Malware Analysis Report

2024-11-16 15:50

Sample ID 240207-q2ypyshcc7
Target file.exe
SHA256 738ef52252bc32f4bb8ae8f205aea673b4b3ee643d552aeb1722a12096138810
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

738ef52252bc32f4bb8ae8f205aea673b4b3ee643d552aeb1722a12096138810

Threat Level: Known bad

The file file.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-07 13:46

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-07 13:46

Reported

2024-02-07 13:48

Platform

win7-20231129-en

Max time kernel

47s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E838C51-C5BF-11EE-B309-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E812AF1-C5BF-11EE-B309-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E85EDB1-C5BF-11EE-B309-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0150714cc59da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2416 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2416 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1996 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3032 wrote to memory of 2468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1724 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1724 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1724 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1724 wrote to memory of 2736 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2416 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1072 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1072 wrote to memory of 2928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 2968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2416 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2416 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2416 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1456 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1456 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2416 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2416 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2416 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2416 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2988 wrote to memory of 2836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2988 wrote to memory of 2836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2988 wrote to memory of 2836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68a9758,0x7fef68a9768,0x7fef68a9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef68a9758,0x7fef68a9768,0x7fef68a9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef68a9758,0x7fef68a9768,0x7fef68a9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.0.72217767\1114491375" -parentBuildID 20221007134813 -prefsHandle 1252 -prefMapHandle 1144 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fe53660-0d0a-4b32-bfed-4633297ba5d9} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 1368 101f6a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.1.914574631\1511906938" -parentBuildID 20221007134813 -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b570974-2471-4c05-bb8c-a2d01e3bddf4} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 1564 e71f58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1224,i,2666676007247721760,15096383713083170082,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1304,i,16239228591397890295,12696149710430273286,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.2.795244980\309196161" -childID 1 -isForBrowser -prefsHandle 2484 -prefMapHandle 2480 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e413708-c037-4273-9cfd-e67c4b972cea} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 2496 19c15f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1224,i,2666676007247721760,15096383713083170082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1504 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1304,i,16239228591397890295,12696149710430273286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2692 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2636 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.3.1036575022\1979866223" -childID 2 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64307b3c-bcfb-46d5-a8e8-486d06cc5f1d} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 2868 e5e858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3408 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3560 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.6.1110612142\744139407" -childID 5 -isForBrowser -prefsHandle 3968 -prefMapHandle 3972 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cb17dfb-5a8a-48d8-be91-431fc59dfbe3} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 3956 1f2f2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.5.1073751050\1746597108" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e656fb6-1f0a-44a8-90f7-1b6ee74de31c} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 3792 1f2f1658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.4.513377716\1299427857" -childID 3 -isForBrowser -prefsHandle 3684 -prefMapHandle 3676 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a96890e-b977-446a-90bc-abb2d53613df} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 3692 1f2f0158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.7.814229338\1832096352" -childID 6 -isForBrowser -prefsHandle 4328 -prefMapHandle 3972 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3b90d6-9092-4b27-8943-957f059160a0} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4340 1f9fc958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.8.506936870\2011878151" -childID 7 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {666c95b2-0d94-4535-87f6-b25a1dadb9b6} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4440 1f9fa858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3876 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.9.914998463\668630222" -parentBuildID 20221007134813 -prefsHandle 4716 -prefMapHandle 4776 -prefsLen 26387 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85a4dd7-250d-40ed-9f60-2f16441714b6} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4792 e65f58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.10.1601638794\1727299280" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4820 -prefMapHandle 4896 -prefsLen 26387 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca2b909b-d6b8-43cf-b95c-84db3b1bef02} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4908 1d38c558 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3904 --field-trial-handle=1364,i,13249615965246686054,11846510644109391904,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.11.1760336320\1310544767" -childID 8 -isForBrowser -prefsHandle 2832 -prefMapHandle 2828 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 660 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec9ad1a-c5ab-4fb8-a46e-ea273d977ada} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 2232 1d509458 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
FR 163.70.128.35:443 m.facebook.com tcp
FR 163.70.128.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 152.199.22.144:443 platform.linkedin.com tcp
US 152.199.22.144:443 platform.linkedin.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 92.123.128.183:80 www.bing.com tcp
GB 92.123.128.183:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.156:80 www.bing.com tcp
GB 92.123.128.156:80 www.bing.com tcp
GB 92.123.128.152:80 www.bing.com tcp
GB 92.123.128.152:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 54.148.110.228:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 142.250.179.234:443 udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 rr3---sn-q4fl6nsk.googlevideo.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-q4fl6nsl.googlevideo.com udp
US 172.217.131.134:443 rr1---sn-q4fl6nsl.googlevideo.com tcp
US 172.217.131.134:443 rr1---sn-q4fl6nsl.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-q4fl6nsl.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-q4fl6nsl.googlevideo.com udp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-q4fl6nsl.googlevideo.com udp
US 172.217.131.134:443 rr1---sn-q4fl6nsl.googlevideo.com tcp
US 172.217.131.134:443 rr1---sn-q4fl6nsl.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-q4fl6nsl.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-q4fl6nsl.googlevideo.com udp
US 172.217.131.134:443 rr1---sn-q4fl6nsl.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 74.125.3.200:443 rr3---sn-q4fl6nsk.googlevideo.com tcp
US 172.217.131.134:443 rr1---sn-q4fl6nsl.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-q4fl6nsl.googlevideo.com udp
N/A 127.0.0.1:50424 tcp
US 8.8.8.8:53 rr1---sn-q4fl6nsl.googlevideo.com udp
GB 142.250.179.234:443 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
N/A 127.0.0.1:50435 tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 udp
US 34.120.158.37:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.120.158.37:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.120.158.37:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 142.250.200.3:443 beacons5.gvt3.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.202.35:443 www.facebook.com udp

Files

memory/2416-0-0x0000000000300000-0x0000000000301000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3E838C51-C5BF-11EE-B309-FE29290FA5F9}.dat

MD5 211543616bbee6e02b4a5dd20d0374fa
SHA1 d71850b8229de822fd305c7ab3fc581adef442e5
SHA256 ae173d57182a38d0a8fb84d6257205ae6098c58d2176cc891fcf33262c82ce47
SHA512 986ded995e5840439662416dab58bf18883f86d176a9cf225df905759ec765d74d24f8fe0d779686b3e774f39c2ac82d88b4d045c9e4633b4ad37195bb578243

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3E838C51-C5BF-11EE-B309-FE29290FA5F9}.dat

MD5 05e029443375948682efdcd27a690030
SHA1 077bc16c6243da5aa35be78daeb7e0fadbe63999
SHA256 ecc6a06d822579a3886c4a5478cdad362011f3e9a24450275ea5d454c0f1aeee
SHA512 9ca1f58ad27e2b3f2ff6df918d84dd3f1d15cd8b733d4d433644d534f857eb89df5c0ecaa98c1b12581dcd14e12d3737b557126c5683a34ffbb16f595a48d0a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b180c0da091d658857e9784aee95c139
SHA1 12d4367363b84bbdf025e2359ee8ce3db1d9e407
SHA256 6ef5b71bc6643cd842bdc0fc3bd509fd175651ea3778d26c1f00987950343486
SHA512 4fbcc77de7de341056c25cdf5d11afc436b805011b1d8275306861577655783ff188f2af351b670e3db866af128e26709df537abf1a84cb69a2925e4c8850ff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7B1.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a7c63ef30bb9844f9a276721b0597ab
SHA1 a007a9fabdf519442e3c04cbd2532e5b58c154ee
SHA256 09a675afb2528c4a4babfb559a9445a5fba6a5802417e2871d313356c4a79802
SHA512 c6176f5015a699ca403742fbd926b7eaa03f4f61fa3520a5896d3a34ff4a57b2764624d2c43cc1eac2d4a149ca4beacb3e9648e9bf931150e58e94327a5e0c7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 6d977ecb6e1401d50c87e1dfb5e5313c
SHA1 4b51a2e1183b4d9aa501ef660a26a5a05f4e3d79
SHA256 a54e1f33b5c394a315cfe694576d3ef6f614e008f5d2c8b73c2f14079212516c
SHA512 5d434a96358eda70b4cf91b2aa953d773e638f446ef71a9c21dc183ba2be4503223dda6bc174ed5258a846750a8cb857eb534f0c6227fc7dbc75e9ed132e84ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 938824d7c2a6ec623137fce97780474f
SHA1 7ab330a874c2b68d4540843c8e139f0c941a0cfc
SHA256 4c9082b805bfb21b29090d8ff4a2f97c3396108c5bec6db511c6ddf1660c2222
SHA512 738058cd1f42a8c2373729c3ed4d11279a5df0a02b06c8dc24d5e063268f5453ecd7304ff35780be86162e35749cec7375c32b8e48edfa51d6ceb4dd76552ccd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f86295b537509ea62a5f2ec6cfc567d
SHA1 799ceca8ff82507a9c94d95fc7e286e660d7aa66
SHA256 b39023342eb7ba4cdd63c03db5dccf15c0ff4f11695ce03d4e5a4dc50f9c7136
SHA512 6b8d28839be10da546d8ce75b70f62de99603d7b0819f37dd3a4f1c01fab3e2e86d16d66d10760a8055b9b247cdec9660fd3df3ea99cf478846f3c0b79a2f2ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba73f2cfbdfa6934fd46279b28b4aa73
SHA1 c0c6237f4941699ac24d647b6650f18ede9f090c
SHA256 b9048997fcb8e0dff846b1ae088c3460a3e515d430ec63961de5c57381f12c92
SHA512 7793b3032dddba3f71cc5fe414ec6958cada2d2ac14b095dc33250b4f233643922110543a8d908593a4b84dc09482df1426d4a6717a978ed034e773ab7dfbd4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc2dd34ec4dd59d8cdef9f6947bd5749
SHA1 031d17b3eaf78aed23bc985d7d3998881d41f2e3
SHA256 02cb296dd05d5c78abf642e706437ece98994f13183dd1ec5b02140d79c81b3b
SHA512 60ae07044391a9c9baeef2098dc9e22397e804f8f70eb585907c38168d02d00f2d90a4a3c50bce5f8f4d05c73fd58abad6b1da6d3460229a47246bcd5d4bd6ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3c07ff2ed22c59cc74b22f2afee002ac
SHA1 1c1175e4685e9f22987dd4fbac9b210c3c472ae9
SHA256 6631f9ce02015294dc5280ea42012430e04d2f07dc9c672793ea181c53e7d2c2
SHA512 06a8b29e128229309ce0a43bba4577aa30c265718b640e8525e7e49ad3f62b9e6cbb98917891f3ec2ca682be53174344f47ef52d963f63375ff11e98cdb14ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ff5f70c06b4fcb269fee0613817169c9
SHA1 494c49596a770748134ae8d9a2c69ba76709fd39
SHA256 d3300191974b5d2237c95595648db0db5faa833afa423d15a95f08114ba7cb8e
SHA512 d764ccf4acce2a94889a555ec309b63e5c556922732cf909a90a186b2881be100f692c1f76544f1420ce7b74584913d2e189dd96aee5ea84a53fb241a8c0c6fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 586b2f0f226fd2b13505fbfcf3196f44
SHA1 7acacc54cbc10a1af3bbb2ad51d3303e6a114313
SHA256 823d565d66edba5fb89fd3e68c879e35310b8943b83dcdd9706c6477d259aaea
SHA512 e98091e4c6bbace7e883544b1d0694f3669dbf6f22879c0b55962ead52518d58ab89c6cc799afa483f4fbc1ea37835139aedf99c0a6454d558906926aeb73c43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b5dbfe7282fa107dce164ac4c3428a02
SHA1 7f04eefb8372e3b58810c0f09abe7810711cab67
SHA256 bccf759c3c9d334629b462a173ee04e4cc39b18e932b19f2d3b850675948d697
SHA512 ceeb43343c7123493e93828127e1c710324295d1fb2c1298f37f2c29320941a3c6b9425c7be6372c8b6f1967f827b09eb00c4f455936e01e9073b0138fcc4f0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0b5f7fb1d666616db2036416eb98425c
SHA1 0b736520437601bb52a09a2fd54257f84475a025
SHA256 fba7d62962d320d42f83ea520d96857da598535c2c9fce40b7c9fbb62d823f98
SHA512 6bd752713e54c430fb8be2474d7838f99b714cb1fb1078df1a8b7e9129fba0650f30b2adb7f28963377e45149c72950e82fced98bd2c50ea347dace4d016b5b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBHXS0K5\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 5de5bee59090c6282293e9106b838ff7
SHA1 de0b605a405caa7e3b82e570c8671c3b33979eb7
SHA256 638e802e5beee338c2a8b91753c5393796a9130d24c01db9eabd59ed03fd6332
SHA512 f243be3b14d07d7e376dc9a4e87e419e8b4cf2de9d09a6a27d10ea687ee2fdcd41f39c319d754c64bf4a77d13b1990d31a51b87c559718b0c29bf9be6be6fb12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a2a4d4115f197a39fa1f8fb7b45ca3a9
SHA1 6c2ae448e5b0db9e97240186b9521959c01f8ebf
SHA256 af2ed48dcf4d5792a88cd6c0db0a5b98c12fe5d987e7a5a76c241dd02ca57ee0
SHA512 99e70c3e0e9580e811b36d469498f2f99a04ecab3cbb88ea7a7c53f77133e8ee4a3197f071cf4493e25d03c51cc54b4919870ee56c07d3c61f182adfc97164a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cb422035b1427ba9b14fd18ea38c5865
SHA1 1db12b1a2c5d637fbc245525ba8e71982a56dcee
SHA256 8e464c6cecc5081080f5cad0d4a61451a273fa7aa559b2cef4dfc4c4d527dff3
SHA512 ffc8c99c748b5ddc90fa7595b8d94330fa16318a4198bab6a8f9a6f5b6c535fc0d46ea2a0de10100ff606f559b74f2c937e700fbc88f5daed421baf55c144791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7889558bda07a148284195db218cb84b
SHA1 82932a58c8c823e15ea8aecd00cb243f742ca333
SHA256 f176084c69854e766e2cb93d9b3bf981c43cdd1e7abafe574e34cab8dd05d5ca
SHA512 33f403275dd0eeb19a00a842c898f721784c7ff88e3817642b4ff1f3e92967c5cf1f002ddb6006bb8642b912b9f55e468a44dbbb13d8c1e0bbbeb58311abaa41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 c59f813e4a8e77a0849bd5c16e00e06c
SHA1 8c930a5e3ece4f78d62c1b3a77395d05f7f0919c
SHA256 3571288369cebbb84562b957729dfaebc7cd5627e0e1f9c25c8428925abe93a9
SHA512 c6c783570154557ef370b61a34aa958dca781505459ff32b7270a07db194bdf028a13011f5758e01883ae45617d5ee317b6c8b241bc0785f8b95e6a83430cac2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA09EYJJ\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 f6782e018937d2de7ded6a35f14e714b
SHA1 037d5acae4df9e374a0e8d50d2cb114453d81527
SHA256 92abe3381040ee35c4b520a457ee3ca5b61c68bb3c9b86453c0acfae8f65f596
SHA512 56e29d9feed5469d3b1a97614ddeee2ec33089349905246c753f67eda08a4c43c76b7770142795133c4792548374f90ebf93c2b7d8905b693d78d76e46840b32

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YLLXJ8IB.txt

MD5 085c5b5522de3d9d2c9e2665b693923b
SHA1 095b08abf5bea35028fc43dc86fb8cbafeab3be3
SHA256 0b31152dfca652dae6c49006aa0400eac039ebbd1641e455013d188802dcea07
SHA512 439ebfc00c6752ada364b6c4678b845229b0e36b0a10e9775fadf443770f7323fc85bbb70a4f51d0430c46de776cd1fb4f6a8493c586280fe274977223b2d779

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 e7632ffc136c2c9a3e20819ab325d8a7
SHA1 3deeaca414d6ac0a9e3825d391dfb6e3d4525393
SHA256 1225eac2e767f642b0b23909bfca6073f08cc3e7ddbaaab2797382153d7da852
SHA512 d63b606a7ea02670cdede526768929b80fe2eb580ff1d43acd09a3c7bb1b5ff9d06ccdc31a6a61ea218aeccb8bb8d78fc8d0211b1e1e182c2055acd245496cee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9c36dfba64f80135bb5df74043469d5e
SHA1 9944aad8b176b9105900c83d969d8c00c33ef407
SHA256 0281d0d3944652a7f6083ceffd2fa2cd5dd9b9b23528fadb02bac97fca0431f6
SHA512 d455ec7bb6a4f7fb5339ebf0c5c0ea7717987c4250bba33970ea5c91a937f24427a2512607ceb04965cab4c5484b7551394ce9b6a87a9a475fe35ca4a5096e8e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBHXS0K5\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 cc4d960daab1dce0950b397b8fd58fa7
SHA1 091a85d4e8eba4ba1bfbd3681dc1997b36d1a0dd
SHA256 1a09deeb46bce2d025255f8845f3dbf80ce3cb645e59c3685cc2c80edc47a302
SHA512 0357ef128b63bd19c2426a27d657774ea9b95aee8edc0b5829054f65bf35bfcf35a16c114af15c4414374df13f768153a82827d965aee26334141b043be32e00

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBHXS0K5\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 9f74f98982158d9d9e4dfacdf1c634cb
SHA1 eca97ecc8124088e1ae411e654c3223db1b0c881
SHA256 c1fb66d048660cbb47ae83285805e43185111cfe174b404f8d9add100c56b9d0
SHA512 7bd727a2e5d765c38fd7d93fedb14636266e5a1aa162bc594828fc7bb36c788d59775e10851cd4485f0e985b698cf523daba575735ebcb073b5cfe00a1e02375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81eb2a768fd8831aca85d62b797d6a7a
SHA1 3f345b58f08351eb00093c299e8951c14d5862d8
SHA256 7fd0b136662f97f3343ee3d8872a9aa31fb9096d0b48ef778549cef96b2cd3cc
SHA512 be39f2de0ac4c9ddc8c699f786f10b8427f00673d5068d5a7cf9ff297df5a85d3ae3c8ff07b19310c711307559783b9d0a8b4ab510c1c78568334f9cfe034021

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446edfbc85a0c242e1c5419e300ef053
SHA1 bbed1ec5d876986617d608ff53269386d742eaa9
SHA256 b9a3382ad1530ded334123d112bc0ae4d44accbcc1125d8a56580362f621c051
SHA512 4c6e37c24e7da2ddaadf12b281e9a200aea1a6beab7028b21d070ebd3c7c518c2297f40490e56c316214d08a65a097284f2e5ea73e0dfc7b8c003efec0a514ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4f4f01b9a30d84b2f1984155459bb69c
SHA1 8a6df704485c6b464c3517b401899894b5f1d824
SHA256 985e7fd0e1a2129c0bde2fd19319c8cfe63052181e5d7cf1c36b10b8de52b5b9
SHA512 5fe0869f6cb61d691c9bbc4694ee24508a25cd2684d4b448f6dd30781c54b83812eca65d6a652b53ffd9f76f2cb90f457f5f026710bbb7ea0be19e14a467addb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2416-1132-0x0000000000300000-0x0000000000301000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fd594fb3d522c7a9f8c0fb3a5681ce2d
SHA1 49754d03b252e227e501037d3aafc0833dc55b2c
SHA256 606ae4a11c4621c74b7b28c56ea91c7eed02bdfc9f97b55ac51744b7ec1b52a3
SHA512 8e28213f3d390d706bec610924ddd1158ed1980bd5369c4791d5cb78baa96ebff86f9b647ac1b02b93220117803f539870b037c93aeedcb1a6796ea6b84b3312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2144_RYEDFEBOZJLJMHAC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7c63f585-0f4d-4133-a163-6c0117490e4e.tmp

MD5 74072778684d0d62b2c0b34d4bbfdb57
SHA1 206d064449637e868cc4a5b988ec0ba1a0b3bd7f
SHA256 94e831c4ea785b0ac9fded14e8c79d381a2d48afbe626dd926ecc2799e5d403a
SHA512 689aab877390bd2f27d76dad1cb93e2e50bf15548db00155aafb34eff45aafbe6052a2a3f9e67e5d691ab752a11c9eca94e48d45d0901fe89175140177c564a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2b670927-86de-4868-91c0-9aed6aa4490a.tmp

MD5 578eee6f672e539f90ee7c8ae185ba25
SHA1 f9bef3092eafa817fe771c5769763984f3d7ba7e
SHA256 635e120bf605f53d9371e3eb35df3219e7e55e6c649b6c42c1cb966a2f5125da
SHA512 79fef8073a75edb8c9849602b501818e9f4f71e20a4b486de40fb5da4ee944b9991922df17b342750379b7f56dd06c463217f996e377d7b6f43443552489d8ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\84de61df-d3d1-42ed-9031-d40ca5fe68cd

MD5 0cf66501a1a06eb03fdc8227dda3ebd8
SHA1 ae11f10177cc647d5afe8a45a47b8dcc5d89c7ee
SHA256 8a907a721ce18c4fce1cf7461670e92d19ba5414bb1ba1f5c18594440b593b9e
SHA512 732199584542d20e45661931ffe7c9fffe89b0445b61af4e0ecb3eaa0f956b0222c740419ca876edbbf661b44dd01458ddd766397d77447e10ef7a71ecc996c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\db\data.safe.bin

MD5 3b01deeb0ddc3ebbee7961d1453a4b47
SHA1 f876c76807f46a5434197a2f94294dc376c6563e
SHA256 6925f1fd07db47839f162bfc8de8113f63f39e52ceb1e938539fdd38ae476e2b
SHA512 5be78136ffe10f8e2f0abf00f3410d1f62d26c2208340610d5933ffb9f16ea084f1a7c064b0b68757c34631eed292ffdd2e784be33a33759df6186cc0c25d54f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\datareporting\glean\pending_pings\dcce820b-a85d-41fe-913b-6a6479df97a7

MD5 1e7d1635e2497f7ad2096524d0d73918
SHA1 cc530953c26f4d08a1fe1634169e3c90aeecfaf7
SHA256 d934540c6c9357c9f46868c922e32896bd9a7a49f9aa09b19f4c823ebb7cc488
SHA512 fbeddae385de60fc4cc1172f5324fad1a5a957d844767e44276eb4aaaf090c81433ba49af5687c5cf33ff421c7636264f3a1c2a4ccb03e8261de0df1f2ba32d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs.js

MD5 760e13967de59ccf8d5db40c6b3e8289
SHA1 b571c5b8ab6f98e2b9645fbef8205b0ee8055036
SHA256 7130b10c3cee09e3debf622d3a120997c48f62e67d669e5080cfd020af724506
SHA512 8329321a0e91c149c36963873b08e796d6bfd35c7d025ab3df1017523d19644b8f61519b39f0d884964d8f0bb3f7790d04da241b822088a402bbaaed3a0c06da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 b2fb6d7b23dda243fa2ded7e5cb62641
SHA1 45956cac6655e9b5ad0fe5db10ec025692d8d257
SHA256 a8093fcf6320f1fdcb1b87dcac698b0dea8836b6f5db0e315448767370eb68c4
SHA512 dffd742c9ab6a80205ab7e71f5b11a4078f6e7c6a7c639611a2458ec102ad975691b703213191589542343246c7dc93041da381c2839e8fdbcc09a062ea66d55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 90f1be0db882b6e54ab9d61c671a76ca
SHA1 59c0ce6c17cb4cff14f3b48a0e3a19f5892cb5fc
SHA256 dcd15c16799c628de3f94df67ff98e0d926eab3a25130a0792cf41a1f86e7992
SHA512 afae363bc896e8f67b3eca2eded502b76454e52ead81b75b60392ae1af35a6563cf1fe826b64a6e92100779523a522f1bb796642dca3e397700741bcd30a1b99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf768d13.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 7611185685bd3d51f1f6a5a2c01b1767
SHA1 11aa48a6137c11356546bba4d3de8d395be52866
SHA256 10273a73d9c28cb0f4a148124da57d6094b0cbf33496449042502cb1253c10dd
SHA512 38366263905421d8bfae7e29db06ab74e307e2c7ef5330492f999d0a61956a7083465f4ef389ab0ffbdbd6e0fc84351eab6d593456f5b4999250960be3a39e5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 5944eaba4087da01c31efab06692f901
SHA1 d17ce6b1331847706d92dfe076f109303e292815
SHA256 e619181abcf27d51966a6841870e0d251d1f3c35082d0b2079e993a73feb9342
SHA512 26f370ff875c17c30f5267dca52a59986efa3a9472ca002ee3e84740c91cf2069207962490cb9991d6a312d80f3efff89520fd108bd92c8062b71cc7901b2440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 0fe9bff34999d5057c1796aee3fac7d0
SHA1 99c4a70b4fc37ba1a20b8c4104ab8762643bc683
SHA256 ca74d4478e3cc3b666ba80f583f23578e029f0e994d30edbcf8f7fff60d85ba6
SHA512 be99eef9b258eb8a173438f1ba4a58813f8c640c880a5c62aa1a960e799d83e5d16124179b16f1171e8c2c5a8e26181ba917378264298decfb7cf085573a7289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 c48ece6248398a3765efbe7ffac658d8
SHA1 f85ec59824398e4644abea48a94a93eca1be26f2
SHA256 953bdd9528a2914339661f547421a4386d0c729cbea0ebd5b96aabb4b798e931
SHA512 5cb36c505c01831f3b0a39c5975488712e83d95e9ccc6645ec487801f062fe11062a0c999160dcd1f0212116135e2c1ce94e29105cc69da93f7c1090432f3bfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7be4cafd5a0e8b2243165e53b613a921
SHA1 ea9d7b18496e50b5c071cddf8c66c19456a90d63
SHA256 d7382de454c26f393d0d6b7de0a63b6e4f941b1e3f3a8bb4ee30f19a2b2eed17
SHA512 395ba21d9a1389e588fba9b895a84082d119e3aa0cc9b53f4751a58a6af3a927c2895f13f73ec18927fbcd3b7344b21985c5b1e23a7df35c0781e5cb93fb6690

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{367cf146-ee06-45d2-b9cb-e7fcbfc62479}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\default\https+++www.youtube.com\idb\3615650373yCt7-%iCt7-%rcees2p8o.sqlite

MD5 d4b21917678f0501f01664d42922d7e4
SHA1 2401ddd3c15b1245bb4794ceb92ebdbe979c9e62
SHA256 c0c761ad5f8c6ddf39ce022a29f1de4f8e356d191f887102a7eafdce86f56d5f
SHA512 1c351bc554f6fe01347f6ef26ccbf09210fdd7b65d6fed3f359cb28577c46d05d1e2f1f7908750cd6cfc45f3b75898666d3c9fe8c79693a5fea1115e4400a49f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eccdf9c240a2af3d0034af7c75dd65f1
SHA1 807eae27c7b7d923f8504af9c364666da63b3ef8
SHA256 027276e61d1889414273c562361878a5fb5c053243f77f3881bfcf3a78d35d6e
SHA512 f170e946e0e84e3335f8a05d365d45dd4107841568e429508a76e928b5d702e117dec5113d6503b600ceaedc89a9e71fd6edd9d1675adc7134e7e04d3459b4e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 154d4ab0a0e0bab86b35d95a8e31aa99
SHA1 2a32a7572361f1fb7cbe5ac200bd80a5e6411460
SHA256 4a33977b4fa218a34cb28af662eab863889e086d9efcf277237c6f876f3dab6f
SHA512 6f72bebb6b67783e4622bbeec2ea38fcf89012285519e669a07626d07d9d9104c06014530435d459f9a03123a67dd137d9094a4119c61727450450703d8527ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 67dc5d4760e8e1a4ed6ab1c437d8d389
SHA1 982c7c51653fe662b685a8110da7d7ec7c95a211
SHA256 e73f0e466105621b79ba383d6629e3d3b18ca5b4b2749bcbd9934a29f241e2bc
SHA512 72030dc301dc9262deb7d41d5345ca3cdd6d99cf795d87e7e2b24df2250d6e267f1ce4b9bbaaea69cff3425d3ea3328d6204a7486fc314e28b3016cba3c406de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf031ba1e86835613d90a1ea13c4ca35
SHA1 38756b56cfe8f3af7dacb5b616776010f16c2e14
SHA256 3bc706c55165937252ffce85f603f334e084a9617a987ff13cd6cdf2f2713b9a
SHA512 df8eae09f54f349cfbf0b464f00c3483b445a299e6542812d6291ebdaca813e4b1aab6fe7d72f0e6ba13f464dbfaf729201adff7ac4928a4660bfbc5e62d4566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a54481dc174b047864c3831bb047f09a
SHA1 eafbd3f13e6ccba232057eee5d092e30721c40ac
SHA256 e5c1be00c8ccbf8eda6c4fe02021490e8b9f8c5457d386dd26c4cb8994f8b811
SHA512 68579d96fcdc875b41a761cc8766b40a492cedcba2897af37a616e6c64c7d1e1688e45ddaa948631993988ba42141d9bbe0b39559e6386b149f50d497e25c2d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 685c43be14589cc976a8155755629d41
SHA1 f84434d07fd12c913fea8608dacc109710b2441d
SHA256 3798c7cba487783129f5b27a829e966d26bcdf01f8afd3b51aecd9a78c1b58c8
SHA512 a6c6b4100814a6483c3d286a757817930f298881c43117ae4e72ab384383940fba5b773245122d1aacd9155f1f39894033e0c74958ca8bd80e5ec8b05029db1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cc407f5fd28da6a4c447f1e2f035929
SHA1 a6c31ffb93e7ee359100feeef4751b00485a590a
SHA256 20658290d1b2e194dffd00b0ab8deb102fd37c349990496c0533444cde5bd2de
SHA512 5b8fa68880d039944e598309c9f28d67d9de5b92d4ea07d62bbac61368b222b2aa8c87f2db4033c44df9c542541b992f0c2af2cb1734033984b65fb6c8efc347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa3753b3a839c63143f867d5147b26c6
SHA1 e2914cf58336f3e124ad52908d3bb2dd1508e643
SHA256 69e16ef966da55580445702cf33c86e7dde4f284638e335a150252b680ae4b4a
SHA512 0c0cc996da753c9e64a8ecfdd50425f1888e3eaf9c0d0a51dcce02f5cafd635a31123c1f91160da89a5252830cf125a975bc59cd607701b987392000bf27e265

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99a6d9a88da35704b5607e0405ccabaa
SHA1 99f58d228e3838f674a461cccf6670ddbe7eeabb
SHA256 1cedb127c83165c8a0f31d1e3a6b6f4e7e5065692b2bc8a0e9411adf261348c4
SHA512 dd55b4dcb89831b1f25e263464d61c64cc2caa55f7ce26b52306431094b630399313d099f0331c02845be246e3d2a8489f51d157e179a439d3d8441a8e285170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9217347a19fd9a9b00f9452c393da65a
SHA1 36fb240f32bd3f22d4fa1f9f1ad0c35aab7e81c3
SHA256 166cca48ed653c615bb334857e1771f85de69eda87361e6a1605cf3c8d5831f8
SHA512 98c6e6be98ba5740aed8d3b03f396da0fac472acec4056873b7b792fefa079279e5ddae031707243db3a5efcbeb7307721b47ad76c7945a697e26a4af325c545

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58ca89e4beb58b809563a8a74183c15e
SHA1 0919c1737d4692404fb051b8d6917561eabfdc5f
SHA256 7c632956c291fe39b9e672833e96e5c1dd8954217507c7e17d5f95fe2ede7968
SHA512 ba0255bf67c49c80bdc4bca00a3b61d66ee30fe7c7a64cace2712448680677b16deed6daf504a2add94bdfc43f8440d549e6eebb81a77e0eec365608bc078485

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86ce2fa8a04116864c1c8fdc7a220d9e
SHA1 db44f80dc400591ada9b6a177418af3d2b2c0001
SHA256 16691e948c8c15808dbd0efd397de3c8d7bef088372228186f53f2ba24f44103
SHA512 1e7057b6663f84a0c0e3a73fdb0ea26ef76b65bd8aed173d786c9e248704ba8bbc4bf9a78c6231faf0c20f712a1e84de70d5522e10fa75866986f68da89678a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27f5b24938b8ae294c11910800ad295c
SHA1 8127fe5f41ef08168301629c92e21d26b33ed920
SHA256 815552be9235fddebdd6cdd48e85ec8f897d68f9c4deb999633921ab057640d5
SHA512 5d852c7029d2d8295b2e7fe03606610078cb3469b11ef0e14e7c4fd17f52560b4db3ec447996a1f612183a1f7fab1a856d6663ed15cf389df4cac12094019360

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\prefs-1.js

MD5 0dbca47abca9e31031a53876266fd225
SHA1 2d7ebb154dd3ed186620d6d3588560f65242da5a
SHA256 2bc03783ac91c220ca602de91f48aae5dfbcb52b8aec14086cd3475ee83c11fa
SHA512 f96ea1f47f5bf15fa94178c606cb265f53349c15f50dba896337e57c770597b44d4d5003dfd8e85f8def1e2e00ee93f8b8356228cac20ce5344141af7f825f18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0c8c8c15-5a6d-4bb2-bc07-af15757cb87e.tmp

MD5 9a842145552e1d970ee73564fee00a12
SHA1 a7b63c5a1daede91869e2cab26b52c782448e177
SHA256 3c7827ae262827bf9e785075eb00f4a9d21f278d7fb805f5cf9c091baaab6e2d
SHA512 9f74ab6779af0e59e83e3fcc7fc789dc3e93424e6deaf4145e5e634146b27dbb6c06a610ef57a975c7c18f15cc77f8cb8f0aae525876635e15004558d41a1ec7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 46f8ef3cdff9f2ec41cd78b55c82d791
SHA1 941571865a1203754b370ed843a3a4c56625e690
SHA256 56d7ce25410be154b51d4b166f681a5ef227767f807fdf5d29542b1606ce5b5a
SHA512 77ee559f5e817deccd68d5d74a198404a89ea0e311178345cb163aa70af9debdc0e13cd8c0ea3e54198b574f5ab5e5911cc9d77ae9cacaedad6325f0381b490e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49c97fac441740ecb3a9d3cbcde637b7
SHA1 b8f3cb5c8add38fae79b88aa82bd3b3be7e60a7d
SHA256 c8c2e397004f9054253237fea754c468b0acd57467ba04079222a0b22e0020d9
SHA512 85ffb2cf0d9ccbdb3b976423350797d0cdc0c176c48e0519ad94806c024ed4b63c4736bc07fafab7412a664cc06bbbc4a30b0f3abd8b1b193c17106473bb1618

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\olrckem2.default-release\sessionstore-backups\recovery.jsonlz4

MD5 56c0ba07e05668f3adce348020b325da
SHA1 3f89e218494e8dd62f3e4faf43a082138ea5d323
SHA256 36c5d3ccf6b907b66e60317a192befee8861bb9d44f5f76bce637744bac19e78
SHA512 d42fbad3b63a4238f7204ab67a52ed6fbcfb20c170cbbb6ac55c0a5a036bfbf18acd838eb2ac30d9030c1dfa4e3a9f2b401e747c24002f4b1ead75db154d1f4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5fb1865d719f447b967a9919a20cfaf1
SHA1 094a538341f9a4e7aecdd112b4bd5bd7ad942e93
SHA256 c56402cf857dd6b59e940735cb4166a4034ac816617ff742cd2566cc36e3ca0a
SHA512 1a9a0f4f28225aa55fdf9df4f9e3c85d98bc3a31c3d9c24a3446cccba757d6b6bddee80493a3e607d9f87cd0ca6809049ef3cbfa9d985a933ea38c24a7e9061e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 522a29cfef59080d8f2ca72fbc796562
SHA1 4056e80e474a9762424ee913d735660e43747d71
SHA256 7c8c4ee9fbaf1e9751b4e5979cb2325187e5088ef97e2f7baa3c3b3e637dcfe8
SHA512 0e81a0351345680d9eb02b31362d76307a50eee9da293047b511f149251ec8accd28408f1911c0d3c9b52d09083bc473dec270b0aec44627fe637f5edb982e22

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-07 13:46

Reported

2024-02-07 13:48

Platform

win10v2004-20231222-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{F0781E04-868B-4E8A-8C42-1F7457FABB9A} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{FE4CD926-C748-4D2F-9363-50923386DD9E} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5104 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1676 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1676 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4024 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4024 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5104 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 4320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 4320 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3300 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3164 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872b59758,0x7ff872b59768,0x7ff872b59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872b59758,0x7ff872b59768,0x7ff872b59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872b59758,0x7ff872b59768,0x7ff872b59778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,253758962546987970,5730222445369205548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,253758962546987970,5730222445369205548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,54086602548762386,2613583242347970750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.0.545477520\1405752999" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72dad200-5a71-44b1-92f9-1f19f5f53f69} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1952 20b972d6a58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,3178587315859202528,12838629304638989152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.1.532875172\490624711" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d2a2a48-0fa5-48be-b7f5-5e32c0478903} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 2428 20b971fa258 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.2.1574036998\318456255" -childID 1 -isForBrowser -prefsHandle 3440 -prefMapHandle 3288 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26042e26-ed26-49fd-a203-9e38b7d3def1} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3512 20b9725db58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1888,i,12153828446540170858,14147006241115337152,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1976,i,15106182599078191262,14539675820212960184,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1976,i,15106182599078191262,14539675820212960184,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.3.1905157220\366434620" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3212 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fdb0dfb-f0f4-45a9-9599-9ab156d1b397} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3376 20b9ad8e158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4144 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.5.2010527145\1615724369" -childID 4 -isForBrowser -prefsHandle 3880 -prefMapHandle 3884 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c04bfc6-b921-4650-baa0-a6670606ab37} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3376 20b9b8e3458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.4.740874470\320153513" -childID 3 -isForBrowser -prefsHandle 3408 -prefMapHandle 3044 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {759ed57a-54a9-42c5-83d3-54e7537b5214} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3304 20b9b8e3d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3496 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4840 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4864 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1888,i,12153828446540170858,14147006241115337152,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.6.697329722\1542358082" -childID 5 -isForBrowser -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0023c7-d3b7-4311-9035-edd7edb92865} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4800 20b9c99b758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.8.674717151\1769429418" -childID 7 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0226f967-5bdc-4457-af01-b46f711e3e94} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 5680 20b9e16f958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.9.168707872\1360721513" -childID 8 -isForBrowser -prefsHandle 5820 -prefMapHandle 5824 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {625c3ad9-be6f-402c-8be2-ca19c9bdcabd} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 5812 20b9e16fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.7.1001917538\1936296299" -childID 6 -isForBrowser -prefsHandle 5464 -prefMapHandle 5444 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d411828e-914d-41ed-abe4-3761208657e9} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 5420 20b9e170258 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3196 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.10.278559057\352748347" -childID 9 -isForBrowser -prefsHandle 5224 -prefMapHandle 3788 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c35191f-27b2-4b2e-ba15-73d8c6901c82} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3868 20b9de37b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5868 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6252 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.11.518650683\632448933" -parentBuildID 20221007134813 -prefsHandle 5444 -prefMapHandle 5636 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6390d9c-0f1d-466a-8a78-87291a0edc07} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 5820 20b9df8e758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.12.653807915\1628189277" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6272 -prefMapHandle 5444 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2f1cb1f-71fd-4c64-92b9-085c82adec13} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 6284 20b9df8e158 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.13.1912104080\1435809967" -childID 10 -isForBrowser -prefsHandle 6604 -prefMapHandle 6600 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7297bf5e-4151-4c23-b280-c1a672d26ea1} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 6612 20b9e7fab58 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16590145120954716016,17209134084843321074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=2008,i,10451035503273333375,13161877801579518532,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 13.107.42.14:443 www.linkedin.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.14:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 tcp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 52.24.144.241:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
N/A 127.0.0.1:57594 tcp
US 8.8.8.8:53 ponf.linkedin.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 1.9.2.144.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
N/A 127.0.0.1:64093 tcp
US 8.8.8.8:53 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
US 8.8.8.8:53 127.144.250.142.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 8.8.8.8:53 udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.170:443 rr5---sn-q4fl6nsd.googlevideo.com tcp
US 8.8.8.8:53 170.3.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 10.141.194.173.in-addr.arpa udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.187.238:443 youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c48.gcp.gvt2.com udp
US 8.8.8.8:53 e2c24.gcp.gvt2.com udp
US 35.206.35.210:443 e2c48.gcp.gvt2.com tcp
US 35.185.21.228:443 e2c24.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 142.250.200.3:443 beacons.gvt2.com tcp
GB 142.250.200.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.21.185.35.in-addr.arpa udp
US 8.8.8.8:53 210.35.206.35.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12f5ea17522d20f57cfc7ed287507d1c
SHA1 683a34647d67a7f0db4b48c8e5ab2bd96b1ae58b
SHA256 25fe9a74a26f05364d78e4fef7962b5509f562c825da977bf6ee46a31e2392cb
SHA512 6ba3e8a3b7eb2fbd8edf13571a7a430b334dc86527eb4368ba3b8c2e7bcd24073cca99677ddffa633643046536bf7c7516076a9018f7b3c7c63a9f2a26de67c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e71d66ce903fcba6050e4b99b624fa7
SHA1 139d274762405b422eab698da8cc85f405922de5
SHA256 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA512 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bb2cdf82802bf69b297c9fae3fa48e85
SHA1 f26dbf7984929197238377b2b3e37f974447448d
SHA256 29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7
SHA512 00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7

\??\pipe\LOCAL\crashpad_3164_ZJWAVWXUHDWVPOLP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94d2e381dab1fee50d1e65c0e471070d
SHA1 2da6b8a13094fa1d17afeb34efe77ce49456deb9
SHA256 01651838ebd37417c19ff6950fceb019ef7340c915b990b60188f7f3e3fdeb9e
SHA512 d08b891352b5e2c47c4d4b5c995ce8bf64dc135b309422197be6a8d181646943b9836a64aec2b3f0f59d8f9ffb86fe5e196d84d2256af99bafa33d7aa21e345f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 50d5fd646911371b26155e781c834f5a
SHA1 1f0d6419e8276e2179ebc1edf3dff4d4cc29f7e0
SHA256 b9d30f06a0c4ec28b49d15ac453cf7eaf42a699808e4de09d27eeb5f8eb15eed
SHA512 ef79b0a05228adc51fd1c11682de0ba4f413e0bcecc9991467679dadf0b57ba0eb5d1585cda7ebb79a36868017ff0f1b7920b57f0336bbd8d94287b2ed52f899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82f8def66c25b62fdfca08a0b6b4fb26
SHA1 79d68affb1a245668dfcb7fb91a022d9f6534e42
SHA256 eacd2f5a00a2c0341d19196cae66aa091204ee230af2d0be45f63ad4a83e5d33
SHA512 1fd616ba92a72da5a7f6002844f1b07bb7039e7d19a076b3eebd12463f88220105f1b1985d4f367dd8676150d7d6a51e78ca1d4f169a64900d2c711dbae09609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 322b8811d0899dbd4a7e061a30e9091f
SHA1 bec66d7573b83759010cc275e4952420195e2f6f
SHA256 e35796a98ab5dece24d2376ec72393604c98e98ebf7911da0a36d4209b5d5393
SHA512 582104de2563f4a282c859b9d84374431710d57bff620e41e2efb7bbed419777b54ceec18c380f2bf48683509d526d6fd9b8d84976e2dae47172b87124e28dff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 21d6f97db4e232570452e123d6d8270f
SHA1 b842473c9d19677576f4d9f448fcdb9651d3a2d0
SHA256 8a1570de0c2673be33d673425883077b0d938e7052a2bbb9a131a919817f2df2
SHA512 23b31e0beaf52c6b4b75739021b47120f671e04d5a27c17f7b22d5b1a2016c09ba25c3d0d03876f5ab7a8fb3cd1e2c6b3e6bd7c56485d52ad783e00e893a5213

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f3481512cf1a21c44cbe12996bf8f977
SHA1 b750945ca84ba161e175abe1eec0131993b262a1
SHA256 b1f1b0f0ff63b81bf636706caa8b9774a395d95cb21fcf98c74f003b10d97250
SHA512 ca8ab851017a364b1366ec8dfb1daf68ef81de9822a974e79d4774f214c4f683dc91a147831adea11f1397915dddbb7577d375f6f8d07f4589077e1752a14925

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\cd9187f6-d6c9-4b4f-90bd-2afd442c9449

MD5 b665f6b8502c46fa11da7b53e36ba928
SHA1 7a9f631271cf815b109c16947e270ec4cbf414c8
SHA256 b9251d888658404cef7267e95281d471ccce8b6ba9d30a5ff79c25661c8979ce
SHA512 664ce71b6ea3996f33bd8bb4a58cc5f2b9499e5da1064a63ddf4941608ea0086f6891886ecd69258c86e81dc29282163ee41a9e8d698d12e3d2d44ce32782daf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\c19828eb-c724-407f-8c31-dac79363ae60

MD5 61a4f30554ff49d21934ad5ac3b04ff5
SHA1 b7028b4c4d9f98d1be260553d71187462ce2d441
SHA256 717ba333e1576a9f796cbf9d3dd4494f7fc68a198c06154209bd275b4f0442af
SHA512 7d82f885bc9056fad3417786bbe2bac8c12448164a5c5b229c0e070f16459972f757cb969482f4fddc8dc4b7f67278009cb4a40d4d859484a8d98caac462ac63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin

MD5 df05a48ab60ed6c6f07490ae110e8f1e
SHA1 eee74df99455570d55bee34a34a708a703dcd546
SHA256 d0b2f4b16ace615e3e1f775bcd54aefc388ee088b3ab33f2b9c2220ee4a2aa80
SHA512 bcbb4c8ae9870c4ffbbfce1c32a5fd0d8cdd5910382815748ff6e41ce6a0d0c57f62e26a0cd3081aa88edf458d4211aea2b63f100bd42d9f8c662ccbd44bf534

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 12073af823007ae20c7b3a14b70da94e
SHA1 6f38b90eb5ecd0ce2f3ecdbe9f18d7412e5298ce
SHA256 d00f5c773ce637e3514f0c74ef1d1ff11a371cc5be323fbef17acd3835e3c6e6
SHA512 91df4bf86a99a79e9e60f2db6a1107af73fafa273c9910adca1e804f63ee81970f5683b460e85c56fbab8230cd8d44e55c294b2cdd17f5ec61a31e900c3b9c38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

MD5 6cb8b0855f610c1c27f38e45453a4639
SHA1 16475cdb53c39d9d156e17185335031e3f2d96a6
SHA256 55952e6896b5bd5d15c54a8a1fb33311394b015def823927019298facfcb5fb7
SHA512 14f41fb8a3d463308a94347ac18c3d1be5c90a20799de97b8aaa003ff2c8286904364a600a063315760e4374a911eedd8407488b3078680dd952d835bec47328

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bfd3c851eaad13fde213c401b6de2789
SHA1 ca43072d9e8d327bbf308a668314728b5eb6727b
SHA256 6dde5a897b8cba46dd48020bb25bbd5e726bab5f643387eaa9fdec6a50744992
SHA512 56fe54611877e9bc867c3cadddd1f56c0e9bcee3023b82c635d3c4156f54594254c0d4248c0e421568c771231df0e7545e73547106d4862188f763af89292270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f91a7292-08b7-45e1-8ee3-fc9804ecec10.tmp

MD5 87750b462d023234077d7a1ab1c4baef
SHA1 39b95f105974135b88ad76084809e8940b8c63c1
SHA256 9218fadf68fd70e580a91bb3303876bebc17e3957e9252cc9c80c37b030fa883
SHA512 2a1b59f2a7354fddf53db774baa8ab82048116d58a9654750d5639280e0e5d04290c7171fcaf002cac328e401d8909f3793985db2d03d702323946105edee186

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 c9423250baaca689a658e83ad4e8ef07
SHA1 6f36565a46bf02d9b68e65c9e875cc25edf03061
SHA256 323d7f06064dc2c80b31e35bddd8665ae36627aeeaa3fbe0481244b4496f59df
SHA512 43d98a7af9b63311e91cc1edbe4f85fda0baad69610feeacc1b4622b4e80e7f8a1fadf1de879f5b7fe98f1774fa8c620f4b10002972b78ab97e2292be745ae10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8342084034ff9bc23e7bf9373f08d3d6
SHA1 70bb9db884d41d47135c0515e3a1d3a926d9e9d6
SHA256 1bce108c71c2ed309928aadcba15ddbd3ff58f1e908fdedf7b3cf652ef10956c
SHA512 7aa1bfed67ea0ef8e426d5525f981fb4da9a6efd9e0a034434b196771681b1357a1dc99735c0e0154324acb1135eb971f8db87315c2fd7b064746b033ad2207f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 db33c13aaf6ef7c2f3f497e2eccdf54e
SHA1 0e44bc3f7d65b47ecc0a5aab6bd0951099115353
SHA256 fd05652b0c5d4c84fc3734863346132b7ddcf60b2da22341b95b4dac0b930a18
SHA512 af8f6bcc700b545d50f973f3982a00047492e002e8e0b81391923daf761bc5bcdef18ea70c14ab71d3be2b7d883614e9b4818bf951aa4ac2c64c0825f8ca3bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 fba99d267cd5bc0cfad4f65e9eddd176
SHA1 73cd8ca2952a9a2af3e53d2d2186246cb7347fab
SHA256 eaa42cd1f21ea86f48f8e4d8384033ebf1acc0099b4b16ccdef3df3aa7e9ccf7
SHA512 60f7d184c2afc6c87a2770aeec02f77f0d46533396e44a504b5f6927149b65082ec29118bdf156bad66aa45ef4f0e9193eced122adb6441a290cbbccb3c8bc9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30135dea05fdc0b77013c28dcd935172
SHA1 27eb27445d303fa4d81c8b8d8c03d7c43536d071
SHA256 d138ea1f77742044a8f893c793283f71b543b220f02c6154bf92e8a9c1daafe1
SHA512 ce5a6dd53a212738209fd008b24d415d0b4039d51b16d6f07dc88202dd9aca644514bc49a0fa846ee28f8763bd36ffffd3c56fd750a2df5d03e2b82f84b5d2d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1b1b142e24215f033793d1311e24f6e6
SHA1 74e23cffbf03f3f0c430e6f4481e740c55a48587
SHA256 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512 a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad936ea75d445b0b35ccb4f1f61d23ac
SHA1 2681e7ae963f384dbea6c34a57d0352fefb2c459
SHA256 1c508b32ed2dc9241263736390c07c2b64673918d150e6c855a21c92edee50b3
SHA512 ebd335e037e45e4d9cd2b1fef29b565dbcbe95c1c6b47b2bb6b72c3fa3fc89691ad62f5c94c720797977c37e894d11f2a30a4ac458252995d1631cad5f30bafc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 8b5580025c84213dd5793b39474eaf73
SHA1 725efde782b46831cf4dc2f509726e0a52ebee4b
SHA256 dbda4bf9448d8700a08318c239c2bfffc7649ab27a279216131d289c5c48d8f1
SHA512 6dee4b79a43a7bdf42ae3db64a1c26dafedc9dcd344722f07a93e33d9327487bd754570a06a005db21ba497c6ef80e73508d772e6d631ca9df6ab2441b756957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 85e52e08a8309ca0939cc3138cda0e17
SHA1 bf7857c6e024f0bbac7e370a560462f527134b96
SHA256 e4d1c795850c21c832ca71eff2ca69fa752664f61eb1fde08f64ab82537b3260
SHA512 2c2f0077fbaad76d0ef4d700fc687fe8aa8a0aeadde6bbde321cbb0462fa0c7786e8c344c2009004f14f39eaa60e4a52245312eb5fe43e9b247fa253ffc34d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c73141596d33ac0471ebfe3ddaa2bedb
SHA1 b3908dd95c22c7014a5a9aaee32a9c7361ee2ff5
SHA256 d501e8a16ae5ad7cad46c1a0f42bbe2b9a61936add27e189d279d84e53bb36d8
SHA512 9a12ea0b1a6b0d310badde3234ae654f99c62a0505bc650f8692a32b77bedcc5873825adf65084a747c0fc4a5e8147f6e42170e5e8a24eb1c45b520e043a9729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 09669771a406b60b62b161a198e46566
SHA1 59b8fd31bddaa4b535fe4c13768bca3dc023d3f0
SHA256 71ad351ad4c777c29f07da3a383b9f450f8fd390f18e6a23605d72d5c848786f
SHA512 f1391aa207abefbbf67465f0d65b01f0ec89ce5bc5e7907efd4077e24e1cd384b43c0a1bebb9360770f63eeefd9a3eec94c216f394ebc873597f9fa25d265dc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 e608f4c70076f24e1481947e965f6470
SHA1 cf21a9fdbff23019f2d81bf9f14d3a7bfd5e03aa
SHA256 14bafe237009fcb566a2b7e862dfb263b0c4892ea7a6daa9a7cebf53af243bee
SHA512 322464c2d384268573c2da509dedf2801a1413f44110ae56b69e3b5607835703df6f3db8d9e9a5bc4ab5ac49b13882f002c2d45ea4cd1eca5f738567ea28a8f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 6a2d775d769277612a796454b727f404
SHA1 3180d339a289687eee1feca7e6cb6a08abb48340
SHA256 5dbdf64dab17a3b54845fb68a6246bd9b5f412eb4dc836156ee68799de06e77c
SHA512 a29d2b2cd0cf7f7bd92fe9e0f812e0f6ec83a5a295afd5e8dffbf3d0734f7befe02e1c80dcdd28ea7812bf274fda6ee580e2dea5f90f74996a6fba1269738a7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 dab178354ece497f84556f18eb90fb1b
SHA1 374f1bc8ea25bd0d13e40022c4baa9df21f47696
SHA256 2e6b5e36f335026aafcdb89ab5337aa4891def42681f5bfc2205ba48f863ef52
SHA512 74c0ed4055cb442e385f2c8da7dc975384c097e8a8cf53192b2de0edea02f34179691170d947426e88270ea501e97c5b7ebd8c6be16430614c66fae2801324cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 13a8b0750d71b461d1ce47a07d253539
SHA1 7189bc963f376a39545e633be60ded65b8d600af
SHA256 6b93a3891c4a7f315748043ba35422471ba985c9d7a67d9597cfab6f29782758
SHA512 6161c7e3f9e735faac5519a51d1bbbc5d8e5ad93394575c265a30f6fe3d7ed148d5513894c594b305481931fdb05054a96107155da9dc6a5964535f6ee4bd889

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 4c39438f7c048bb46c218ed97b19794d
SHA1 57b8aa8589975c2c401d6405935c5ba58ceb8c70
SHA256 da1a928318aaf194ea43568159e627466b96461bc0882b966639947ef2111bb4
SHA512 f9e5205c2e9fafa3c136d4449052e918c3b6bed85497104ba00cfae55f8222cf989e4bc1f5215507bf6a77c3f7032a8e2b2cbf3010eee240694ec793613ec301

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 a0318288dc558d26022c275054485b12
SHA1 62a5b007c872909c4588bb598a4f34216a363464
SHA256 14d1d1946c5546f82cd6da49238db10945b37d2b75461fd8b322bf8afaae0a7d
SHA512 2339b8046f2a754b31395c5d3826d6787627e5cc2f057728511972537a731764e37db73e57cd07bf0cad82b7598c30eb47a52206bdbab53abd4a4f178142ebe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 df4674fb2cbe04d435de09b8718d2206
SHA1 c639c65370de35d185ebf1f932a85dafefe22976
SHA256 9d220099005c25460295bb5b2c77fac5bb759ac276a736caaf7c3aa5bf7c2bcb
SHA512 4a8ea5fa810de8f34cb53ea281d2b58676de6f5e44b14141b16b4b9b3e4c2207ea7cf0a3841b0188e130d9add137ec677d558893eb41ac580383dda44e1cc641

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 0fe9bff34999d5057c1796aee3fac7d0
SHA1 99c4a70b4fc37ba1a20b8c4104ab8762643bc683
SHA256 ca74d4478e3cc3b666ba80f583f23578e029f0e994d30edbcf8f7fff60d85ba6
SHA512 be99eef9b258eb8a173438f1ba4a58813f8c640c880a5c62aa1a960e799d83e5d16124179b16f1171e8c2c5a8e26181ba917378264298decfb7cf085573a7289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 b65693482680d902651207e585d54754
SHA1 350b7500a9b255669d38a6d6ca0cf808038c7767
SHA256 4c60d0e17bfb7fe53b6f4881cb5f92def77a64ea36fc7b5c0522498f0dccbb67
SHA512 399c4c77b4bc79a08745dfabd19f2e9978099adb2af42b1fc8fa40506a9151950d972ef71c0a7e4797c3a27baaaf67f0fba75b136595dbc253cbf2e2ca378083

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 5944eaba4087da01c31efab06692f901
SHA1 d17ce6b1331847706d92dfe076f109303e292815
SHA256 e619181abcf27d51966a6841870e0d251d1f3c35082d0b2079e993a73feb9342
SHA512 26f370ff875c17c30f5267dca52a59986efa3a9472ca002ee3e84740c91cf2069207962490cb9991d6a312d80f3efff89520fd108bd92c8062b71cc7901b2440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 7611185685bd3d51f1f6a5a2c01b1767
SHA1 11aa48a6137c11356546bba4d3de8d395be52866
SHA256 10273a73d9c28cb0f4a148124da57d6094b0cbf33496449042502cb1253c10dd
SHA512 38366263905421d8bfae7e29db06ab74e307e2c7ef5330492f999d0a61956a7083465f4ef389ab0ffbdbd6e0fc84351eab6d593456f5b4999250960be3a39e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 c48ece6248398a3765efbe7ffac658d8
SHA1 f85ec59824398e4644abea48a94a93eca1be26f2
SHA256 953bdd9528a2914339661f547421a4386d0c729cbea0ebd5b96aabb4b798e931
SHA512 5cb36c505c01831f3b0a39c5975488712e83d95e9ccc6645ec487801f062fe11062a0c999160dcd1f0212116135e2c1ce94e29105cc69da93f7c1090432f3bfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 221404bfd6e9087de912579e2c6544fa
SHA1 1722a5e59090ca56c3614f61bd3ae5c1f9c8e4a7
SHA256 0b099973af22d95dc995109a6e226b8d37d76bc47d201b45568c253e361e2ce8
SHA512 433c96dc215442d0b114f17e43549d527251ac2cfd0595d02e7705b2dc1922b574cd3986999eb2312bdd622447edae9cd2ed902371870f5c7d794c7b99b6ee98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 c63bec64fc055c82ea5d9075e84b4a3d
SHA1 ddc5092e74979853571675f62c288d39ab89c837
SHA256 376f4514fcd9a35001a036efb550ac1fcd3a9ba8e741bcd775be3a8e4036dfc5
SHA512 86be6e1059a270c32aa4e0dd2b0db2d87828f0a9a64091d3d606b56963b78631128c6e994bdb66424c12ca6e5a1f4c181ac75669775ccc5f340700e4b34ec751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 face1ecc5aec14abe1dcc702b5fcb197
SHA1 0dab12f960f136ed43d94f74525b0f301cd6760c
SHA256 ba7f1999977344dd193b3d64b3e83456c9b4be111fcd7a9b4f910570ab67c89b
SHA512 f1ec3d503bc9f44eab460fbaa8e701c2293b272eb4d9c9b246441069d0a964700b89a6e24dd06f55c74f569b8c60eb75c6287864ea3c4f99c54b3700cfc5cbd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 02543cfac13efdd046f1f8fcd39f044c
SHA1 c8e25cb6f2d74f267e420de9c143f93ba3d1a0ed
SHA256 30d96389cc64ee9081fe551bc44e2c972cc19a46fa130d9ebdbcde4151ee6287
SHA512 2c616a585c71fc2b7e9f4317bff8e029e8147991e5e8ab36351a86f3234e80792fab0749156e79ef450e8784377017d085719ad0c087f9d00fef928ce1daed23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 8f4bd41786c69c3cf1db25535618cf92
SHA1 8b8d661beb765bfe795350e0317158e6f074216b
SHA256 82ae70a08a59b30df4ff65ce007d617ae80ad9f147d0a20e302988217817cc45
SHA512 58b48e8a9c65a141617b7d133076e1ee788e64abf355475cb7bdf90b6f6f1617be55b74ff50005cbbb41ca5096fdaae2f6b1e2c8aaa516778da75a56c57544e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 77083eb8fa88159c5419d7f83485360d
SHA1 bdf8764a299c5d8aaab362c580323fe492f073f1
SHA256 24daec4c8c3d583df9dbbd3ee1173d0854c6e9e8fb68f24e73bfe157bf09ff0a
SHA512 91ed3bbefe3582e11eba0e2ac48550614313fcc9333a4bea2e3a7f20e26f2542b3fc8d9ca63407f2a8c73a9290473740364abf31e80f8586c0ec29ea1ca1d52c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be4eeef268415a3041fc4de648a970e9
SHA1 0a00cd400992245d66a6167ac56055b9c19a886e
SHA256 303b865f2238db6e9dd522123aed1382163587b751ea950d0f4aac065c358b95
SHA512 1f7077c1dd6b612925576ce2b584c6bdf5f9980dfbac75f0b73aa3ea9cb917892d070334350cbdf32c0dbe5f7a428f0e72ee30b7f948168df7bca9b5e3b5528b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 695f6a0faf655565d8b12dc90d440175
SHA1 22c98aa8b2a77ae33707dae2d09b0b93ed5d474d
SHA256 e46b5bf4aa90cf0d51ae6c8fd6e72057a0451a707735e3b6a3b6d1c78fe0e9db
SHA512 efc5b197415a83c82ba5df5dcc15e24e8550a18d3402c898ddacc6e4b308f66d7ff233198ad975e6f76769b34b51b46e81e7205f2a89d0c6729b068c4b296d7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a0e3.TMP

MD5 49101165754ae416e2191c69b489ed57
SHA1 a9b4daecfe921f5a42ff871e7a43e489c01379a7
SHA256 0cac134b4c4dbaa0e0b42ad4262113eb07057788e3ba6bcb18eb277aac3d081d
SHA512 5d514b6f1fd9a12595c7bc2f3bee2bd9248d08ce6f232a5ec2c790e54e0d34d242baadfe16c6f365f8127138203fb8c6c9f944c40a43e764156c296b1194441b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2ec549d4144644a17c5316e45574274c
SHA1 22691e6d00cd09cf014b87a40248a175951aae88
SHA256 0e4d1e5ddbc5a183e0898c03e44181fb8ebbd2155540bc29e0992880aeb21421
SHA512 8038c01628250f85586d79f532427130f7eab9c64c8ebfa0283544d22cf25f642a9ffb481e8c63a73141586d13e64fb0b96fd6410b86ab08456a43b01c73294c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a587.TMP

MD5 787801bd1fc96ac3822eb9a1d5bc0400
SHA1 5ae53cfc7b71ffb26a83887423bc45e060444674
SHA256 d8fd06ef020f6117fa065f0f8199fc3454475bce8fe488788b0ae427032bbf59
SHA512 6fd829df6dee72401818a7626d97bdfa4e29274267d3a3a22c8392049123f3f067b562bfc14cf9f31fa0457aff31fe7f2cf8399611e2ea309949b5303ed403fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d042aa9fc6a8a0bf1124e138db9bd0c9
SHA1 8de06ef4da13cd587433f4d24da04e93e2e4c9ee
SHA256 43e34698e41ea249803b1ee200461a4bdee7cc51c7000322fa466ba679922773
SHA512 060d6d1939a7b50fd03172e0ec94f34430d0e462126ed2a4b6043ebbb51f38fc263cfead5420513022d1630eca41d4b216c3b62da0da73d5f7c2c460f70d4a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43e64ede249bd234422d1519c5283f01
SHA1 f8b22b9b8fd0049f068708d68d11bfb040840843
SHA256 ebc51e046b4ac8c66720f606e9e4cc4e571fbf797e1014ed38de6f8fbef601e4
SHA512 be5beb61517a16517e01a36bf959f5fcfc743c35aa89f7d266583e1ddb5f978bab10af3c805bf6afb11be09b966a21ad491d411753eae21f1b9c1f197cb0c38c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5122efc106f91a119c265bdbc893faf6
SHA1 c4d07d995aef10bb11083f49cd8f55c9e9cd1c48
SHA256 0b44ed3086e6232941dbb8ad6ef7e316b80a72d9fdb0846a84b4603e8255e09f
SHA512 d0dc2b4f9ec5da439e58d480b75601973354331669a07f24e87f4c42d5261d2f3d923903757f49ce3dd49f294993df494951d705663efb950c08a296b3db080d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fe5e90842b055a459843a75f8ee30c8b
SHA1 07d986398aa5a881b14f3649bb1667f2db0f4368
SHA256 432f9896fd5af6b6af08624333e840591ff036ed5e8dbad0143918a63ca2f9b5
SHA512 0b0f1211f2c85de9adad4eb245cc96cea6b7e9b3e46b0b3174fe7e8de0075dd4976773af4bde1436fd592f946d642af45acd06bd4426322d52023387c28ad3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0d9ca56b-c117-43dc-8cd4-5b1ffe6164be\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b7c9b71cc6dffa4c8a3cf99c695a5a65
SHA1 35653de12f7ff7798ed1308ef6632ede9a5cacd2
SHA256 cb420e162f64a4e970d893b708ae6ef7541797f76a7955db0a1fe0ab4252d05f
SHA512 5bdd1d417b8b79d99c9ed6e38e681a44df979628a8381038195ade6841af30ee62bf97960e55b27668ec3bcc01f8eb5945b9acd21bf1d9e4baf5ff657a393acf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f451ecbd40e34621b00b0e90163e64c3
SHA1 b1fee9079459af88d6a81fdb309f0e4d3b1b408c
SHA256 de7e18c79be07073c2bd2d6b60ba173df156ef549f46f26b9dc53f1a220fe7d4
SHA512 025d830c7857c45e3a84d0831978a1aede82abdd464536bb7137418723d8929cc4f848924af1be77ad5c857bc74b9c3bb0adbde0859cc2f1f98ee78c9356c609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 40ebf54675935aee14520b8aa974e026
SHA1 8453cfd1e2ee9c498bd32cc5c62ee38ae2a0dcc6
SHA256 40bf18f0512715fadb11c824dd48fe37fe5fb6131a753d8a87edf829f7d14c81
SHA512 88cd1f09a646f4e7cd6ad53d799138e69ea553c15dcc04f58317f2871ea507611ad8d2357b4fc17d2e36cb73f514883a93b0920b0507ad9b23a38c050af40847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe57b12f.TMP

MD5 6a244c5400d9c4a4c7946dc4dbaad713
SHA1 336867ae61f3d0502d884e49863a3271eadf5803
SHA256 a812a4c3dad8b7d505a638a5cea6aedf3fc7e77fffd337247c80bc1fcbc0754a
SHA512 da6eb11a332fbbdb4b149dae893cf2d24394b342b057bfe6b8505bd6da6a0d9d896f9c96c94cd680c9d0fc467d24176a389d7d70e20c0371670813f6132e9570

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\102\{99071cb0-3e73-49fc-8c04-2e7afd9ca566}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\idb\1044455559yCt7-%iCt7-%r4ecs9pfo.sqlite

MD5 c85ea051d77d1d5aa9d268212e4b3d51
SHA1 f63a732f0b217e7b3527b32f1df0b143a00c0102
SHA256 73be61583019bf5e7aaddb5e56e71fd2aa2424a75d2ae0eb9bc833cac7baad21
SHA512 10edb9d488050ae797ca7e6a70052e346d8da06d72e5aa9324527e2cf96b170d52c4a8e1df1635a3f56bb8c24fabfc16cb11d00dd805aff48493be316fc6c1e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 73cc2b12577493a3510500b4eec2e192
SHA1 52fff8c55dc3e9fd9252141b617ff7399c350898
SHA256 04fbb8ea447a9c0d3d3af88593a0cd74ed920a74f21fa498a92f29977eaa4296
SHA512 34764c6aed605ac364d6f20b3febb888fe8f4e68c7faa5eb5bf269bf8aa9c355f608709b2150acaac18939218f9194feda12b218c5db34e5711ad516ef5f5423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 29bb3b6c2d997a911887ff15b45bce75
SHA1 b840fce3ac462d3eaa4483310190c54dc8d861da
SHA256 a4101236aac2428c33c1ac8805b22fc297db6dcecad764381767f41851c72f91
SHA512 3f4d55ab72b5bc81e04a6c184004da9b10ba26a9ec02f4a351461007d9927c86cbdca7ea7e41b34ea8af6ab67d04c689f9ef9410eec2c405b7c63782d2bafd15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\249\{189d15f8-a5e3-43d6-80db-13da069107f9}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\44\{8b67c40c-cf15-4f80-8f99-5d34b220172c}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\43\{e0425d67-199f-4bcb-a326-07d59559162b}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 9379c523100f98b98eec7f8c7abffce6
SHA1 323619521fa320cf4dc811c76267f134571dd62d
SHA256 eb6c873f25370fd6edb21e9ac4133666e2a0cd7f4b6bbd5398b0494f8418a9de
SHA512 4f9ca642a7ed8535c567a3a48b2e30a8e13b6f8a6fbb21fbca5d32926d6131450bf27452bbea73cede1828249b6cca9a5c0db6d31a58aa567c21dc61b2467c15

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 e2e159485bcc610b88b34618907a2ce5
SHA1 b67ffc511e9b61e76336f0c2a0f50918be89b1fc
SHA256 9269cb01c0ca51001ef6179d8730468f6c0ea512bf29ff6b88e2a7968294bcca
SHA512 95d44a1fb049ddc3f9cc0572bbab323c1578d4d06c2dc62c9363243e54a44441e080e73693f47563fd97966db0ad60bff1e174e047acd25b7c5821256eaac2b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 100a2ef8915cf26778a77a17f3f90426
SHA1 000acd689c8198a9dcbc8a98d386b86d66a02afc
SHA256 0a1b042afa93131239872c877993b80d0a77e3cd7a17b7a284dbe9cf27d0d7de
SHA512 c310886bb555e3543bf67e8a1b221e88061f3524f3c68e2f6a3ec58988b2ac682ae2f3a5cbb64954676c58ff1ae686660184a2fb49e85e130db0a5206f68d5a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\28\{2b288b77-8ed7-41fd-bd19-24e0e9a70f1c}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 eaf87ec4ed961c908e3edd2cf6efc4af
SHA1 454670243ee381339ef6264e91ccae24db4fab56
SHA256 52470fa552b6520a3dd792255f2edf4b79e13fa5d0814f6253754bd7d65702ba
SHA512 e98730c07856a5ab09ae4f8ca7a965e4d0a865bc55e642ee0305cb306e32d45312df718a7d9c1fd53ed3c8a38404a96b84e14c8067604ec3d0f6631805768efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1541878c19cab023e10378c9bea8eeb
SHA1 4c9362f792fdcff0e57dec5c87731319efbf115e
SHA256 9cbf2c7b4eb5311afca08265490d2209704d29066305ead6df6e9a5571b42c00
SHA512 1afa17f2327ed7a5c6e5ffef7f0da757092ee0ae140964a5ed2017837f35a4887973f4fd4ffafc1730d20ee726d0e386a64d2a429809d5cbb0adb055be3c7234

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1dec1eef393b7e78d344f6e688fc2468
SHA1 79794dc15c897115df979d084af8f31c282e3361
SHA256 68965fcaeef19e8cfc2ee4361407d70209f68b24e1b2bb1ee53bf2493ada8750
SHA512 2da091d1198f6d8cc3f6e889f23cc3faa70a458012e3a257cb50f184d7963d16131915c07c3d8712d14351a9aabcb098ff0813e2de99a91776000cb9763b381a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ff0e7ad39c17d82e7597e6d5babb655c
SHA1 c93520e1219c1747ad4e8023f7f135e0b7b08727
SHA256 ad72f7e8a41fc47044bcfb5ac8b540265d1bcb48f78b36613f9850a4f3d1a6c0
SHA512 1c2abfc2b7cdc49f23e16047d0d3d9f90ba9ace9d0ec7178863505b089cc00cfabdefe80f57200172471906a3754e2fefde64bdf39dd536c0d688629c1d6e0ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f414.TMP

MD5 2ab4a87ef42239745cd1c90d46cd7b8e
SHA1 d663177fe15a14b5adff2daa19c68b1223045829
SHA256 ec1d4aa491bf7ece45204202cd1cff62b1445275d030b154b3ff48c6a4fa3b36
SHA512 cbd1bfb9d7e2cbe439979f05926d8d0b63477c9e60db78068550e53fa64181edde91640aa5b7a0fa94cc4cac33ba01d1fb2fec057ad581f79c8a68e876b43093

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 52f843f0c4e1ef927281d34b57e14487
SHA1 7c57568f5e11a7794ef92b3a29f161c07ce7d775
SHA256 2c5ddef0133bba043687ac5bbb12787779e981cc182c562e199fa9daab95e3a6
SHA512 ea27ad09a6539e4f28da5ad881281540be972da8f27fa72324bb4808ec856483d5e2a972466223e9aa19bec5a884f31914ef9a2c8cfad21251037123fde310b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fb1252f8fb00424bb091e0ab8eed186f
SHA1 8eda32ec98262852c1fcf0e32f021b4835b6917f
SHA256 12fb24be5faea1e49eb98be48b479ca1549d8c507605ea9772f60a06d2b942b6
SHA512 245cfcc328101ef9e21def44362adcce22daa3fc957407e737c4004dcc05c426ba3ce7eb71f93ea9566b59df980d832e8d34c829dfdf2f75b1e8d518deba7dd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f918a979b8b3c90a4a78d1cd2d8ee525
SHA1 a8437064f290a00c7abe0528f1bffad130e7c23e
SHA256 758e3ba80d874ca88621e25a2363a6f1be7c8fcaa1fee156f9416a70ef64a6db
SHA512 d8b322cbd92dd24fe7804d8f2358a1376a811da287170068ccfa2233fdffbdb4ee8ab8280a83cb85b0412f9dd2f5e2ff3c0b905c796f8861f10b195948f69d3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580bd2.TMP

MD5 2176b28b3afd2a98b6bc5bc27101969a
SHA1 da8e59d193e5ec5b62846145b5bf9d9f378a8b92
SHA256 aa3c4ef8f31cd26e9ac8766d3e4a3553a5d8247a033036711e9401a1536ce38d
SHA512 10bc53f7db8b15bd59c47be4aabeb73d4b7c8c276c1e4e8b0ef7a1e0dd781af11c260a87ab58b4b491e1d43be7a2fe4c2bf93fb5ecb93df4aa33724f480a048e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 22ae5400adae93ac44c6e266da1d7183
SHA1 f39c3dfb3d2fd4eae2951aa9d4d05d294a8a6303
SHA256 b40a80adc5f0403ff59b4b22f28a75c6c48d4e007082c972b25c27c276d2f246
SHA512 645c01f6972b136acedfe6312836b9c6291a933c3da19ec91847a6cc130fae15727f6aa1ad209ed7080289b654146326b8a8f93af8702a6d7e124e065852acc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 2488e434cc8cf92865b8811a18ce58f6
SHA1 67fbb910f1043557c169d68fb9857dabe6cfff40
SHA256 784467af974e02f584fba9191ee85b75a59ba5c5bc599704fc5847ced85157cb
SHA512 5f857c8596c65e4834dfdcf934e89728618eb5f757b9383d0c058f509d14522e113fccc453ceb62d2365b60dac6e3ddca92fd0f9bcdabc9c84451915452b0d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 93639bb887fb7b4bf17e9aee538ef501
SHA1 09bfe462e88b1c6e54c6c9cc7480bd8c13d86800
SHA256 0dde2c98afd6342ff179623af993ecd27a9259dd44b43c0ad9be39c008dd73e4
SHA512 8625574310b655183c714823b3e768c9595a450af3af9a889ca3cba2671eadb289584834a37a087c2b3efebc95b5193c64f876d4860781a54ba16ad9fc4ac0cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 3ba7e6919bc260bb6ab523197f2be3e1
SHA1 ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA256 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA512 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 3b2df667a176193cba046f74787e731d
SHA1 0525109b7a249a66df8c8eb7d24b49852cd076cc
SHA256 f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e
SHA512 f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64cde518de166fdc4e430293cc78cb19
SHA1 bf6138ae0d41c792f3c06c7641cf6210cca444a7
SHA256 04d2401d285a936114c5f2091d80662989107529f85bdff9d6c501458033f3ca
SHA512 203baf19f365974f3e29032f467ab9514b831f9a77c1e98ff027a2eb6cea96b657ba3bfdaed3649cf72bd724824b7349a3c05b4cb6df9066d23db1ef83c8f790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 347c6fc5bb0494da831e42ceea866c77
SHA1 0dbf0fdc9480b42f915b050dd75f4b6be7af3969
SHA256 26bd17d6acc1cae44f58c9a011f30f7190997d0bec1c5ad1960528b0d1785595
SHA512 ae5ae4dae7253e36dae1379072b455e39e1b70b27ddf1a15b702664809d1eb68909a6fa16b4327056f63be8b776beaa492ba900b017e2a90de5bdf1728b992a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5936474ba0dbd162527f7542e19ec62a
SHA1 c2cabcea9e9bd841ad4c089352399f77303a9f16
SHA256 e4e2ddcee97839accc2ea7b6f1ad7862f4c4d28c38dbf02aac12d5ba073b7cef
SHA512 fd9881e5e6674e87b73d60c15e2f377502ae2787268f144480022f0f34657ec1d015aab354e6f60962a0aab329e6792653e03544a8d787422c97549378bf6e3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 48715e6a0563bb950e7a62a54a39bdd7
SHA1 a2c90cdfc2f5629361154e0c1ff8468b8e82ab94
SHA256 e1347d9e39f1eae455216a6fd1c175fa28cb9134bf359d0eed1a68a692757336
SHA512 860f59f5aaa0ebfcd4fdbedcfebd4bad932d6e696ef216e5a3a138b482e8e39eff3d2b32e87748e9c25fc090e801d5e84c20129444e52c12d3fe0b134f690f25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87333b51362767d8fc78b3be10b200c8
SHA1 f7ae3f2ff3ccde8e197c60caf4b988cb0a762136
SHA256 127196a1405a4ff23c3a0a5b50fde6616691b92eba9a0e4e7fcc7e1b9b33fa18
SHA512 ac3a4e8167697f3ef13aedc419d24889a8252c90307c4b683ebc79c018db7f73f1e9a1e06b16e814ff80f814bff4ab2f0ef2a8f16f874fefabb0a2f497f37fd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 5e1d4d1d01809539d740e5bdf23c8d95
SHA1 a0c948635d8e6cc99a08d75ac1b628c0bce59d5c
SHA256 6f1ef416154f1ad8752a1cf32c8a51ab984b6dd40e4244b66343eb76762f3b86
SHA512 01be26e4141d8cabcbf90fddc56894a6d4c6f4ec8f82629979c0ddcb21609b8983efd3c505246447be4cf7581d2d375345d1f412f9d563c44f1ea2ea8b9cda74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 052062436e7a6cf0a35bb90954e55d42
SHA1 6458e7917330f1690e64e8b911f48785ac01b636
SHA256 74908f89acf606bfd0df9f85d71bd17fa193a178ccdc292b28daab90a6870dd3
SHA512 29ed55de2d3003a30e92d927e2ec3305209b6ec781559f45cebc798f4439ed7522d49df1499fd01818eba0e44823eda08fe36db39237840c8c1c0e69adca935d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f0e4f11a0d3e4458ea80028da4c3bc5d
SHA1 4ccb07df151c54ec207f30733a765b5543e51c9d
SHA256 4e4364dcdc5a420c3b241c12d596a9f0bc5d1fb433d766dc520c4c6d886e3e42
SHA512 b0ba4632c3df80ed9c32ffed6ce26e6621989ba0ead87b01050d772a484e7808eb7991a744fe80d304696662995ad5c1569c467f7b6f9b6f24090bdb09417398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 519d1e558a46053afebac0aa732dd790
SHA1 a30649cd2094aae24743b0249e7042ea4ecc2a4c
SHA256 f63d39e8db990d2e7102a0fbffaac6e1f51e3e374ffc61764866c36d3c7110c2
SHA512 94840eb9def2f29ad5fcb089369dd4457978563b375f92c6d0fd1150ec959893bab4ce148955f325b9c8bf2b6b17941fac6736d00f1a62523a0b205c3aef60f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3bfc921108f16791403daff0ac857e33
SHA1 622668e447f5c4a8920b6be1c44af820cb1e2882
SHA256 36dcbfc5eb614b97af80baa3357c960084c4034f03dc9ab46c60ca78e7eb28c7
SHA512 e659bbec3b83a7f51296ecd3a51a38bb268916a354571cb61282c5c34e003883e2f96f02b781a96e6c33650a44b7d99b0a8d2075fe49404954a41f63aa26ef2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 aaba5e872ba07d60f556b78df854279e
SHA1 93d1494959f4027195f527db143e5aa89d60925b
SHA256 0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c
SHA512 fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 bbac7bb99faedea9a0cb17dfcad195af
SHA1 409312e9c3a5eaa03f2c8227a3693e8a6dc850ff
SHA256 b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3
SHA512 727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 98352f977fbe02dc114c6623fe68cc4e
SHA1 c7d0ed0c59de93b8f6b10fcfcf5c6e263a2a8881
SHA256 51e49888a5a88dae20f684c1d89038b48dd4807b0503ed8100b333151af2b075
SHA512 c4a70f4b57e817cdd98fdb66a67430c922fab10d104ff27b82442d78b201b919f2e2289f1f491365d62fa9623bfdf2b15f248f2638347accdd6e8a3b50906ba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 81300f98a5f11ef30ad338417985e352
SHA1 0f2f7696c4cf0594d4b158a3969a0f1d9bf02a2c
SHA256 404c302ca7356ca7ce6fff9bfce5bd9f7b1e25c2563ad069536501103cb5fd4e
SHA512 d5e0172bc9a82bded0c3dbee328c9038ace4a7be9b7effb596c1089ae1adbaee0352311092468f214b9ff86ba2297f421d8f0c9c44a4ff3bf58a49becfa25788

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 dd79e6f6a17afb8bba9194a8ab55f817
SHA1 edc696474a064225be1e7c1a60b41b5e45f37536
SHA256 b1a7e6312b2d1dfce1878251c192de202ef990728cff439bea840320ef550c19
SHA512 3ca3ac5ee8c930b292c103d718939470bdcc31c2f58906132f162a81ca50f7d16457247f6c88cbd44e1f85aae7ab2ab00489720b6e3fb2f0671dfece0c33dff4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 105e5691c658abea3e641c40837602bd
SHA1 eb29fd84c7b4f1ea36d204fe8d0f3e168778a185
SHA256 2bc7cd4b22a3c5d0cec619fcefa2e0f1bb85c351644c7eb7aa0b96564893cacd
SHA512 4b056453816c6e8d36ac23f02165bf1096304ad9b3394feeda19961d2718567e3e9bf929474a4dfc3440e445dd9282a0ad51327fb4287c7e2260b49dfce17b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 e337014ceba65092b027bdeddc48b00b
SHA1 98ad97b8adbb411d6d4623fab506924aa6772304
SHA256 c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA512 24dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 47d439ac54460432f48cd047b82690f4
SHA1 52115d4747d630806af41bb66ffd298801e91272
SHA256 67537f9975edda7b9144fd733e331f8885d911156d769e59f9b08fdf154497cb
SHA512 3de46009cb4e22ca87df77c60272b32c48b80b167bc68379b7ac56a972becbb92d25eed31908070563da6d9f8b75a4b59715fce617971cd44d076997b6fe576b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 e461b4ee50134d0cc841707a480ae41b
SHA1 9233b7d6d5e8dfed8f7d83ec865361645e9a0e59
SHA256 08ee8a85a2c92c5bf979aed22986f53639ee72f6dc6da2c2ed03dd7d9dfe74a3
SHA512 320db04a8f2dd11e1a9d28bde3d82e6d76f31b9c9436905bdc81ec1507bb884d295121c2e91a18bdb2351c36ee23eeb7af53a74a6cf3af3a8f7d7d091c980d0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 a51094e60496b82d03bd71bc6282f8bc
SHA1 c93dc4f771b0e0459694e3a1924ca9b636033fbd
SHA256 7da486bb6e151cb329f5f7d146ec2340581b1a2b259bee5c64d63f5578abdc5d
SHA512 fd707ee27078fa5c120af7b5426331e551fe1224ef1f81c327015e74d73102da30604b1804eb1aeaf82e82c4ad7ed9fe6d6ceb40ea93abc0305a13866bda4d1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 be0098a02fd50cb978f6c2218a6d13e8
SHA1 6ad99fda6a6b84dec26f43e7a176f7f743cad142
SHA256 981664fc7133121c688f7f85fb65a4c332d6645eabf73e2798956d2f48c985b4
SHA512 d40ffd831178d5cd0f343d3701ccdb6bff93d990010f6cb5acef5723b7465841ffdaf30758d8fd2e8b24e5565a2924cbe03711dd4ee77b9fff0e25c2b2c57395

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 06e72048ba120b4d3c0fe529b7f64e9c
SHA1 b4a10dbd89256b18bd7296959fdbc0bddf788184
SHA256 4a0d3333e7c647a8a422c28a157253b8ae35c2ffc18f68976c734007f46c483c
SHA512 d4e0f121b07ce5f25bc49b1b1fc2900317705a16e9829fd648cc20e7d1849b4a01239f8421beee1e58455c03364abfe842d7732ea29211977af6d09e4dee146a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 f415fcf2acd16e5f749f4111ed014f39
SHA1 227e0545b84df18a52d8abffe561e335e0ae748a
SHA256 c6eefc90588caa8a36cc05425b2244e7e134caedfa3d8dfb89c880100dbf2a4c
SHA512 2ecec8e92de77ec85d5a196fb87456b84041e4d56e0ccbca41abc6fbcb86264dc76715fb73bc8f9a0f14adb61cf161eab32a589bedf1b1b6e91bd8cb2ef83504

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 2fcf030be182882d9828db68cf41ecb2
SHA1 7f6e47ad415e88e642f8d718e5073dc36bdd9bad
SHA256 0f768911736ade2b011c6a389d960f03d85e34cbcc91665ab54be58dd4101580
SHA512 e3a1a0f649b780dac23db4007310806a3543290b24803e627f16e23f0e99db9bd7bdb4a5d3980aa81bd952572569de0a3da85c06a00a562f79628bbd7150d591

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 9189cd5ab38f83239b8485968fa2ec03
SHA1 8250be4962c48ee500fc293626d2fc3d0dd37be4
SHA256 e5448aa288de31db57a4a84a4d491de9c14fd408dc7bfa72c50c5e59447dda47
SHA512 c26b497eed9a68c1f573e62f5b3ed1c41edd1d4e331cb7a80c0e67ffa4f3b6a13f4cdebc14a482a28f065a8051884e6ee0ceaae2f498661ec380b371c7a75b4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b0d00ac1e3b464779e0792f27281b49a
SHA1 f028d54df77006769299f955a9ac6c4463c893e0
SHA256 d3c8494482365f11e79a7162d247b3add6898c339629a3ff36b755f0e7a03d6d
SHA512 4694d860807f828d7e81ac7c6fcb3bece50bc23e88cc316188d191b5a227fb9dd2f22ffe9b996b9a701b992f3963b79415ea9f0fce8d88c5dc080fd86a371646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5116475d1ce55a555658140e30199e72
SHA1 b26b6a024484f5b43222d99951c0f0100c363644
SHA256 0c08e70edc5b109506d91b032792a1a96297591a478b93e0c040a7e98ee92fa0
SHA512 352c9d7e1556fc49fb52047bb19ba055f1b056874534b9eb1ae8c67594bf7251ab2a05a570d477aa3ff4fecabb72a34a6c66fbe3fd553162bf7d5c892274c84c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 17400b24289007e686083c03c52dabd3
SHA1 4e75a2ce172c5b8ab21a58197f461e7abbd4ec75
SHA256 f68207b02a20520b14aa2f24f529f3468e21e142d33b6d4c28b7739e82f0d912
SHA512 8c7901b44315bae7ae90f0ac62ad509f0a8a5f1501a48b853755cd443e8916a6f4cd5f8c0002f103e7bfbc3bb79d0a662a0696847f61549d9169a6962ca2ca9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 6538bbbcdb28ecd57c6cda40aa2647cc
SHA1 e4e9e0be629165bf26807b34dfe16dd0b95171a4
SHA256 0da72fd21343290b4c6ac5928939e42e7eb94f8a5bceb15fd09d49a0e9f1cf87
SHA512 427286d5b0ab76d1baaace0651457fd3b5bf2f41f301002eeab135755f3915e1d151dd01cddc33d2770b31272e443007d91e85a7d51910d04f5732c50c9608e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 fe86537be6e1d4d01513685a373e78f2
SHA1 adce8c44871beb413ac4dfdca5f39c6f131dcc6f
SHA256 10a1df61d338ead82b01c5d1ddb27c5a197f820c254a1c5d14f2e6240cb8e201
SHA512 115525aff1a390d159565610a7eb7a66617dd47611cf9c3512e43ab968c7ce96a7dd6a8707ae62cc116c17df911750c94960681cf9700f2b1e8711010a77d8e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 edaa46669b8d5675875e119ff5cc2637
SHA1 b2478e5cadaa51c0938b49a8c45930fbc24c8119
SHA256 153fea7cb4a5937880db15bf4d4bcf89a7d32fe74f22549d1a826269f23c1bdc
SHA512 6204b859df55c389c06f773df3518541193aea6c8b6b2947b4e0ee852c029801275413ee11792218816085915eafbcc415fd93b18ac043197ab9a4e1c9b4a230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 719fe66464cab27ad02d5fe0f38b2f80
SHA1 50b5b6638938082f5377759623aacde093bfba3c
SHA256 c04ce4d3750b0cc678ae80f1bf36f12df6343b71fd2ff8afb81d4339fda8bfed
SHA512 b7aca7532988ba373a713a077ca9125f3c3caa46f36119a9853159ac3a1ec8bbda2d05ead1274ef47d28c65800b1a0560974e9339be06dd8d179981d306d3a54