Malware Analysis Report

2024-11-16 15:52

Sample ID 240207-rb4c7ahde7
Target dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624
SHA256 dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624

Threat Level: Known bad

The file dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624 was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-07 14:02

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-07 14:02

Reported

2024-02-07 14:04

Platform

win7-20231215-en

Max time kernel

37s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C87C281-C5C1-11EE-971F-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C8326D1-C5C1-11EE-971F-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308be352ce59da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000095d2600a0b7f9100805d6c31d8df5c7b1f29d759e0bfc5a074c75d568b3cd3b000000000e80000000020000200000003008c9b0518f928980a342096b606bd68f37c8036728d1b9ba08b852475b0c6220000000fe217bff187988715f0d499c69f06450a268366d08827be05863c7c7d288b18f4000000003a177e83b8d96eb40691afe946faad83fe000c1dbcf763c5de2a24a01155290cd7c6cb9a590c2d1dbf22827d9d9bc448a1c1ae74ecbf8020882e61b131a70c9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003fbaae0d3afa72d87ba0409d04419c72beef8c9eb0d6b2cc6ead68170af525f2000000000e80000000020000200000008090736d34f72bbc643f92eef86c8f745fbb0431b418ceec616dea58ad3b419f90000000198d9c9bd42f6602492e9981e5c854565badc952ce6860f8acab2415ca9983c1fd487429b9e3f3b7876210e2aae38e1080f886c82f88201b76f15b9815ce8b2e96e5e165b2e1e9b216122b24e082ad1f7fbf242e41073ffeb79a6ba1fb5086f7e484487b59e94608d02f4f7b2dd99366dd90edeee04a5c1d5930123549a85f43db14560c287ed4d2245d5b5f57106ca440000000c4470a47ce31a27498e2d3fd64eb7eb3f6b1614adb8199ac4e22eb870a9276f80c2d29737f0974435839c4601d1ce6b742d571c4eaab1993166d3c4783417b00 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C82FFC1-C5C1-11EE-971F-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1640 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1640 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2272 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2396 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 3044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 3044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 3044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 3044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2940 wrote to memory of 2172 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1640 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 936 wrote to memory of 1940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 936 wrote to memory of 1940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 936 wrote to memory of 1940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1180 wrote to memory of 1932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1180 wrote to memory of 1932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1180 wrote to memory of 1932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1592 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1592 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1592 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1640 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1640 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1640 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1640 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1640 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1640 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1640 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe

"C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6ac9758,0x7fef6ac9768,0x7fef6ac9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ac9758,0x7fef6ac9768,0x7fef6ac9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6ac9758,0x7fef6ac9768,0x7fef6ac9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.0.891077359\423183726" -parentBuildID 20221007134813 -prefsHandle 1244 -prefMapHandle 1128 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5484511-321a-4739-8f7f-79e238ae2cfe} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 1356 105d1b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.1.1457351356\673740403" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 1536 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cd262e1-5478-4599-bc91-74aa57f3cba6} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 1568 e71358 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1328,i,1176759140321956542,17273812530139217365,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1280,i,8158644627406001651,2653492527313179791,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1328,i,1176759140321956542,17273812530139217365,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1280,i,8158644627406001651,2653492527313179791,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.2.1292245319\1019890782" -childID 1 -isForBrowser -prefsHandle 2128 -prefMapHandle 1852 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a314659-a254-4345-9853-41ec5320aa9d} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 1836 18a47b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2424 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2532 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.3.8422632\251324531" -childID 2 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14fc0b5f-8d4f-42b4-8fd2-4f9ec2cdf679} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 2472 e62858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.4.1057351073\1941555384" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3676 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c71726a-c21d-4a46-a2f3-80c299fe5bed} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 3692 e5f558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3244 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.5.1365847203\479302977" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3908 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea8f304a-9e0d-4686-95cd-246c230d7db4} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 3924 1fee6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.6.1998578645\404149118" -childID 5 -isForBrowser -prefsHandle 4116 -prefMapHandle 4048 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {caa605c5-750e-4ca1-be17-44e218cf3c2e} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 4104 2019d558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.7.1434897237\214772006" -childID 6 -isForBrowser -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b61649e-0080-470d-ade3-8317bebc1da1} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 4392 2145af58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.8.593026525\1415500865" -childID 7 -isForBrowser -prefsHandle 4364 -prefMapHandle 4348 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3526cffc-78d8-491e-bcd1-f12e23152121} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 4408 1fee8058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.9.238568922\2113894231" -childID 8 -isForBrowser -prefsHandle 4736 -prefMapHandle 4748 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5649c37c-5ae9-44c4-92c6-260a78387a38} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 4728 1fa64858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.10.1020660368\1381740800" -parentBuildID 20221007134813 -prefsHandle 4916 -prefMapHandle 4852 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33804e12-79d7-47f5-a11f-b0e49dbe8a0f} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 4904 1c2a5d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.11.1877974923\1718540204" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34196111-9ee5-46c8-9bb5-f5d71021c4b1} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 4692 1c2a4558 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1380 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1396.12.47945265\1016210324" -childID 9 -isForBrowser -prefsHandle 1956 -prefMapHandle 2420 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b4db576-0e46-44a2-a56d-48d5893fc9b8} 1396 "\\.\pipe\gecko-crash-server-pipe.1396" 2364 1b0ecc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4288 --field-trial-handle=1372,i,10089892906929307472,17145131417448917606,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 185.60.219.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
FR 157.240.202.35:443 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.213.14:443 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-aigl6nzl.googlevideo.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 rr5.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.35:443 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
N/A 127.0.0.1:50121 tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
N/A 127.0.0.1:50166 tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 185.60.219.35:443 www.facebook.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.195.35:443 www.facebook.com tcp

Files

memory/1640-0-0x00000000007C0000-0x00000000007C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C82FFC1-C5C1-11EE-971F-6E556AB52A45}.dat

MD5 3b1b468b421cdba14814461c4bed8d84
SHA1 8d9c9d133a39aa0e623f4845c393fc4d8b4720e6
SHA256 8913b26b020f60a07839220b46389d65361ed26f2857a7ffa0b990f35f192d5e
SHA512 da16d4e1758128cca8bcacfbdfb5efccd964dc5bcda51fd47cbd98d0790b77161ac13a9e955d9c5dd59055996b8b470253765b90108f35d89b4f7ba6ec5381f6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C87C281-C5C1-11EE-971F-6E556AB52A45}.dat

MD5 197f88b154833a63852b27edfa4af9ec
SHA1 1ed4403fbceeb983234e078caa0e681353bb181f
SHA256 a9ebed182c622123a1fd3ca10e50402f2f7f37fa0a5fefd00868bdd1b6a34fcc
SHA512 36af500aa83b0ee817fca5afac16681ef741fb5645ce929c8851d0c5a62049a48c8ce514bd9abca0207b36e141c053977c0be4055479f7a6cc16fc8a2eb3f36e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C82FFC1-C5C1-11EE-971F-6E556AB52A45}.dat

MD5 8d9d10531427e0c0a75f2dc7fabe5ae9
SHA1 ecb48e22955c77f9fc491449c60d795a11150723
SHA256 4916616d7ebd689bdd3f11baad76a0ed24d622e651f76e5ac54f553153b87ccb
SHA512 a96545411f9b56b9bcc47ee062b201e125b7c416b1be3e773b0bec0120b918dee90b174ba85757e5039699a7f6787bd7c1f52b74b1414573e850306ca2076203

C:\Users\Admin\AppData\Local\Temp\Cab6355.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c6c65062c872e0afdd554e76936afa99
SHA1 0b31546a79672fe65585fd714d0ddb702b7c3633
SHA256 c0435691501796fb1120bcec7520dba95268903708ccde4bf1191019af3b7e2c
SHA512 7b2a9f0dc518ffec1f1219897caee819b39604f3196fbb85bae22687eac13619ae0b9fc9058e0994728cf850c917907b26c26503daf1016047004124fdf7330d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3c07ff2ed22c59cc74b22f2afee002ac
SHA1 1c1175e4685e9f22987dd4fbac9b210c3c472ae9
SHA256 6631f9ce02015294dc5280ea42012430e04d2f07dc9c672793ea181c53e7d2c2
SHA512 06a8b29e128229309ce0a43bba4577aa30c265718b640e8525e7e49ad3f62b9e6cbb98917891f3ec2ca682be53174344f47ef52d963f63375ff11e98cdb14ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ea158406666da53ebda190fa53c848ab
SHA1 9f05a2ca29d7c89dc68f3c6b1ab8881713d053a5
SHA256 b1dc7145a4a0c7c443d58c11fb129d7b7fdaba9630e3d54d5f223883370bd643
SHA512 ce0800815b90ca774af363135288e5c32480699f178d54bf032733adf6875babfef7235e50e545ff26055c56fed0729e9640845f9e46f2664e771c32c67d536f

C:\Users\Admin\AppData\Local\Temp\Tar6406.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abfba8b77dc1fa1ac5c03b5e00a3e97b
SHA1 4aa957d29127d62837f1ceae4784f8d0848ea399
SHA256 c2737ee7692957aacadda4b42d63782f0a2805b56e064412a670b977eb3143d2
SHA512 64fc8ca1341f643655799311640c8f267bf4fbdee8d6038ecfd69cbb0a36b2d54153747f643e8c2c534ed92fd96acb0f49e05d5c0b258337be052a4ea5492e29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 58577a95550d8565941f851624a649a3
SHA1 6bf61e35aa6b2440bb5c5a6919b0f433cda65079
SHA256 8a945fdf2a2d7c0df97bed4fddffe88a816728da61b46d9aaf3e8de5bb612562
SHA512 da217de067ea8d540f49ed7d3cf6f6c48bfaa83174d422340229ab8a0659d31e6415392aa9a7b8216f4c940448f05f6a332fe6eb65bf69d0a6e43506f1593c8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92c3db1f4a7e89f1ff3c03a834f1b342
SHA1 5cbb58d9b17e6479763b77305ca4b01915aec39e
SHA256 799556f8a0f1c7ea0e0a2410a884b7a9429d4538251b7330ef11874dde099f3f
SHA512 1dc1d0e71bb8dcd77da97a38b24ff3f50dc273c96e75c308d3b66f177647d33c86eb043204a7374c2269c4c674dee4f7c6ab2ff775af2ac93134da43dae039c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f4b8bb4cb2feb93545d74a0226ac64a
SHA1 e186d489c17de608529ffb28d5540cf96f88cda7
SHA256 264130e1f0daa0d07fbf492902560567dcb7389308563e1ba0dbc0251cbc516e
SHA512 0f3e56c07c5872e570122948e8fc561e1d21c2310c3fd4c0d9143445d69659a36c0aafd5c5abc28f4583aa07c159df67f218f149035bb230ea94bd98deab6629

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc4e0ab4c93769f4bd3aa2a3ffd0391f
SHA1 1335ec17dcacf3c9f4b320fad02a46fb7f5a9dfe
SHA256 bd049364fe9f4e4d289be45b6ba6dac7b37825fab3f41d71c645c94cc7ec5ab9
SHA512 d45edd6d7a083d0c34dd85c18129b1ceae8aea49260cf28018af2d25ec8eee9829ed8c222bcf1f0eec421256351a824b57446ebaacd97eecb19761667e97600d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 6d16c96d1e67112905147076c599c84d
SHA1 db487dba15f7a4fc1d3053b8b7a878773588e2d8
SHA256 7446ff4b6aaf8a85423a4b2a2d5d4bb533d8e93ccd487588768baa1689924940
SHA512 b16501a3a55f33b99af4dcc9127af5c611a5d03326a518905d0d45a71d6941f7ab3dda918ce9d782d1f97cc3aca245ba420fc452fa6b2f3bc7038bb583ebdfb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 a2a4d4115f197a39fa1f8fb7b45ca3a9
SHA1 6c2ae448e5b0db9e97240186b9521959c01f8ebf
SHA256 af2ed48dcf4d5792a88cd6c0db0a5b98c12fe5d987e7a5a76c241dd02ca57ee0
SHA512 99e70c3e0e9580e811b36d469498f2f99a04ecab3cbb88ea7a7c53f77133e8ee4a3197f071cf4493e25d03c51cc54b4919870ee56c07d3c61f182adfc97164a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 3e083aaa53b4b4e74dc6bc026c36b34b
SHA1 a3239b45230022cb763dab591ae48d386993260f
SHA256 85f5552ec1b4f817049bc755375d445adf6410723b0b30b86f33e4bd82f1d869
SHA512 f861ca27b44b4731b1565324bca65d45a697e93c257b6e6d40b0270f47004c74c7681aa99fc0226f21681a5400dbfcf3b332a9a780fb9b21b419f026d7908648

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 e11ece465b28a6b1e7e1668088ec5d20
SHA1 d03a8f3c2066872136e0e979cbbe23aaf3f2c681
SHA256 b4436bf679e282f053cbfc892a983677149d7776710e33c00b4a02341ff20cf5
SHA512 b69d2a2353cc2f9e8d337d0117ca622da78ba508f0477992ebdab16f05bc509980be266b7d6b0f4445b35b3979ec2e52f845a4dba42a80e84a67800fd83cce30

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 e3a8771347c6a32637a51db405a17a69
SHA1 41db376cbe0b087a6db541175d1f052374fbede4
SHA256 ced034ad30421565a14d157aba24dd1c0d75816c4bd71d4d4563bdbbb3eddad7
SHA512 86878729c3bcfd3ec7836b9e531d9f8496ebfd0f74472c5bc6f69726dba138590fd5863315e4b60ab767b8343bd2f1dc64e8bcb4d21445ec937811fe1ade34bc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FX1PVW0V.txt

MD5 150ebdf088d9c2eaa0cda39d63dee37c
SHA1 0b2e0c36971c770606a80c2b4c3752106387ea8d
SHA256 b36740eab3221a8cbfe5407e42b594274805908450ca64b5889bf55c42c4eda4
SHA512 bc9074110cfcaaf1015749ba94ee7a096a6f4350ccf424609f9a4b6d0cd25d47a9be1ef9ba102b2d48051fcd901599100712479e740d7f3752424f90fcf2d1e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 727cd4b2d38d634af83fffc8d8005ba2
SHA1 5c40beed98b35d5bea0d1e7c9e5eb2f2fd1b1351
SHA256 bbf2358dde1882ec7995c074acb9e7ab34712f6315dd85f905478ce9d58eec95
SHA512 139cfe25d34bb1a0985939021bf6a6f49ffce41dc661569d562a6ba4cf53694b873b57ef5815c3cf8d4400fb82064541184b0b457f40bcdaa3ab8d535b22e110

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 e7632ffc136c2c9a3e20819ab325d8a7
SHA1 3deeaca414d6ac0a9e3825d391dfb6e3d4525393
SHA256 1225eac2e767f642b0b23909bfca6073f08cc3e7ddbaaab2797382153d7da852
SHA512 d63b606a7ea02670cdede526768929b80fe2eb580ff1d43acd09a3c7bb1b5ff9d06ccdc31a6a61ea218aeccb8bb8d78fc8d0211b1e1e182c2055acd245496cee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 33c0c733b6ebc2e74969ef17176787af
SHA1 adba74a4dd360a317d9ec73a37abfd3a49d3f8a6
SHA256 a4f72361868cca4897fd31fe49312f5e63c8e48a5345253fa155daa4d78b73b1
SHA512 65ae7179a2383637664c5f85f1492efde74e8ed01fcffc074d5a0b54db69331be6c4bc874ef561c2e8ffbb85227b38e7edd3fd89677b5578b2a497b5dfba15de

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 a0bd26c281aba0945704dc0aa2fee688
SHA1 17a257ab58f2a231aec460587ece8fd6d83adf59
SHA256 88ddb7e40c19939edde3dcb06296035b2fcc5fd53f7ca88e1a40ae31027c034c
SHA512 84681bd63d0a45deaf4a7e54384f1d94909cc94cd917f4761628eee9237f1b1dd951c499bb4341bd25afc2d36a689cf8321822fb9d17283b0d491aa8cae2ac2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c52937efbbf14f44e6641fa371c70f4a
SHA1 76530d93c342524315a88557aef4f88541847849
SHA256 5c49bf3a79db68e2e7e626c9b50fa2f294b1f4b324676ce5833a1f180d843b29
SHA512 30e89739630c2a4f5555085542c6abf661375eb61f1acb706717a206c27cbd1c629c64f8a3095ffbf9d33164a381b8127df88e4194e5e55fa6003797d2f57f5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7998427d4058d54b3b2abb3dc07f59e3
SHA1 c12e304b7eaab45718f87dedc65bf415cfd218e6
SHA256 7c612c712a3ac87055eeb761d9c20956e9a442a24f8d9c9fedcb891690b634fe
SHA512 ad1932670a06fb4f477ce21a88457b0e230bafb89b04c13900a3379d888ae66003b1790a3b5a4550d0f1f47b1a9b13b4f6e1efb51ffea5af926c570bf3ac911c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 372a92dfc9fee3ed5eddb3ea99b914e3
SHA1 e1b73c102562bd31df4e678d90da19f86f667851
SHA256 d55362b34b0f512c78faec174197f65157fd24b7941850e3749864b4e01beefc
SHA512 ede722a4da01811c42d7e4abd0c5dc25ec2c2cc8ceaa2af353ae6fba87b62e9add5ea45e21d64329587bebe5d56dec17c78ba4528b0c6dd71ac6165310f4b46c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0cd99dee3718911a799e8a0374f5af
SHA1 818b8abe700b50a775f06f8a3866449eeefdc767
SHA256 94ffad88376b1bba0a701a5c9826d9956a387d04622a3a187c76f8af7653ec80
SHA512 3b76e3cb42597ece1b38776ef91ae5e6e53738b39b8cbed2e6cbb4380a3de36f0842e56b3d44327a574ee1ab0fb00d7bc6a1917ffa246284712620e2ab078895

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7ebe2210c048810aeace0a10554d24a
SHA1 38a77c1783d371aec0b3a566726807ba152f8e7d
SHA256 a04496cc431320cad2394270e30a7609232d3041ae39131ff65c2be4daa68daf
SHA512 c574afe824ff5bd9bf6e7a0f1fa6e2dc97f1803dcfb8f429103de5e49816f9e0e173a08cdc3455b050d81a27e0b895278eabc2942e537562f98f480ca57f744a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4106c1c6d993caa2b474f5258bafe967
SHA1 ded94623bff386e29f3c3bfe42ffcf119a55befc
SHA256 e12f05a1c2e07408bc0557141e8a4bb95003ecab43e53ce785a4ea5e56749481
SHA512 7555f13b8c584a7441859ea67667130b03dadaaa2f56bf84cdd44f380876132edea678d17020fc51ed83e5f8c5f84cb6fc4ccd396dd54a04b0020061931725a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0408a6ae0c575358613faf8dda141092
SHA1 bc33d70db63fdeed4b1f2be0a366807247d49ad7
SHA256 946e46e49d464159ad77c909f2d9d2fefecdd8efcbc7e07ac088cd970401e34c
SHA512 a40b20d0719eb2635347b8ed8e13621f1d4aa3245de0e3a8eae9be0212d089d6bdf3ee7c684abc807368c016fc74d5733087630adf31514541d9e602e427e359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83a3b631fd5b7c3e8ffbcb498a3097a7
SHA1 57d17b09061f2b9d9cb38b0351086f0f83a1936a
SHA256 6b3de842002b01ad7ec6466c54d84fccd35e951a8b3c9320484e73e117a5862c
SHA512 3d43ecde226b276a5039a97b81f05584823693c5e7a34d724b38c68cc45b4f304a8d315148f5863d26b53254b2116f0be8c61dc60238ee4d4192be740c562427

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b59b3b879cd525e4444fd4cd01c013f8
SHA1 740166721609eeb96da564ac37b2457e6fcd00b3
SHA256 5ce0cffeaab20963a914fa4b206ff7b58fccf3a3fa5a521f65b454ea48aaf2b6
SHA512 7ee00daee60a5688b713752e0f0b42ad9b0cce26e354e83ab1a4df910998f49f5785abefd5e2b645405fe41278b915dcf80fd8090406ad7f5c2ce92d3c4f7d90

memory/1640-849-0x00000000007C0000-0x00000000007C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6ceed0c88ffab51ae4b831f53ba82b6a
SHA1 3f6500fa70a8f4fa4506551868ba008b23e3d6e4
SHA256 6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9
SHA512 0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1180_GKQWWBBNNKTTLJMF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7a2e597a3eecc84f7dee87baa52dcb35
SHA1 5a791412b5d59f5b898dd8941a0d5b7481349099
SHA256 6ab9b3d24736ccebbce886c7342afa744726c8550dc1de885edbd4d2437d50bb
SHA512 f6a473764ca7aaa5f48653e5e7b6a641b589af5d90331a882ce3e799c1a2527dc724007ed87ce79ec317a43ef2a76f73beb331a607aaf92d500b5a4f29c9abfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9b9bf2f35f382759cf4db939f470d039
SHA1 83114e07786e27a83f3df034d38096272e80c26c
SHA256 6aef3695861edae3c8834b3ecc8b04f0c0ccf5d6326c7eb944fd9cb89b010090
SHA512 6b4dd3d3273bfe0a0634f1fe6a2d300f9b063e777dcdb65eb3a7ef8e73068f0ebb99e89eef70c42026e12a7fd540ad2f09bf5e5b77dc2daaa694d496bddc0d6f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 f6471ea95cd9dec2a2d2735a8b89fa14
SHA1 51c9ba99c005e6d17ca8aa72fdf71af4e97f596a
SHA256 05d70b47c5c45fff9b7e3b6f43a296fde4bddb291d2d420dc861042dbce80e90
SHA512 9493952e6760d9c104f1ba81e055e13008b5e1d053835f94b6cae7b85ee611f21680ba50735de26d520dc64e6bacf561a067f6be0348c10d9283444275304e48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\979b7c9e-4d19-4681-95cf-54199a680d6a

MD5 a3bdd13ce38a71e82f14cb0beb2c860d
SHA1 a0f46cae4bc7883a77a052c78cf14d949dcc6d1f
SHA256 f124129befe386b5284a27c38fa113718a3cb4ea64a5fa75e2515a4c5a9eb9ed
SHA512 71959a6976df4c7fde2d962d633e05a6b0076764d31546d6f96d1b134b35a028da9d92621b47e99f52f8fdcf9d9a99a3ae307a881c33531772013c74cfa31086

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

MD5 73bff8dbbffd8f66b748ab512c3ec05c
SHA1 8d01aac404e9076c2a75333b8fbc10f14839b6c2
SHA256 0f725bd52a2b945a634e55319830e043f40c6b5c85638517592e5baaa1844c2a
SHA512 8a6d867779396c6075fe61918e2e6ce206ce2c0238256b75140cd6766d22c56fe3c9ecc7dbfcf6565530619a6a6d7dc541121aa57452cf555fd88ef320d8b713

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\09bb5eee-4e18-41a4-b3ec-a52d4f660650

MD5 0d461ba546cf7856d63c864f70ab227d
SHA1 51dc2fd3e0bf20491794e78eac37f7f9c7430327
SHA256 eee0294101e1b62650464d396919914c4218d0cf3165eea74a66b10bfbc5c675
SHA512 90738905a0bde9c4334f4e92100acbcfa06f82cc3f7391c7156547caadf7741d17f35f8a1c216bfc05979fee6aa37e2cf48a2d78d490d9a962783b3912fd8594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 a89819593d326e7891db3102487f18ba
SHA1 e8972c883c57976a6a6e676a08b488abae9c82a7
SHA256 07f033948e887c74df5ee50ae72c287706f58e17a5b9e62635c2d3bac3f02558
SHA512 642c680c0813b4760442e504a8ffcc4bbec65c9ec22608f608992c6393fae3525c00709e83de135511f14709ee51ac82c662cd1b26a5f45f9f2b14ba2590fcd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 0113178bc5ae00735f18dfa81ec6645f
SHA1 b4935e7ac9c639ac709262d69a15d0a1233f126f
SHA256 faddd603379eecd69ae7fc7acb713447afd75fd4f46bdf1b32c73c43bd3435c7
SHA512 64948388eed7d1631f2b110593c2be7d78eba94bb03972e68bdb1091329cc6334be4baf4dbfb44c4a0c63a3704e7e5fad5008f0693abd2d57e920efc8b609a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 eaccd7cad61decb0692d30a02c11dcab
SHA1 9eb7ac5711450bd56d66db04edcb5fc6f886abc0
SHA256 172d0ce7c33ed58d6a02cb80d3813eee9b817cb7844ec58c0dbe58105d14d578
SHA512 1c77dcc702707bdbf3e73db71c6fcf5e39a15991f3273987c065f0204e9041b612cde292ab5160dcabd9def1f2c467279e5c5b0c072fc81080b4d886eff37c41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 0d35a53ee10b0464dcbee4c4fc1ee83e
SHA1 ba41f0bfb174b4ed5a105730438460bdd586eb17
SHA256 dc875327f6339d032983bb506aa4b005e4444cb7cdb2edb61eb9f5fdcc12612f
SHA512 3032b6646490151873eaade8a314e490623c60282d06b8f918f2e4aacf24fa2f4a4169488bb2dcc0727a5c84d3e200a1896f642195a9af2ee064ad812f0bfc38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8776772792c14223060190f50ab0fe29
SHA1 38fe70dd0e33c0b6f612e10518c895a0eada2590
SHA256 9f17afea3f80ef43c187a69cfcd8d64a3475580edd66312e9e18a2c237d514d1
SHA512 125ca6f56b1f70c44f8650c18712e66a3ad04de4c12b67df411fd417dd7a8ccbb1ed9e70edb57ea4c52ce4c81c07475d7f2bb22012a7b30ba136288d37f94b29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8baf8f681f139db2dd7a0db0997a142b
SHA1 df0c8d02d362e60e764053fb39714571cb42ec64
SHA256 f9b8def044bd2a1b4d165ec4bfc855da6a1485232877d92202d9a8df8d228afc
SHA512 9ae6706790e55a55e112e06aec57486145e6b0353bb7300dd93fb3f1d701f9658ae16df7a9f57027b197564cd3cd5dc74cb681b18fbaed39069cfd987c458107

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_DEFE6B99A4F3DB39CF646AFC270A09C7

MD5 55e01414d80ecf6eece51ab44b12328f
SHA1 6355b24f1391674d2e5b7b661c90d43e15347c89
SHA256 8c0cd130e449c049237473eacc451fbb6f094ec6b4e9184ca5abfe3e7917b99c
SHA512 f7c4dd32c12699e5b1b67c1190e459fc2d8a90adfca7928e7f3fccf6d2f8c795cce74ca0cafd7cdc6ca316004d4a6dab84d0108124a4e308cd66d9ee3243e165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 65c8b79e6a995712a1cfc3acfb7d495a
SHA1 1985391a9d9c4bb47db30d8880319ec2d2f8efeb
SHA256 a0d193596ee26b772126141e7807e39a8bea47ec1cd75d4e131e70754d24c189
SHA512 b52587219b76dd0c75815bc6c310a7f96ca5ede3915fc5c379bd71a4393fd8de15f30d071fa1d04b4801c8b4da51407830ce7fa060551f9be3354622ad4184fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_DEFE6B99A4F3DB39CF646AFC270A09C7

MD5 a1bc0c89980df45009d5059abc10e029
SHA1 b674de53466fa394220e040d1fe9dc8392e4e7b6
SHA256 81fb4bdc7b9b6a0b309454562682b9990449c8f542ddb86213a208b01101a997
SHA512 58d4a195087a83081ab244f347cdd5c76a3ed281a4a5f58b67e9c662dfc09c0447170d0d31af160a1df252d23f9f6d04ecf658f0820504b29987ed05bbab8d84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6358a4eb6a9f3b6e170f09ccbca4dd00
SHA1 2f5863db99069c4e9ce95a161a3c2084e16d0379
SHA256 3469ab5404e0e022e8aa925d9831f878e6e4b2e90c5681befce0d0c047fbf24e
SHA512 6848bf369335ae54838dc1aedda605fedf0cf679ba488a39ec5f83a1b6ebf95dfe14dbe7dde568c4f122f1bef814778669e4108c3f99c68f10c687a4bf6e814e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e8aa.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 36691068adebcfb5e69c5879cc32641f
SHA1 9fd60ffaa2ba72f96361af998e242eff9a250998
SHA256 163117c50d9715a221ab1722f4106b354bcc231e278c4d49659e7dc90b96025c
SHA512 e0190524cab9ad8b5828dc2cf1268646734b90ab3510dad340952598807638989569f7c6cb58f832f7ef173e50c14099446ab93f6ce7e045f81d1a1e3644c7b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1bc61ac33500f04219161456933ab1aa
SHA1 4810ebe82162d28b99a94579c7be6c0b9c5c7d92
SHA256 4b094d30a689de013ab0be61f9a626098edeee59c47ee8c663952e8e2d98ce07
SHA512 34811f604150bb03cb38bac3101b9fef814082ed81d7ed57851ecb54e8d961a210f3a72332a5b21907741aefdb4f6ea49c2bacf46a89a81a0b65118ecc119c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\110\{e0232299-5937-4338-ae16-6c41e7e05d6e}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\idb\3826340786yCt7-%iCt7-%r1eds2pdo.sqlite

MD5 8468a7cbab75269fcb2d8cfb0817fe8c
SHA1 84e6f93f40433bdac901a03040770f7227098787
SHA256 a18b57236d58b86cc0b2ca43d78a631fee5398d6c5e3294329eab3dd6e1c72c5
SHA512 40ed720058c58d97a3c60088f1f99cdb8bd6890944c348b5994f5ab6715f2586a2aaa2d7fea07114e33a0507833a4b0d6337353e13e9d8dd2b88eb8e9ed6c9da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 49e54697f4b996e6907435797c036759
SHA1 40aa8b8b02e800c45c1aba413796318bc80ce858
SHA256 7660abff172e62741cf33ba36bb59764c0c600e0f594fc5a9cd740e2c8ff55e5
SHA512 0e60dbd19cfb683e4822f16a84e7eaf824e8c825f8f35326bf211525b713b7baaa8989e70af0a0ed076f52215867842f8367a47c4042ab48cacc59d39cf6b31c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 508d3c89f3cb6b06e569f2b7b120be36
SHA1 d40e6f4d260ed596f8f13eb595f371b772307c9d
SHA256 12454fd68d1988c2763718f7952aead9f70da2d34b8f282d94bc401d8277bf26
SHA512 773967fedb1c4af6f2c331daa9644af2d5f612ea6986216154830cc49a27aaab2d7addfeab512f18a12acf73ba3b0d55533c6a8e5dafad35a6ea75343235b77f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\240\{33e53e49-a64f-4805-a409-67fe6e9b59f0}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\default\https+++www.youtube.com\cache\morgue\117\{e2e9f8f7-f7a5-4967-9051-4a4559174e75}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs.js

MD5 ccad9a44405d6d995f3836c50aa35a66
SHA1 aae13045440eaf06698ff40c5beb1ec4fed3f6ab
SHA256 c1e2db718e90e40af63876046b6f993ad12919b831c70050346008cda9141866
SHA512 5c71818699c86385091e12148bb3e151852d4dd646c23f9066a8f7a8e3bc950eadb19d15a9969d147c566b4d91bce3b4da5737fcf5e0d324b5571e3e4edde61f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4353ea3f1b6125b4b2efec44db3b8959
SHA1 87a22e362be3b1ddb7de17fb6d78029afa19a121
SHA256 9eae09bbfc16e1e617d41d63346a583650a27af96a979a43bd3355d1fd5590d0
SHA512 978b75a718a3a2a9c33348ecca6943a53caedbf45fb4c0d039ce68a453bf795c3c336b9e0a9652a47df3ce967f8a7ffc037d68d6a3b4dad60c4b3396c9ef16a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7974544f003ecc4cb568ea39f2f95cce
SHA1 402eae6f7f5a9bab52eadd501b08fd4bc5df1f74
SHA256 c31ffa70498316c03edb72ecc229fb9e39b651f1cb5216afc5851f60fd3636ac
SHA512 8a64a8548dec7d662ed201a852c6a6d4ae924e5daeee55249ca7e0c80df75a73f127f1be707d2584688042b66e0bdb6f4985349111c89d6c173f492df745cee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6518649d3d65da7d636d76b61f8e72dd
SHA1 9c20427acf6f95596f233baf5203996c346a0cd4
SHA256 0717ad1b19627c7fb966c64416f8cf7c36da884e89a969c6f5b4898b1d700610
SHA512 f4ae48db1c9086875db8dd1909999fc7a3b9cc15ee600d9f622799448d7e88607137e83e3399919acc286d45fadb08b483748587ef0a6290f342866b37c12f4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e1a6b4649c01b6c314ad1c0113ba705
SHA1 4ddda2387921b26bcf76efa0679f028b437e6843
SHA256 135607af2eba2df7551d14cd2c82b9b0a856da702bd956d88e0f908b9867dc86
SHA512 8da6d169441099be5cc1cc9a3ab98b811dcf8c5c795f41120f74410453e7417c7ace39781c84326a070f0d4cf05f59142e8c39c63a53bd40cc3583725d5c439f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbb87b9731df331b29eb090b45b03b7f
SHA1 92be95a4bfcbed4d2a414673c44a9cfd695d0d34
SHA256 8be2387640caa99645e62d4e29c8dd76aea4528a025084d919791e813f503842
SHA512 6993b18bad30de6c5472580450d6ff5e223db3abd3b93de44ec6537200a494d5d89ef3dde04420940f4aea8dafd5b3d86f22c8fc868ca6214821863cc07d030d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05483281dd2d1e93506cca59cecbd72
SHA1 86cb03fc33bec513f5f65a34011c2d47eecc5e0e
SHA256 20ab1237a42e66798082bd3b9e70f4dcaa80076a5ff28871c4988b0075289413
SHA512 f60253a17366463910fbb46b7247cf15e4e3ea3e2a0ca6dcdeb3f3c374aec2157c38316919a5f9aa8021f10947e7227c0ae568b6bcfbc928c6920075d8f31dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c027afcb4570c3cbdc0626149931fc90
SHA1 e1ac9a32204da3b7c07726288751330a180b6d98
SHA256 ea9674bdc2caab592c9d2474f2a09dc1985fd0ce84f991110aca78b9b40bf25a
SHA512 0722c6434fa2fd40e48d854b3f51f6a9ecb1fac1270007d4cfc378c5a6bcb2dd89bfb42e1035935bf70ddfcf57173af97cdfcb10f7c89e8d5141736e1103c272

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 761017d538738ba158af8e513d3d26c2
SHA1 4acf0ebefab9424820e85cdc825a2453c92a78ae
SHA256 99a35e6b3525e7ba929c8606a51787068398e1237a3feb7a7022d2592a37c4c3
SHA512 de5e6ad04ef595bfefb7f7f4fe93b71f82d424d7db1d6956e9ea6fef187d2d80644e496bdb41d75ef74beee9043837b7b7eda9c6a6d081fc8ab8ca7fb5ba686a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fca8d223482df1bd03a6c279a1284ff9
SHA1 8a3e742f3ed47950c87db009eacee4798c231bcf
SHA256 bb6a74b1f17b5bdfb1b35fcc00daf5e56194c848792845945fbc8a76825b3690
SHA512 0b3a5b218294aba24b8a1f98285880dd68ffe99b8494d7aba3b255cd2cd29e4eccc5be86469a55e607ddde7fadfab7fdfd13936b877f3f0225e52ec518b1bb05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e904f9593bf66ce67f378c28a7fff4a6
SHA1 61d776b6a8485ac01f8c4dbe37fb998f235fead9
SHA256 e757b0dcd4084255f7d93eebb3fcff65571f96016611a117b6c2b1cc7d4743d0
SHA512 e8492f336f712f04359989575d8875ac05fc80fb96193110d4186dd6929b6f04d96138595625250e260378348c038ef8a81614783db44eb755e452ef38bd6e51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c86c7aff5f219a1f1b564dd5e4ef4aeb
SHA1 e727fa79700228710b12e668c55e9e62fe6e5ec7
SHA256 0319c6ebf865153f1f6df015ed37dcc34f9986e90b303c888645b9faad61021b
SHA512 2d5688bf3f46861052c2cc9d62c6e8f015e459e8eab489c91f1b1332fe7a33d4b2876af14da528c0657efad8a951a12ba8b1575515265a8733dd362dfcdb9326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1513b4780474078e9f188d86556f633
SHA1 499a04c60629a0e05ce9439de2cbbd23cb37037d
SHA256 407ee5c9b8211098d4bc8de15721d603e4b67b352502a5c80428f7ab2ba707fe
SHA512 c9bde2865c09e6d73bbd86c78541e47815384efab2d5923eceb408bf5d642f82bbb63b366533d494aef77ac5f6c5fbcc04031ac3fba322cef476865cef9d6a57

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

MD5 76bd0ae98d14210ca90a25af97e61cbc
SHA1 099d977c2fffe4159bcfcf6c931821e234dc2d69
SHA256 f58aefc0eb394ff5563b02220359873241fc34f192b99cf07d3f87c0de0c92df
SHA512 23725f75630cfc6b98c89dc0628a059ff27ea6c94ac9d07281e625109277d7caa255b33afa72fc2c791c8f5a7287084f09a7dc11de50ac6d10b3c22e58d6b12f

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

MD5 72eb0c1a2ec8b42e5b56d3a0f0b104de
SHA1 5e0b417b29ec58f3126750a4fae19484aebe29e8
SHA256 40c4418a6fae37654d001eb4a49a57be18f6cb73bd63ea91f01fba3c59f5f4d5
SHA512 a7cfbccac3486417c2417aa32b7ed093b4424c613afef486f3a613e6ea8d5c230033f36fa2f1c3fa7de85dc14ebc6217c39033695222302fc9303784f672b958

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 38d89f4c516363f85311dafa22da113a
SHA1 5f0b674ed05c11340aba30abc7e42aed62459b6b
SHA256 4408c39a28c482b70784a7fc97452594b593fa8def75dbeabaa5cf3fe615da55
SHA512 e2edc5209a1b2ead9cdb6dc2ee39cf97a0ad0a1e08f99215e2893c65b3c536f322408848431e5128c747317332375e77dd027a85f331899e66f4c0c8d374fb96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\220f8de8-c75d-4fe8-80f6-c9364de2cbce.tmp

MD5 b1c8a66cfa3f047a0ec3b1b490e0e4e3
SHA1 a7b938b388fdf77a6bfa33f0e7fbcfaeffe621c0
SHA256 ef692d16de1c8b14b4ad4da68e4360584b7d388ad4609ed30e21ccbcbdd58a1c
SHA512 e149a90931c0651b08287711aef15f168ad16080504fd5c2933daa85b04b23306565720677b4cf55ceda738d91241f509f9ebbc2ec67fcaa8a45bd5c75630133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4fb39a04add4279bcd4e3f69700daaaa
SHA1 392c2a4b65eddce63d4ae876180c026b2c7f4bff
SHA256 cf7040866e25823a61652dad85429cc9c5a23a816bd1fb0163d819b1b410df30
SHA512 217772b245991dc8b6e5958ff282420a1fb7f0d1206bc00414b19351087c5dec7600fb5ea6201dd21eb70eb4b584d23b9f4c52a6bbb8f715e240603beefb850d

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-07 14:02

Reported

2024-02-07 14:04

Platform

win10v2004-20231215-en

Max time kernel

20s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4852 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1044 wrote to memory of 4296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1044 wrote to memory of 4296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2776 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2776 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3592 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3592 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4192 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4192 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 3124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2532 wrote to memory of 3124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1276 wrote to memory of 5056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1276 wrote to memory of 5056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3928 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3928 wrote to memory of 4656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4852 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4468 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4852 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4852 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 872 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4852 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4852 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe

"C:\Users\Admin\AppData\Local\Temp\dbabf8b14232ae17b7a3b621295064b846e19fd35579baf01a175a98a3d0b624.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb791546f8,0x7ffb79154708,0x7ffb79154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb791546f8,0x7ffb79154708,0x7ffb79154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb791546f8,0x7ffb79154708,0x7ffb79154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb791546f8,0x7ffb79154708,0x7ffb79154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb791546f8,0x7ffb79154708,0x7ffb79154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb791546f8,0x7ffb79154708,0x7ffb79154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb69f49758,0x7ffb69f49768,0x7ffb69f49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb69f49758,0x7ffb69f49768,0x7ffb69f49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb69f49758,0x7ffb69f49768,0x7ffb69f49778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4420828381739677266,13434149147781997927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4420828381739677266,13434149147781997927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.0.1165318180\1577184930" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e6b29b5-8b81-49d7-b023-630f7f1cd8fb} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 1920 18b64a09d58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,10680656617531626321,18388486205589005983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,10680656617531626321,18388486205589005983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8652328443579020482,7251361368516318382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10834223194999255176,13439884318774493922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6035824180027830068,773218918740270177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.1.1404193494\1850659101" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d135fc2a-2b98-4872-b066-c4d95ff61041} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 2400 18b635e3258 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.2.1472499834\1802926219" -childID 1 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3212f70f-e65f-4945-bfea-4d5fbbeca225} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3668 18b67ac8b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.3.1294393351\622239378" -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 21644 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93314744-68e9-43bc-8bb0-1d875dec9504} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3888 18b661daf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.4.1869387720\1744367757" -childID 3 -isForBrowser -prefsHandle 4164 -prefMapHandle 3484 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8369f5e6-3416-48ba-89bb-4e168ad62e54} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 4176 18b65f42c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.5.1246446314\1659636446" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4c5bba-22d9-44ed-aed4-ed7cf9148c49} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 4804 18b695e4158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.6.242818234\1014122804" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26d26d0-4965-42af-ba7d-ae7d2c57a36b} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 5060 18b69e82958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1992,i,3458695768733481550,16038776681283608890,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3840 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1992,i,14561108206480147048,10432280064761464639,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4896 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1992,i,14561108206480147048,10432280064761464639,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4668 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1992,i,3458695768733481550,16038776681283608890,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3796 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5800 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.7.819716933\1887044056" -childID 6 -isForBrowser -prefsHandle 5424 -prefMapHandle 4000 -prefsLen 29440 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0b30f3-d6e7-4bcf-8674-dc17245d9a74} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3016 18b56e67b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.8.1984592548\902121374" -childID 7 -isForBrowser -prefsHandle 3500 -prefMapHandle 4304 -prefsLen 29440 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ae9779-31a3-443f-a9f3-3cae60d5695e} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3940 18b56e6b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.9.797566891\1435715758" -childID 8 -isForBrowser -prefsHandle 5504 -prefMapHandle 3964 -prefsLen 29440 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456d6bae-08d8-490b-bcca-3a8a8bcc9167} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3112 18b56e59158 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3760 --field-trial-handle=1872,i,10900519056748193539,16961775511815951076,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,14387496421179133917,9830504665730355840,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6832 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.10.1150422780\613378366" -parentBuildID 20221007134813 -prefsHandle 6180 -prefMapHandle 6224 -prefsLen 29615 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53c04c29-7674-4f65-80ce-a3ce7bca3ee4} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 6000 18b69e82058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.11.635810519\1438272576" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6344 -prefMapHandle 6340 -prefsLen 29615 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5dc510a-c74c-463f-8cf4-51f2a0acea6f} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 6348 18b69e82358 utility

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 23.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
N/A 224.0.0.251:5353 udp
FR 157.240.196.35:443 www.facebook.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 172.217.169.86:443 i.ytimg.com udp
GB 216.58.212.227:80 www.gstatic.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
N/A 127.0.0.1:54151 tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
N/A 127.0.0.1:64726 tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 rr5---sn-q4fl6ndl.googlevideo.com udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 10.141.194.173.in-addr.arpa udp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 173.194.141.10:443 rr5---sn-q4fl6ndl.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.199:443 rr2---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.199:443 rr2---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.199:443 rr2---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.199:443 rr2---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.199:443 rr2---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.199:443 rr2---sn-q4fl6n6d.googlevideo.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 199.57.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4fl6nzy.googlevideo.com udp
US 74.125.3.42:443 rr5---sn-q4fl6nzy.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4fl6nzy.googlevideo.com udp
US 74.125.3.42:443 rr5.sn-q4fl6nzy.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4fl6nzy.googlevideo.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b810b01c5f47e2b44bbdd46d6b9571de
SHA1 8e3d866cf56193ca92a9b74d1c0e4520b5a74fdc
SHA256 d1100cf9e4db12cc60cce6e0e2e3d9697e762c219f6068eb55a1390777bf4b45
SHA512 6bbf900b2f7614dd17aa6d5febe3ad1100851e2309ba2cd5219c5aa5af7bf830eec2cc88071d37987aa7e3f527b8df5b2d85e8b21b18fcb071baaab1a2eadae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efc9c7501d0a6db520763baad1e05ce8
SHA1 60b5e190124b54ff7234bb2e36071d9c8db8545f
SHA256 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512 bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8ae25b226e0662d256cdb32f2777f840
SHA1 39594f82a6dd98b6e4a341648cd56e9efc6aa16e
SHA256 935b4cba7114f9adb0c7ae6acbc8903ec672ae318ac63c5d5e5edf857b4db207
SHA512 e529649b71c7a7fccaabc2833af3cbfc9bb15b66cc5735fc95a2bd741c502bd11af05853946d045a49d823e3f6899523d050fe7d33c485af5abccc8e2ca02e8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f81b95232084bbbb01c21a30c7fdc286
SHA1 f23fc2c762fb744a7086c561ac99a69be34b5a70
SHA256 21fa49b2241e2fe9acecea1a38ef47b54c82fc7cc44faf14f2b460c613ddc55e
SHA512 58631aa993a389c0a2dfc26e5d471212d7cce2d8eacf10115986f169b9322c9f8b401bdc156cd74510b63b5fa573cf7a7c30f56960f5b05e9a43396f813195f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acbc381035f4d61815c74161b3b6d74d
SHA1 bd0cfee3ea50aa767d858f0bf81a1627453f6e47
SHA256 1179658da3d8a0b1a7c49eb6cb255518bc5e61e9493c110291df3d3d720443ba
SHA512 a91e06e4f36adfe44e53917aaba56fc8a1f5e146f86b21b12d9dc547d3803169310be3a17bc663eca01a5eaaff7ebfb3756a65d3385ff17cb6f4112b4f400432

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47b815822270f138dad9914d0075d4b1
SHA1 0a110599b00c06961659677729bed8327764fd07
SHA256 89b52a063af759af812630627b3e53bb6ae37a8446d277ba88e4d16e91e16fa4
SHA512 67a4db4937f3bca9fe943fb2a83cdd77e6718397ba2ab1a0d82734938620e699ccf1baf86bf19cab22fa179100c8244a411202237c3063e7cf372825ec77ff4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa63c060403e7558dd6ff933418c979c
SHA1 5baad254e53f2a8b84e1321f6e32b87a61fb644f
SHA256 5bfc0610c082e659049a0b9ce93ec0404d96905422c37ec33415cad8f25817dc
SHA512 81602d0b7223937fb5954775483b456184fb15a8e88f80587cb2155fbe0268f9facd23d80495d70d15816ffee73e0af3110c0829dee5f7f77c81d0cb3eb25c20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f90d999cc2a2e2927726ef6026c1a89
SHA1 108c7f2525a43305a4f3bc32c209a0a77f6ec468
SHA256 610fed8e5c705702efd5f121b591f54bce8319ea0012122c401b86d9683eae6e
SHA512 d62341d1e5f46152e991e2f7a98d036d590741f2d15997971615021e065ab79b17d94f664d702b7086881efb786b357b62ea3a81c1bfae08e2b3e1442a79a493

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1618a3a63aac08d4f96c4d1f22251cdf
SHA1 5d916bdee5da8eb558593a23fa5604aedffd6235
SHA256 42a373dfa0bfb913cb7655f3df4730b795a1250f29b0cb106fdd3736ac736a0d
SHA512 f5d9fe073fff64212dea9c3d95ce6aaac373fc1ae3a078f46f2d12a63e694a5f094908cac581541f6e86d1454bd477143c05924430b4be471a78f9168c765acb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\d34cdf18-f7bc-410c-b915-13bc4348bcbc

MD5 a85b51d5fd1e461d3a88a90a69578678
SHA1 acc3d676e9fdb82413a311a63dadc054e5fa694c
SHA256 5e2d58f4012680d1df7860a7fc07ab7f6a5239b87cb4d4e6e5b1237698128096
SHA512 a13af7a8825f62a1c3f404f6bbca8599f5e0784aa3dfa4722351b01290a47b1d89e35572158ff3fce6c62519f2c8a7fba411ae4973cd1f43b8269b2ae34a35fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

MD5 593aa6509e9122902e80e7fff5aa70d2
SHA1 65be8d5efc671c8e6b878060012f2aa352b77963
SHA256 d9f1cfb320ffc1549be0212d6d6fa586e286989599d190502ab9eef5d2e64fb8
SHA512 4d4075909b9a86e2ad1e21910e5d840cfd068d3c1fcdeedda3dffd599b9d875d50797f38955db31b251756289a565962496c1eb8dab37af114d059c2747b483c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

MD5 b8cc6276d29c9e7ec681d8b565b75f43
SHA1 3b21f1e151550b0a0618a0d55bb92d2db27964b6
SHA256 0e2fe5d6d3fe183e30e35325bfb3f9bada0c3082661fd26baab5e9589e068613
SHA512 02bd4b351a89e496f84eb953ef5f80461735a88bdc3c20c86364c594ea747e7522a989dbe53c8ebe40b4a19e14ca7cd9fa57e9021db91077e59cdfe482081ddd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e7760596503108815e110ff5d64f4467
SHA1 5bf98d8facd8afdb32a2bed2782d29ec007b8700
SHA256 b74a4aa73cfdc5aceaf4a61dc38d7ade0b84599781fd747a2d26459b18675d53
SHA512 19e873fee1806e5b611d106ff8f4c395d62847319e07ae5d289eee5b79fe749b794f17b2cdd5bd987401c4142b7c19aaf36aa765d6c9c64cf7406bd76f77380d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97e7fe51960278b82bc02a0fb88aea74
SHA1 5dd419706877f82f8462bbeee356940358dc3d26
SHA256 e371111f1f80d07e6068a33c7e16981109bba74f2952b331a9b298ffe8293621
SHA512 c812b2b894ac97eac14292a76c350d9fd65d3fcf692cb7c422b15940bec4ee125494214fe741c4474d78303d40d53adb115c2f731ff9442880b19bc44cb51135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 33e71d0954e11c447e091a774223408b
SHA1 fe8661be8ce9dfb90e1420ec3187aa46ee5a7b2a
SHA256 4a2e7fc36adb76f44d3721b94b66358717a668df1c6521358c54219580aa612f
SHA512 e7d3f52cb68997be6419fbcda40bbda5b201be8272c3e4c4075adbcf54bd86f18a8c9eeff760d73f6293d9e1a660e1b3f29d286fce1b93007024787c466231ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45fd81a705ed7a28190e13969ead8ccf
SHA1 53b2a4c2ad2cc7c5ccba775e4ee607882168f7f1
SHA256 a56a17dd3c30003af597762b94148a1aa3046e9f0a7e2f65fd5114c4fbcbe5fe
SHA512 fd52e9982fca06433a308aea1491f964a027082d6024c93fb77d178f66305f44c470a9f3b17a675d5aa8664b4005df19f85ef659c20fcdff6344e0624f890a9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4586bf49aad68fb29bcff1eb517bbb68
SHA1 cf849b7e4c952c398e073aadf35fce6e5da22e5d
SHA256 72a7d13d561b01ccdb4f618c5612dfe58c4c8e0b0528d3c47937a716e1932f9b
SHA512 de7499429123d68742a19e699ff3fb29290aebe176df67b86a988e5c7f1b2f8b14403b132cbef752e890791d2ad75d961494f39045a8306de2d759f5e3f3e56c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 121510c1483c9de9fdb590c20526ec0a
SHA1 96443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256 cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512 b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 06d4cebc96170d10d07a70e7c2ad83ef
SHA1 9f425b69dcb8a05af96aabba6ce283b2ff1b9dc5
SHA256 f3570546690e9cae3a10282dea1ae5580ed46ee12451d901881d66fd1f1720e3
SHA512 575df7d7591b3f00d020633b808845929f6f443a50a87ab26e71e958ed458f86dc5311d39eff227e4c4a9a4e117eab5172508ed083b3c4f00e6fd295cd661dc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 ca250f45f36f4a05189f7333a00dc5cf
SHA1 98b1d7f0455d5a3b3dd3bffbe5daca74405f96ae
SHA256 85462d55a7ec46065a565cd4935263916df44bef64f8c6475a1c7afdd8795107
SHA512 fe5f3e6acd514a3c8a0ce33db831457a70801bb242b1cdbca59a045ed3475715cd877ec8fba1dd09cb54f5d2d94dccb478752cc39878e57415b31fd79a3a7d92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 32285f43af25cf830ab6440997697e09
SHA1 7efbb132a52d29f46877487f4dd576ace33711b4
SHA256 540030c006ecd189f2853246fb959691cc6d3df5c4634689d07e5df6a6c97f56
SHA512 7bee6e1d00e16821e52f3d85af8bd3f6fc39a92563329ee56e64953fd94696d5931f26948dbea99161a0a3a2f0c080750eed86e7a6f7b84fac06c0494cac675f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\808c1c86-b2c9-409e-bb4b-4a383daf2ec4.tmp

MD5 adb2e7f5b06fee4ed3f341bd75fdbb37
SHA1 661d9970b4fbeb03c81b3fe5f9dd21f2902b9919
SHA256 dd4e63448c088bad930c30ae49fcca99291281717a87294060e723ef2161aa41
SHA512 3fddb0814577f43d5ed02d231374bc4d4e74862cb46082ec9a9fa46950a8ed7702fb087bfc5ec3111bdceed1f157a38db6dfa70cd917bd866e39839730c05b5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 51f548fb5b629f3f6b2a0eba4015f8f5
SHA1 d3deb5e92fd623b504c8d6dc6ec6874f98def1e7
SHA256 97a7ff240f9b86af2275a55fbb2194f325f7cb0ddd2c71bcd41bba3659eee2b0
SHA512 c11eaeba60b9daae5a8c0f0ba3450d0f101c462050c691d42410e3f953d635063624a0384bccab49c8f1976105e4d1785211a14aa1f9f9199437e1fba0a64e5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 399b1a993de307e1c630ab0fb575d2c3
SHA1 0a0447e448fcb8c17642ca7a5e7bd07d559a4558
SHA256 824bf4e87ecab517e141da54742bb3a873bef8b4f2609b0c3043f79d5d1c9259
SHA512 f1e01dcca5fae21ed55028d4af53e7d40f2b16bd4d97278d6653907896c45752818dfb4cbe580e9f889bd754aed2b6ae8713901900496045e1dbc56b387d2e79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 003e9418eafe25f5391df4baa3da0f43
SHA1 06aab3d027d721e93dd71200f05439917a453281
SHA256 d17784e3aca8b85664e7b60ad3c0e8c69cd679efda1f2312c785a65b787fc496
SHA512 ae8879bb66b105e10923a8a32036c308a4c7f7121de2a10827e2ef75b19edf053baf9b42b17add221b1449880e6f3db2ef414c19e2bedcb323712f4bef565207

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1276_2088066070\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c00815a83d8e5bc11c755b308f51fb6b
SHA1 dc21309897a617bc28367069bbd8608f96dff864
SHA256 e9a785058ded783649ef4e3f91a7bbcb784876b93650ba6d170b7ddb5ed5ad9f
SHA512 2cfa895dd085b46e8c2b33d4b67328440032d54edc29ead208634567203a084cafcaf4541e66f34fe25a2466228b0014d4d5ff5a407194833eb719ab6400ad96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587877.TMP

MD5 c5dce9b3d46bfca62c586d412e081b7e
SHA1 db169edb11123d1792d1dc9b447f51f3af0be179
SHA256 f98315b19fe9fa1d348961dd3baec44a180d6d17c9d18cf8354c31bd46d12885
SHA512 bee01dc6670dbe5262e703eab08ad6b5e2a5079ee42ea485127ef06c775b6c290871959758e945e696c4e66721a392670441428239a2848b030062232dd2a6d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1bc3c29ea2f39cba44954710faa2b69c
SHA1 0e513c7d35c0b27aa5bbabedd85ae1b337a63220
SHA256 65ce09bfe7e3d4d66b73a02da976eba9febfa56d1a16830562ec5ebebbdfc9f3
SHA512 9bbcd52ffc31a55c4c84b58a0bd7d6f2f7f283ea692b13ff0d57b55df1cebc8439785d9aff7814a7d0f4450f74dbbf265439629802ed5fa413d539a76100a1bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e67f4caa101ceefb59f34872afb9b00f
SHA1 f73305f43ccab56f1ef58d3420916683c3741320
SHA256 03b5dba9dd816c4b678f96172faaaa65eede4a070909bd80edab22b1700c0414
SHA512 2d7309ff81d3a4606608e692bf63584be2cd6034194743d86899314f08caf5fa72d911e46229e1bfbc94d80c50d4572f19f56b8afdd2a3cfd3a7ec7e30c18b92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 528df6a1d2fa865f166f245b8722d882
SHA1 1742cbc80899a4945ba745539bd699d60f854a84
SHA256 f9e56871acf465831b50e750c6af508021dde229d9362056f77a408682122427
SHA512 bcfbfd93a15e43378063293a9a4bd5cec8545bbe9cdbdc8b2e141e78f8eae6d0c6c8a2427187caeb09e26b571393125cd2b3f841af459b6b1463eb3eedbe5d67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 5d077a6fb358ed4a523cb9d6a8591775
SHA1 34a9d693e3201d917ef2a558dd05ea26a3c8494c
SHA256 fac5d10af61491274287e95146cd62548df64d22bedabca80aa9ad729c8e43e2
SHA512 4f93e0c70309cdac981cd2a6a4fbb46b546632b3be13c284eedd36f8428518d0cc0d44fd6696b13fc0056026de82a0448e7f5ee12ef90da1c133c6b9e24b1984

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 34f7030ba4897185d94f8be7e585d57d
SHA1 f66a4469b1fa98c9e8c570b8d70f6e581caa0ee1
SHA256 ab4766f251c8afb12a382c67cd2f3cc3eb3f1b874d5ed9806d3be6776c4e7aa6
SHA512 28d1576965e226a677630b076693a612c1fee1ddff41617490ca89a4d42acec9ee4d7cd340a33fe2568de81503a1f061adc86bed3b0b2ae79f28b93a4f10c838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e10d4c5df530219f1bf4998fbd8580e8
SHA1 3960cb853746ddcbfe2064adb890c69249c8d9a2
SHA256 326a8802351bd9e171b93541f8e01381a7b35aa483205316f8eeaeba9949c798
SHA512 45d386e88ef2de33300c1420acd256d15c75a6fb1940b9acce56a85f9693262f7fdcc159ce771fb737d7e387242d43005f13f2151f768da05fcf4a6d7d066ecf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 2b933b7ae0e064db6d6bcb0f4bc74eb5
SHA1 e33efffe3c38c74cf86eb2552bacbd81ba6126c2
SHA256 a6f6fe7fdfdde20a4bdc8511a0d5675d942dac2a6d0b33d719e8ddce8da6d7b5
SHA512 43613b7703ff73e2cb6050f175657b6a6bd06547e723298dd5d2a7d53090a53f376a95986502d8afcd29a3c3c1e488e9519e7bbeb46a809a5fa9d6151c6cf5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 7fa1e81b3425e75ca6781a38387d888b
SHA1 71a861fd25bd1eb9610ff82845661d41d5148a0c
SHA256 dc03d0776aa612f29905450f5406be5d327db469d065d1fa7a981bda7b8a0f40
SHA512 9357dd76f59c83d2b5a307d5ba23c3e78d7cac5527e30b558a398f2abd8e61b4ea7699da3b7b283260c30df59695285525ed1147bb9f36fb2c5b4b86b3757b77

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 037d88b811af77120017675d315d18a2
SHA1 de9737f72f957496ffdf0d20d46796ae6541f069
SHA256 eab9ddb33a440b669754f0aa11390ddf5c7729b3de3e898fea6b2b89ba50e477
SHA512 ebb3f9d354cae98f6e545f227b44eeba4f1b86db4b38ced387eded4e4abe5a8d82b7c55e88323ea25995d7e30c7c20276681fd069b442ba1a1b70ce779df5411

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 4c569061be2abcb9d22050952cc81196
SHA1 c26c96392a0deae447b419288dda078f50e8e6af
SHA256 d18d53e970a7cb75b5dee270d269dfd705072a5be97170a3802863deedf8a04e
SHA512 947d95fcce2abe99fe6d9bb55d9f9104a3107aaa80a3cdf677849ec8dadb649b86d48d73db1ac11e1558ecafb5f225248dbd090e2bc3763d185b53e5441420f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8701f49051886a16fb8142293d0cdc7
SHA1 ff83a3eeb9c1921b86bba3f33e3dc1ae3a1cc499
SHA256 6a388f5af5749bf33b5d734289e15e0a2598b4ffea14a93f1024e6a55ea0fe99
SHA512 756ec8c3864d26b43ec503fec5157b70915cee20bed1bbe997900c9c88e31d8fa741556161b92cb993279ed3274ee05d30315f566dafbfe4a434033e58976543

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9021df7632f9f720db39fcec158a7623
SHA1 e9e908f6cba154ebe1366ba00da0e5922f996965
SHA256 f8b15aa9c5778a739c92995f3c600b614b243c20cc090bcc2d3afded7e828f64
SHA512 294c127443dd568069f95eb7c56c69f9e801ad3c9bd2b931a044e429ad251778dc0624a70fd4e465b7dd0a9914d20fe9e96cdae2e4af3efe6f2452c52426e780

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6db1c99393c1e260b17535c9f3c7e370
SHA1 385a1f35b5000d194869d82d73f999dfa5411d96
SHA256 9a6332fd6c81c40c809ea16fb580856e3c2b7148d29b8b829731fe9932b1824e
SHA512 9abfed921dd96c78a47e5b945c3037be1676a9f27641f5d7e0b8cb45ee370b4647f1315c20da1a0beb6c6dcc80e5733ae95490dbb231afe63d1e836a2cf93569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 e634774af0a4d1bfbe327f0d89d39a1d
SHA1 a06f95532aadaf1111a05c88e9664473f319432b
SHA256 4744bd86ce54e605b8b537fc5de869b2a438e950e5b1aef38bf5af535ceca87f
SHA512 7bdf8e7231bd5add309c224ef0d3b45217fc307c86dac8a8ea45a8b24101b9853e95db40ac7ced7489028a93e9468bee1f7c868da5da6850d8ffe9a767cb2806

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a80ccd8b92c3cd50ba039907e2eeb6e6
SHA1 84c92e37a6a08b51b10e04b7487cbe9ba5e19a8a
SHA256 f56d9f942f6db45e10c799ca3d53dd536023f4f9ed880f3bb2c2e33036cb0227
SHA512 baef0f388edbee6b6a50d94fb6b335371e792ec0e25e47fe1c802e184a96bbff95344c2013c09415fabe0b8e3f135fee27e91fe573328f788023fb495c106dd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dfdc.TMP

MD5 ed868ff1e8c9e37ca8ccb688e47089f5
SHA1 69e4904684d7ea9beb350767fe10304a8aedaedc
SHA256 07a27d8e2cd1251b334ae332ff5c886d6005e5d8c481f1386c3e45faf27c10c6
SHA512 9c10c6b81e9e26a3c8256481f60b9d56e0ac0f5de68f391dd066ee03e38279a154e4913a0f72e10038625ec23162a6a3d47af2de79f7d307e6237d9a06b2a638

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69a2883315213f37ba7db7c53f8a5069
SHA1 38e247aedbc9fcd3ed0da7bcf2adea2aac95b706
SHA256 7808dd766314b52aed73378f5a4aad62ddd7b4b3771ddac732113471b417cfde
SHA512 a18f2af081c4756f34ec4153e1c4a824fffe549456af54c5744c4aeebffdee90b97cc33eb6e527c6b5cd907a6cf580dcd86e7c103259d6c3bd531a2229a50d22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 124b0ad7191a75c0b7bd030ab764e61b
SHA1 3b360cfaf87b471e16496c26797e03494711e6f5
SHA256 c101b38ff14007190d0dd984fdd3f9b65b4ced2980c13e0fa3762cfd77d388e1
SHA512 073af0569f243fbbb8e877ffc5c597c1e801be7c5af1be78f2c0ddf591c6cbb454f5ad650fe263060ed78242115ff5dcc4a7043d7f5caf7a09a7d679f00cd344

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\007E769A3DD5DA78A4096C894CDE895E093E7A64

MD5 59fbbc144f1426d29c0ae6d927ea3239
SHA1 bd4c670d3bc89991c6c3e587de3647c3a7072bad
SHA256 58269d0f98165c548db7a915aca051bcafcd2f09b6f7df0f8e83258332c13c0b
SHA512 32b45967e481077bed859ed4521a6c4edb5cd9d6f31dff8a2ad1858fcd7494dde1b620bccdf635de96426bcbbc0f8a12f10e802a7994ea1bd34def5d02cbb99e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8370492ad29ccdd4a97093fcbf8f7aaf
SHA1 91cf1d85c3f05927544e23aaa9b6a2edfe5285df
SHA256 e5cb06b9e382d0c486225d2c5385001481ec428866354e5ca21308d2359e5761
SHA512 918e970baa041378e9ceb2e242ac5b649e267a39f2bfdf7f4cc5422ec2502e47719fec479cfe0ee64aac43e5dd372c8d84f1e299ea3bd911f04f81efadd961cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592699.TMP

MD5 3a1a966f8d2b717bb47330277558bf67
SHA1 482836e0dd05e8308d83fe459e8004f9b4dcedd0
SHA256 992b8289190264582ce29208dfb34aa4de594a38da190fae044b7d2dfb5ce2e6
SHA512 9db5d408226956639ad50185ace5d2df28390c93a5e686c1455e780fd9ecb90e28889bd5105f24d8988f997759bcde69f511e43e5b185b13c94da296ba3c86de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9c9916c7209e0cb2974f9b74e0a744b1
SHA1 7fc26e8025ac0e7a343b889b5e23edd4ef2de3d3
SHA256 a6c2aadeb5bfefc87de97475b358ab7d32ba4df3cc24197424687469ea2f6721
SHA512 9e7d9dd82b39c401e830db54cb285ee65ccb38082eedbc8b287654a0bef4ac41554b88a6fb4535afbe68b4ffe16dcfa7918b835a8baecfc95f33e4115c315fbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ecbc139938096948559288d38637a2c
SHA1 e1a19b6a037404846dafd9f7c4046b16e9775b91
SHA256 fc144599bc93b3b0cb9cdf9261f993d710d81ea5d2938ffdc9e0303b61db9305
SHA512 b7fdef3faaa45231709051e24e294ea7ccade27d74cb95778f2083180077cd88f6d09a399aece71f9bfddf92ebb9c27dc85abbd0d7630036aaba5ba790309578

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9b56f397ee275bc867b4685f569a571b
SHA1 8d1932688be9e2d8005005dfe1e360b4443e25b3
SHA256 e3db64624270e67e5ba109467e9f0952b42bd8ddc97ff2716a520bf1f8c94b4d
SHA512 25e31bedcddd224bce04481f8aeda264600ba7ac7cc9b211bbff68c3899f0e17ea3df545498326775c7cd9eed1a1b141648abd6d6f80498b7d2402d11703303a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fba99d267cd5bc0cfad4f65e9eddd176
SHA1 73cd8ca2952a9a2af3e53d2d2186246cb7347fab
SHA256 eaa42cd1f21ea86f48f8e4d8384033ebf1acc0099b4b16ccdef3df3aa7e9ccf7
SHA512 60f7d184c2afc6c87a2770aeec02f77f0d46533396e44a504b5f6927149b65082ec29118bdf156bad66aa45ef4f0e9193eced122adb6441a290cbbccb3c8bc9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a9844cae4c25fe8d68b55739d259c7c
SHA1 c4fc5e670f718b8bd86be5ab27ae94c65d9b3978
SHA256 f806035087036156bc8faff29070e367bf4fe7e8a16fa9e6ec4fa55668842074
SHA512 d248537ffef5b465ce89a1006db16bfc0447ac5e8a4423bd4e1656b86be9bb62cb2a04b923fc206612f3a7b27f2d79df751ad3493993460aba1868b8c58dcca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ddcf2233fd2ca8a5e6e00e3cd77459f
SHA1 d7544265f10647f92b0ad358bbbcf87bfc3b3bf0
SHA256 7b8f6b3c0f376951c15f2fa3fe909c3da4530b30dba8c18d163b4e89070c5696
SHA512 bf18a18edcf5a2b8344bed63089a43d508966b41901c10589ef3fe09592aa9044c9cabe8eed1608f2a2b9fcccfb052576f88ffa87bcdc153e51aa20090a6e50f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc735c6690e1d8ca89c4ca67d5cc5c85
SHA1 a8aea0cdb5426b1dc9a2df0297ca7d57e770395b
SHA256 14325da05d9301b86ddcbc849b316123de494b4b567ebc85fa833b594b9295c4
SHA512 fcb21e4ad0010403a559efc8f7fdb1502a81d545c0b7e076a5729e19b9428cf60137684d2a1a50cf7bb41ea70626139ed2bde448b3c9378189bd63549f7b00fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 835f3368af2a0ef4c7248ff9aa88461b
SHA1 23180c6be2fb10f1ecfd0861dafa5d6c9ea6c6b5
SHA256 5ef2f2d63adffb10b6faa0aa0919783c2d479890f5e7da495f8611817218ce63
SHA512 bed428670d90e08a82657c4723a935ea68b76c016ee8d93e2f0bb452b8cddf321cee70197a67b65d7632938bceef1bf7820a8cbf1cdc775c5256f92e3189b0c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69800ca4e7562fdcd88c96c9dfdad65c
SHA1 ab51f86b201f52048b18f2b0c32c529cb1f1f652
SHA256 ade2b135ec9d59f74238dda483b54b4f1da5ba6723cca170450131be9cc1d2bd
SHA512 87ad45e7f9b1381b6769b806a8664e232b380df9971441166a8eb12428af5ff13d349a02fdffb66aa0a2a1f5a6efb7c8f93d679b04cc4f190400b2a9e51c6224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d3423909e5704e7329ea2afe29cead2
SHA1 ac6dbe1b46a69596a0919faf213583e09cdf2a67
SHA256 8fcc8b327c0deb9df36526ed995d781f11524daac9641fe7922feca942c39342
SHA512 d7a73468e0a57a3195cf2c94e30f13b3a3803dd4fe3b55a842738eaa0cede35fe2b56c2cd58de13a028d6451e412177274975442c0927becdee662832e10476a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 7b1ad3d54c67e01e1e67ab115ac2ba8a
SHA1 a99aeb37989363f93506cf635c41362225e39220
SHA256 9506fa898390c42cf736f96ffbd65b26842545e6063b325ff56fdadd5ed1e039
SHA512 3b719894431d1805716de619b5afb4ce74bfa151b84ef9d2d4eafa2510593f966dd49058812fdb1c3e3090de665b0802f508affa90f3e31ed46fd43becd45ad1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 16bec0105a3b81bc89513d54b2969ae1
SHA1 ba04da223ba0440624a2896ca7495f26805a2172
SHA256 85177ef7a7e90f9f18601a73f0ee66850704fdc7ba111389d4958a43157a09ab
SHA512 c15856bc343905319e1dacbc4aa0092d5060eb98bcefc81ee32dffdaa56c4f1e35026a0cbd872b59bcf4de3dd1e732365cc93d078a454881a20f636cda7866e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 184b41af6103973f1b61a1b7b1bbc242
SHA1 2e735e0e6678822f1ec2f14909fac9eff294fa21
SHA256 6eea16d87656d2432b0c599bf25e32a376fd2b2a9f91f3556dc7dd5379ab2bb8
SHA512 116ab6ab82a63567d0947d19bc99b1da9a7309d4052d2eb867c3afc5614f0a33eb2fe256f177846c4a069196cd10d131f95cf42fe24c622798682d7d27702b05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cddf29b3b0e723c4f5dc3551c82abff
SHA1 3935b05167c8b91b5f7d4db8cd74f0ab4b8ee25d
SHA256 175b6eb2c314719cec989ac6896155f47a4c22c221d30ddac15e044a11b6cb77
SHA512 8a3b26b5f5251bb1af76563a12c8b2ee255aa8dc6ca858fed1459c7adeb0cf9514cc4efb8b32d29bf4b600c117584ab5d02b08707516e080c619b1b08ffd2e71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8b2181b2aacb3e55dc88d5cf9841258f
SHA1 34a9a49934d2f88128d4b775203f10058407d16c
SHA256 bf7a68ba23c489df80ac92c3f80cf0ba46062c4aa2d71c75a5b40649bfcf2d27
SHA512 e1fff1dc5324c884131d7f084834cf71a4a3dea11200d43c2b749e1602de0ac9af4c50f2b82a14698622d76d0e5fe5edab22927b50a082f2e67df9d12770f073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ac4f497129d3c2ca25acc1e99ce847d
SHA1 cdb5f3be7bc6a8826bee251bbf9dc2651d8fee2e
SHA256 bb6eafe723bff18d257b704850cf2ad9c9260499eadf87cce3b9433831e5e599
SHA512 d83cb802ec698541e3bfc90b38129236e0803ee4b18057d520ae64a6a28940ac446cce287415cc2034235a0d8cac7ae5c5112f226b604eefde439064544307cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c2784b3afd126f0b5f5ec7c36d982f8
SHA1 c239dab1b498c411ef6cb3cc2d95810c457a3f27
SHA256 8623f9ffbffa14e408aa99229ece468d7d2fb44b1a430df003d6ec94f8a15960
SHA512 2a3837f56082b810063454bbc6c1dc85415abc758769664294cf89d20db95b0c109e80dc44de9bc0446509190992bd4e285a746245207ad850d47806e8f9f7f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6c3990e98538c30f33edcb5b50ced32b
SHA1 a1fa275fd4a3b1c015881d27217a69c517a7c5be
SHA256 d061f9d32366b964f7b66474ee8a9c2f5c61f6c98e6f2f4df5bda6e2df557c81
SHA512 1e773268990d4ec4131f33911e2cc1eadb40184cc40788ee2db802f571f5beecd93ce615aa26a15c9923a100afac6b826e7ed4ef2a227794f2f1963b9fe6ff34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\24808a1b-c04d-433d-add8-21552c0e74e9\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 67332b86a890d3bd036ac67f8549965e
SHA1 b96b8d9a97a12c59f5e243f3641f56198f09b639
SHA256 0cf680dd705f78c2494027be340e5cc06f34c1341a076eea509c0b1d3edd24c1
SHA512 48a0c83b6ec233d1e8d05f3ea5e94c6bcb5f655425df24bce09485358e7dd2dac3ad6e43bf147ff509ec4608e5dc47081b625eed196d7b2eae9e836e0b73784a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0de6d058206efc66c86ab23de180adf9
SHA1 c9fb889ac96b277dbae8489dd3fcc334430faaf4
SHA256 2d0233c0dc9938b62c17573a9f147151d0753995b0825d405cb62e9580edc503
SHA512 03bbf19762ef00353dbd73233e5fdc9d904b963b87517aa855025357f71a8bc52889eecac4a04f6a6d2daf3b94c8079189b6d74d4bc98f02a145d94c24137c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dea6414b032f4c3b825dc021e3885ab2
SHA1 6a5517036d3de374100a165123a063b5de6ebc58
SHA256 8fc75b1201f2cfea2d5669d419477a4cea007f6994cbe51ac9753f1fe5529821
SHA512 1194fb80d54ecae65ff71680bd23c63bae51d62caec51d245e0a111229485ee0cf79ad87117bba0c1c8180f802e24bc8ecad7238f1771b8954f9d25d51d45423