512 5e6ba2a6e0f6e8a9e49e1b68349713d3cb75b66a0bb6be5aec97ec87b82eaa265f60c07153b6b8b66453649a8f3f9c745120d768120b3906e53fe129d5243318

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e773d9df64658c3410012b5173879b3c
SHA1 c8f6a2a5e13b7c57cfe46d1e06e80680fd143b52
SHA256 a412719279942b2ccdb3705f64bb9366c41853041664be6bbdcbca659ffb1964
SHA512 2faff99b0b4ce4e7775895cd133522d118e3560c607d716e5fa1c125639241a6e928812a585162e9b621d4344bff7b41a84f1b6bd3aca95e339181b94a30323a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

MD5 fbd622884b417fafa31edd3f482395eb
SHA1 ae4ca97b3a186dff44d88e96d7c054c5120275ed
SHA256 c3d9f468231c2e4df1fc61f9e553ee08dc9be5fcd3dc6a7005d5acf6ab780a09
SHA512 a52dd4ca8baa176f7f3dd52745d038d9bcd3ac25174fc765322ee8ad9ed0647999392d664f2eca2497c3d3dcd0f1be525d1ce94f2e23a0b62b3f2dd050c787cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 8907381e2b02c9ec11662633c9a76183
SHA1 3710b5617bdc8b18e61e19b6747702aee4ff3aa5
SHA256 a5022ddc5571f000b66806d98e76957aeaf0faacb580b5793807dd4cdfdff16c
SHA512 2d0b283f59e8de04dae7634d8569812b34a000d9c67538f32173e5188734f8a0f34daf7270cf523c26fe5b8f6ceb58649a0db975eeb83dd39b7f8992fb0cd041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e59ddc5f24accd82f806bb59feb9d257
SHA1 c4950614a148e716c5ea6fd22d6fa903e67bf301
SHA256 1619a0ff7d8f1fd8edf2724e91a025b7488d152a32bf647776e3ae36c8609052
SHA512 976bd6c34bbdc4c247f308aaf22ae146b9d3e5fd25aa0176c6d2068b95b0b91f7fcee46482894acc89eb33c6f1a70c11a9c741f751e8a08450dd1c6aa2567d11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44b2be389e74b26842542ab387d514a5
SHA1 2d39b9c5eeec975e9e3e00c3df6238465f9f31ad
SHA256 f91446e2682b7de9062789539724017ea682ee57910bb261fdb7284d48591e70
SHA512 0420de9328b152deffb79cdd305ef26b99ebaa4447e3e7441a8b02854b07f24df73b7451655439bf00ef8dcdb696fe51ab2e4597ff76727c386ddfead6935195

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f5b764fa779a5880b1fbe26496fe2448
SHA1 aa46339e9208e7218fb66b15e62324eb1c0722e8
SHA256 97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d
SHA512 5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54a6b2a938248768d1892d025781aa31
SHA1 d644c9a5f08c6ed4d928a968c540849bf727c042
SHA256 7d6d3247ea384250f5fdb786525ee50a63c8040f93ce1ee02983abf60038192a
SHA512 f52ff0e5ebb2f2ffb09ca4d0c1392f1c0c9d56d0d43b57c435657660db5c52103a1d78b0f2e999df5ee5caab209cffccf5f5946bf2535565de241adbdb7620f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 64afe0d1281524db0df97dbeec6a0b6f
SHA1 a911affc4b0a6b593da286cc4941c0ed8fd74e98
SHA256 0c82060ab734364cdf2680fca370e2e7aa98c6a0086c0953e4e41d7185f41b01
SHA512 b9fe2e94707b7ff941a2f9f2f1859d8fe110bdb21af911a76e0a188226f911fe1a953467eacc2fa308c60fe4b3f985ca0fa0c0c41b55a2cf19dd68077de45e58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 e404d7406b6b25ff193fc7269b92fd52
SHA1 6a02136cb3de07b970e1ba64df0b148f0df31dd6
SHA256 b40c483b6cdc7f83f646ebbf9ac45699285f8b68096f6451b99a9ea0a51ae59b
SHA512 046c1b06607619a7354391d9152d8a9b5ce990ee0b5e0587c088ea611856836d187ead6ff1289bbe663df191702e34bd7954194ce5950a6126b6f808bfd42bdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5fa53089d2bdcf30070720781e7d3f45
SHA1 fa4f1acf826a88908b635b61a60ef70f820a990c
SHA256 5f60ba08422a9b5e5457526c7146fffff438c5057dea1ee7a47be88012bb4ab6
SHA512 bf3b966d33a34535fa7e8727a0bccc018cd697274e4d4a142e9fbe670cf37a1d2ef67b496b8af79b96ba70b21f4063e4984909de467bab07d8c1a0eca76ce2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 7dd1c1fe5376c6dbbe4da12f8c30bc3e
SHA1 0251a33f6147638e88344301caaabaa7b36f9682
SHA256 79e38bc5d86489ea8b6b9f12f297e9c1b6b01a37603b30df75e0630547e9f839
SHA512 429ed63048333519b167a3e98b3df93aa87bca4046ccbf58df703217b7b776aea1319aa08a7910f6f62a545e4078c7c227b7916b1ae3bf2f61388522e7f10423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 b65693482680d902651207e585d54754
SHA1 350b7500a9b255669d38a6d6ca0cf808038c7767
SHA256 4c60d0e17bfb7fe53b6f4881cb5f92def77a64ea36fc7b5c0522498f0dccbb67
SHA512 399c4c77b4bc79a08745dfabd19f2e9978099adb2af42b1fc8fa40506a9151950d972ef71c0a7e4797c3a27baaaf67f0fba75b136595dbc253cbf2e2ca378083

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 a0318288dc558d26022c275054485b12
SHA1 62a5b007c872909c4588bb598a4f34216a363464
SHA256 14d1d1946c5546f82cd6da49238db10945b37d2b75461fd8b322bf8afaae0a7d
SHA512 2339b8046f2a754b31395c5d3826d6787627e5cc2f057728511972537a731764e37db73e57cd07bf0cad82b7598c30eb47a52206bdbab53abd4a4f178142ebe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 4c39438f7c048bb46c218ed97b19794d
SHA1 57b8aa8589975c2c401d6405935c5ba58ceb8c70
SHA256 da1a928318aaf194ea43568159e627466b96461bc0882b966639947ef2111bb4
SHA512 f9e5205c2e9fafa3c136d4449052e918c3b6bed85497104ba00cfae55f8222cf989e4bc1f5215507bf6a77c3f7032a8e2b2cbf3010eee240694ec793613ec301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 df4674fb2cbe04d435de09b8718d2206
SHA1 c639c65370de35d185ebf1f932a85dafefe22976
SHA256 9d220099005c25460295bb5b2c77fac5bb759ac276a736caaf7c3aa5bf7c2bcb
SHA512 4a8ea5fa810de8f34cb53ea281d2b58676de6f5e44b14141b16b4b9b3e4c2207ea7cf0a3841b0188e130d9add137ec677d558893eb41ac580383dda44e1cc641

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 c48ece6248398a3765efbe7ffac658d8
SHA1 f85ec59824398e4644abea48a94a93eca1be26f2
SHA256 953bdd9528a2914339661f547421a4386d0c729cbea0ebd5b96aabb4b798e931
SHA512 5cb36c505c01831f3b0a39c5975488712e83d95e9ccc6645ec487801f062fe11062a0c999160dcd1f0212116135e2c1ce94e29105cc69da93f7c1090432f3bfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 0fe9bff34999d5057c1796aee3fac7d0
SHA1 99c4a70b4fc37ba1a20b8c4104ab8762643bc683
SHA256 ca74d4478e3cc3b666ba80f583f23578e029f0e994d30edbcf8f7fff60d85ba6
SHA512 be99eef9b258eb8a173438f1ba4a58813f8c640c880a5c62aa1a960e799d83e5d16124179b16f1171e8c2c5a8e26181ba917378264298decfb7cf085573a7289

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b12eb08506a0b6dd4f6ab2d6f1bf5251
SHA1 ac5b70f2d2a3daf1d1ab99c92e1f6b52ffe6055e
SHA256 034a21bcd7a4d7bb977011e450c1c42e2d14aee8090f2f0fa0a36065344cfeb4
SHA512 78f5099c7b325d99754e622bc5427d7de5db1b6fec322e07bebed412bd74334bf25d2ec3c5db71e64e73e4fe9bfdc4e94e47e3acd153f9900f1e5d10326477a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 5944eaba4087da01c31efab06692f901
SHA1 d17ce6b1331847706d92dfe076f109303e292815
SHA256 e619181abcf27d51966a6841870e0d251d1f3c35082d0b2079e993a73feb9342
SHA512 26f370ff875c17c30f5267dca52a59986efa3a9472ca002ee3e84740c91cf2069207962490cb9991d6a312d80f3efff89520fd108bd92c8062b71cc7901b2440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 7611185685bd3d51f1f6a5a2c01b1767
SHA1 11aa48a6137c11356546bba4d3de8d395be52866
SHA256 10273a73d9c28cb0f4a148124da57d6094b0cbf33496449042502cb1253c10dd
SHA512 38366263905421d8bfae7e29db06ab74e307e2c7ef5330492f999d0a61956a7083465f4ef389ab0ffbdbd6e0fc84351eab6d593456f5b4999250960be3a39e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3159e67411b314edbf5eadd565a64bf
SHA1 734ada2c23c26fa31f25da78a39caae7bf7c6382
SHA256 0bc0b2e8c28b8147f048e11c91951b9029c30558e135d82f0966217cf32ffab5
SHA512 265e79cca4d973d032c1b6993186f88e78faae62c4a241b08ba3f66e52c2b76604b02f9055bedc0082ef9aa2c29c76855a691420d671d98e7931127400fd2368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e743.TMP

MD5 2e35966811e892be5fc714353998f48a
SHA1 48d858c8718b026cff539f0d798f1f559c5e3b8b
SHA256 8c829ef1a98b2185cdf5d1ce7b25e310693410e0a62a41faada5fbbb923e1526
SHA512 4ee3c2843ddb751073251bc0a4174f6cd366934552c8706d0e985e876b59a58b098d44608522dd3c29d491f3adb6373706a537e40139ec526c8e665b75d0c15a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

MD5 c5f7bf392e559f3aa9c2bacc44db06e7
SHA1 280954b61306fa986e2c8bee503478a9c25e84f2
SHA256 afbc762c12509125ffcfc43222a8f342bff8d1a5f559f0bbd9c24adb1f0d5553
SHA512 ddb0c5761c94f9a9aee3d507265bd0a981863bb795169b41ec5dd41b974c39b0c92af2a422d262e09be26f532980deec40d77af1fda5c936de8eeb741a074f78

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 d8bde8bfa247660a82e28c8989791126
SHA1 37e803308f8302ef81fb8819b5bdcd7dc12ff754
SHA256 56f0a58bfd603cae12a7397d5eef83d2920da44db5856fb2a6d8d9858ad92c61
SHA512 2c1f618bc5a673b159ad541060067443368fd11b3a5ed06d4514cc32804ad66315e01be843bf147b59189a4ebccc325b2ca3d254966422cb12667746b0b69696

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 d2211971d035d27000f0afcc3eb6f4ab
SHA1 6ab38e0316b726beeb47840493a780b30ea9da4f
SHA256 e729d7b8abbeb1e603ac6334fa6aeca51240e3a1bc0c96fed128db0781c0d728
SHA512 c35096149985407ba148c4e9d4b4ecce3c016a4ec781179bcee80c1d16257f305c9bf63b4fc3419d71227d6b407506bbe98692cfc700749782ff8ed666a4bf51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 947e515dcf042db8750e880305b7f5af
SHA1 07929ca90bce23263358efc34a0cf2c9f878c302
SHA256 6a09029491d66f8d23410b3096fda32e69a0bf0fc83792f757eb736ffd35c841
SHA512 e65faea8bc8f9f0b48cff1a249e28d4883760eef52b3f63af0e09ece23bd585838b1f571139ebd270517660ae68237366c1d9875ad41cf6c904f6aa759091858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 c63bec64fc055c82ea5d9075e84b4a3d
SHA1 ddc5092e74979853571675f62c288d39ab89c837
SHA256 376f4514fcd9a35001a036efb550ac1fcd3a9ba8e741bcd775be3a8e4036dfc5
SHA512 86be6e1059a270c32aa4e0dd2b0db2d87828f0a9a64091d3d606b56963b78631128c6e994bdb66424c12ca6e5a1f4c181ac75669775ccc5f340700e4b34ec751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acce8d21ad2a7c4e2e9aedf0b602b9b4
SHA1 b75c4f0ec14429674fd2ffe0894f65aedc02a213
SHA256 dd41c2a18dcce7920458fc0403d162582d98947c61041fefbe6c4859526a65c4
SHA512 2417bae7f472f562839e9792946e4a76556cc7571b8c10e521807fbbed6d7b9bf7733f046d12fb369b9c86cbbc800867887dda1ff7efcf83ed7bc8044b8bb9b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

MD5 5c2980822715cbdfad1e3890d4cd6262
SHA1 eaeec92e6ea2f13fef6f07f0cd6ea681e44be73d
SHA256 84e6727a1eb9a4c6a0043b1aaf2f681b74158af26130a0db9654993d62b1fc02
SHA512 015bea0113da3ce60b767c0d61c30f50e7490213224005531efc3c3025d7d03aa5ce35c2a9c8ee1e324344239d08ef0613a4ffaa29f0e52c245ea4757fa7bd5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b2ffce01d4fd9e03016bf6fa1d32e37e
SHA1 8ed638d4a6978a1d9b2af08b6b767e02fa7e6505
SHA256 3804b2c74c2e1b171adcb1efa76c75e05af6726298fae056c57c78f69ac48772
SHA512 2aec0bf6d149329a7cc1010cce5baa8acca89e2711d4bfa45a3299fd52106f4acd8de89b40b36fbcbfc8b32664e40f97207b73ed691b990e8ac4d10654729ea2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

MD5 63192cbceb798864cf6feb23fe8edf66
SHA1 8882a960fddf9a9671207bf38dd9043ee36c97eb
SHA256 522b7c96c537237db459ce3ce9734ae55223c0f347f9c2ed124c6442df4d475b
SHA512 604e76f300a1b5e9e0ba8eb81b41d12d6e2b32ec2cff8a5c24f2941f4749dd9561f3db239b90276460d70983a98f7c72efd01a101294d3bef4c430a47845e473

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae31e257736fdd7bb8e45f2496ba37c3
SHA1 06bde8ea3ffc61f995fce563313ae0213d1aaa79
SHA256 0caf537fe4ccf1a07b711fc9cec890b0295cf2748720a027e528bc67644bc42c
SHA512 707947ff5ee04238d3be80961adfb4cb1c36f35e244d0bf0bd7d42a56b898a44dfa702c70cb2ae1065e2e064f7b4a2a61586a8f791fa2a12254691f1bfa41249

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c5c40715350b2b718acc7dd57e30fde4
SHA1 dcc9dc5622ad212a4c5084aaa8bd85e88d4cfcaf
SHA256 50dca6ac7faf624959755b294bc3d89123fc3a42f1ea1f7d2efe2431f565cad9
SHA512 823e2b92622a398ddc4892603ad7290d9e86d9bb404349378b0bd724c8f75164790a448aaea7e37d86e28800263980332d91e6678935190fe468069ca90bdd1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7feaa341a3231602a78dcec984d7126f
SHA1 ae519d6ce144bd14f6ad04ec9e7e568b729d36ee
SHA256 a1c438cf1168a29a7e22f8d17dca5e0365c741e559a678ff37ce1232f3b53c5f
SHA512 55dc0415ea4dfa4358baa819c09b62fec084f26467195c4835be2d5dfc438c6bf415b326db85c537f8bebc9274d851bee0322228c3dd692775397ea707eb0aff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8e3fac46d8f62ab01af39125378f6b2
SHA1 9ca8e082112ebb5b09bb2c0183a2edacb05ab3ed
SHA256 c798dd988e18462778c05122912734f4010592e103f028b3be808a6ecc018ae5
SHA512 a7bca832a0f15b4b82f8b82bc103b55416a40590b0e02d41249d4794c57b5153e9692aa38ab00560cf47c3a003fceeabd7ef56fbc5960256f3e32cb01835228d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb057f587ba31f4004c0db3b9d16640b
SHA1 b5ceb1baaa03bfa5bbdd4e32bcdc6566f2f4d7c3
SHA256 2d85d6644d66f94b680136c1eaea2aacc4e89c523e98b8197299c4b9b7cf2ccd
SHA512 6ae63d88d884e32f2b6ef0f2cd1d9b316c9fa8c6ff6a1658c289dc5258dbd66f7a57c82b0200599ff3dbe2b0fe1f366d9901f9b7d527261ea0b0853f4cc3c8f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd718225f34eec0431f6190674a0f26c
SHA1 9cbda51debb032ebec4cdc38f7b39c1a43891ede
SHA256 f2784e4813870265d97e1a9e506011bb674f0bb0d0b14eef96f7f350f198384b
SHA512 05eea2c763719ab1d2cffc646b9fa4e10c529918227b0f3a6e35082b3d042456c66221bfdc914daeb17d645d74c54ae7b77bd1ac4578df70854c224a2b36a61c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 13ccad82b2cd675a83eb0b6dd2d13a9c
SHA1 2998f421d6c0905178e0f39e01146cf5174dc4ea
SHA256 473c39300d7cfc98b4f7647666f4df665307e65f7cc0b3ac2928b35ac2ee4af1
SHA512 4ba460244c72a3665887f9d45bfd5ace29c1635d9524f3493c87ff82c90111094f4cd718316871360bd7b44cbe98810b68a2e9a4b192d457ef662305b88c9ec4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9371ce673d8e4ad6e1558515c7639a0d
SHA1 f3fbc80971509096cb2c2b5dd7dcd389c5114065
SHA256 80a87dc3b3414eea992bae00321e423fbfba606d53a7d6720cdc7f40f9eba752
SHA512 c2df7b8245eb63e3b967d3acf2fb74594f9a64c00a029af3e26d7db3225ccc5a758b2e15ca538aaf365cf8ebfbadf74bb40e03f716420ebd02255f53bf9cb625

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8fc0d1321890484ae10b8f2e4ad9af4f
SHA1 bd5e5ce42ea679e7663379e1cd9d26fd43fa00df
SHA256 fb5cdd8efc8bb518e93f9f0d1cfc8579f4938731d6366c37a55cbfc6ad6d38d9
SHA512 89e50f00bc1b2b25bd995573b9e6772f56f736abddaf7dd0fc3d904205619438b0b7272d9dd1e3f63fecf4120b157644789de347d761c57e16ca1f575571197f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 582b83c197d71e9ce656ec7bac4eb94a
SHA1 a8be3e2c9c8d4ac9a3945bb2868162a9665c1f4f
SHA256 9d04099bb96e98582927afa8be4d3469d313860b7d8c44880ecb308951a98968
SHA512 d19054af3787f724f79a81edf4879a6451cd57d1148f36719c0fb854c8212b6d6d6b5bed28fe6d465663baa914253d6b7b8d04f28ee9bb63efaa36f967e28b0b