Malware Analysis Report

2024-11-16 15:50

Sample ID 240207-zwzjqsbda7
Target 5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe
SHA256 5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d

Threat Level: Known bad

The file 5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-07 21:04

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-07 21:04

Reported

2024-02-07 21:07

Platform

win7-20231215-en

Max time kernel

40s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000c99cbb230b693c295153d25dede62e18735eb11a56d75ab536540eb580d54d8d000000000e8000000002000020000000a9a46f3faea447c27fa935eeaceca552ae1e38d28bf5b9a6ccf7167151076a8890000000cad2be954c19ee310ca2795fdf971884889ffdaaf787051f8ab1e810228c748f06bf04b1ecbbe79cdf1038bf4728eb2580d2bb8658a13c203653f55469f97ff4ed20273ba3400b26a5e312f8b7b9cce93b257291ae1c30ded167757dac9746bf2fb3785bfc9b0070683b9ea69b89dc7852598590a9675fef76d9fbd4fbea4d4a27beaab6265900016bed44d3b98c4219400000006307a2de99db24105983171026e3465384a16b4efcc8643f6d8715b4359ec49c51324a0632b8bd435ba016fda954c2b19e430c4689d9877c482d51527e957247 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000eb767710f3942afa0117c521738b90afb008a3aa62a1e3ab73dd82cb42e8d523000000000e800000000200002000000022fee17e686573c92fef50645fd4bca39e61d22ee27673a0521fa0345b012e8a20000000ee7787f36ef96f89019febb7e3c455b0d566e158399a0766be4eddbc2b131a3740000000a1385c34c6bf7cf5acdac39c72426a6240c412989bc88c311d143b2c7b72ed903ac51842d969275cb9eb55bb6284b69b7ac088db656061e53fee7160bf786f5a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88D7E201-C5FC-11EE-A675-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2228 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2640 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2640 wrote to memory of 2708 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3048 wrote to memory of 2688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3048 wrote to memory of 2688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3048 wrote to memory of 2688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3048 wrote to memory of 2688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1476 wrote to memory of 2992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1476 wrote to memory of 2992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1476 wrote to memory of 2992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1476 wrote to memory of 2992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2228 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1536 wrote to memory of 1832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1536 wrote to memory of 1832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1536 wrote to memory of 1832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 480 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 480 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 480 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 480 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2228 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2208 wrote to memory of 1508 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1596 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1596 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1596 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 480 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 480 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe

"C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/account

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1476 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66f9758,0x7fef66f9768,0x7fef66f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef66f9758,0x7fef66f9768,0x7fef66f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef66f9758,0x7fef66f9768,0x7fef66f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.0.1405387008\1097163102" -parentBuildID 20221007134813 -prefsHandle 1276 -prefMapHandle 1268 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8cd05ea-5bb7-4dea-9534-a3b4b5a20a18} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 1376 45d7b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.1.333125564\76802996" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 1536 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ae07f0-669c-4bba-91b4-087f9b4cc218} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 1552 e72e58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1220,i,9275206162816237346,3522226847496552234,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1456,i,7943984248114829255,18418611023950930012,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1328 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.2.1628455062\844208291" -childID 1 -isForBrowser -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {228cee70-f64e-4537-85da-f8865f5ab9b4} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 2392 16bace58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1304 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1456,i,7943984248114829255,18418611023950930012,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1220,i,9275206162816237346,3522226847496552234,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2304 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2536 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.4.1053084323\80135645" -childID 3 -isForBrowser -prefsHandle 2628 -prefMapHandle 2632 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6f0be3-af61-45fc-af19-4521d8d8cea6} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 2616 1ae82058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.3.1724639762\1191921619" -childID 2 -isForBrowser -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15fea286-53a4-4778-80f1-f34469c33c18} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 2040 1ae81a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.5.1639891339\1696619581" -childID 4 -isForBrowser -prefsHandle 2792 -prefMapHandle 2796 -prefsLen 21754 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de713dfb-01d4-4a78-a84e-0717f7a44d9a} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 2236 1ae82c58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1324 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3040 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1116 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.6.1527772631\2037469272" -childID 5 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87d66285-b535-412c-89b7-9afbc9703f2f} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 3544 e62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.9.1515536247\1834695251" -childID 8 -isForBrowser -prefsHandle 4356 -prefMapHandle 4360 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6575e94f-4bca-4f9b-a427-438cb6e6d7b9} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 4344 1f5ee358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.8.1563516002\1573965873" -childID 7 -isForBrowser -prefsHandle 4184 -prefMapHandle 4188 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3864181c-8f9c-4a74-b026-65966fb96c9a} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 4172 1f5ece58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2104.7.1732307546\389602611" -childID 6 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8d57a76-de66-4acf-bd02-8d3dd4a0c4ab} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" 3784 1f5ecb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4432 --field-trial-handle=1712,i,4338316635514156446,5069871813722509831,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 fbsbx.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.180.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.187.206:443 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:50029 tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
N/A 127.0.0.1:50044 tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 163.70.128.35:443 www.facebook.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

memory/2228-0-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88D7E201-C5FC-11EE-A675-6E556AB52A45}.dat

MD5 fed3e36f6895a87523ce3783db4eaadc
SHA1 5660ec842056de0622ff86be416925ba0e67097e
SHA256 836f26453ba7595c65e2c3cf56205d1ac191b309a2e18b63843b23943f84e888
SHA512 1cf73dec7a18be0f35dd09f0066e114e9fba3f3c77e396fd6b9d5a38501838cd4c89d1c699b04facea150b0eb5f73f8a14f04a25288870843249b06e3793ec35

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88DC7DB1-C5FC-11EE-A675-6E556AB52A45}.dat

MD5 af34a7777caada6c143c7af08b4ab2f5
SHA1 b657acefaca16c94cc85a855e4dc02797a324c96
SHA256 de497adc52338e8c6f4a013a56157427f0d8c28efed65c6c67e06f9786df1fe8
SHA512 cc09080a5e12c9c67bde1bc1f76c692ac734d2937314ec050e97fc62936a7cb5e792a0262cdb8c0b3d27e63a4352a9ae169036f687a7d5caaf6a494f2563ada3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88DC7DB1-C5FC-11EE-A675-6E556AB52A45}.dat

MD5 f8075d86c71fa4fa4583cbbd227eca9b
SHA1 07503ea32f50420a6f975a3004296c3eae86c3a3
SHA256 4c0f7dc012fd94a07c5336a0aa2f89abae9fd9279947a418a199608719a422e6
SHA512 e869397a800d50ce94aff6517fe4b1bab33d558d9589add795062e017f29f7e0d8b8b6fddc648c5365eba12577dd33dea77c45c353d2eb5c2bb8678b492962ea

C:\Users\Admin\AppData\Local\Temp\Cab6884.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ed6a3e90e67195616727004360b1c9c0
SHA1 5b1324b20f9ff7046285400fcb8039af0b4eb47b
SHA256 d875c875c4e1d3ead3e3d9e3e0d0277697fdf165d3ee9d0e791611541df47da3
SHA512 4de4d56254db941730b42876ea406cd9dc280f78649b2ef980fe2b8d68a192e343329aecc8f165c57435a0823e825da0f4dc5a960f28111523231bb13a9f3d3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3c07ff2ed22c59cc74b22f2afee002ac
SHA1 1c1175e4685e9f22987dd4fbac9b210c3c472ae9
SHA256 6631f9ce02015294dc5280ea42012430e04d2f07dc9c672793ea181c53e7d2c2
SHA512 06a8b29e128229309ce0a43bba4577aa30c265718b640e8525e7e49ad3f62b9e6cbb98917891f3ec2ca682be53174344f47ef52d963f63375ff11e98cdb14ab1

C:\Users\Admin\AppData\Local\Temp\Tar6914.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 7df0bf6e7b41d79c8359c96ae17e003c
SHA1 2aeb825a21378abe751db1d341364bd57e02b9f2
SHA256 181c013ded0bf1993895dffd01c7a3f13d8620ace29d4f66b92deaeee89f6821
SHA512 34169366184b5f837ba5fde71721ef553c585d76d67912a91c990dc002daef3445519ee96b5ab905c77b3cdac62ad4d1c7ace6af688131e9740c3c678a87235f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 94692e52132d2bd9e1958919a76ef0ce
SHA1 cd7f9404cb9f1bc9b8be65bb45f8e0f89d392055
SHA256 72c109dda62418da8ba6fe045d14bbe75001c5023dfaccb2ebcfbf2cf3263619
SHA512 5f473b57fada614fbdeb5ff0a825579734f44cdac432a8d52513e0e31c35dbe04b810d8e60805f97de520df4f56ab6f71aa88c518534be88b7d0a5afff805595

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59bef73ce1cb1d7d55e8a9809322eb4c
SHA1 68ffe9e3ea9c09c42ee3704273e0bb17cc7d187f
SHA256 f3eb86d5ebe657866b26d8d4b7c5c2d66463b652fadc8ff6f879f1cd72aeded5
SHA512 55cf7efee8f1d8eb951cd1ab2df31ddd55bf916ede3d5530736797f28dc59774ba4f26a82a1f5b7b8105d132a615ae951fc4b68af4869265c0a72fb3c6ef8962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6111b33e546f8a6a1f44f2afc06a13fa
SHA1 ebc00851c6ef072074334854d0ebc73860913368
SHA256 3a7dd5cd2ca4e495e2805c7c16f5d59c0dedc66be056d8d94e2a273f7c1ffb97
SHA512 40f75469ec3e45a706973a2e18eadca357a2c0f7a597452bfa9140697c1b30481c0743a3bc0173b8cb09058230645146f8dd43b9997683f4eb6c940420a7f629

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0182e11cf029b7e3a294a7bd2c6e803
SHA1 f055656025d656da227490c260c3d667dba87204
SHA256 a486bebceac97521cbf429e2a7409affdfe6bc7634e8607a3173d9ab7a9c8601
SHA512 4396c80c4586e5a7d5ac33c0f9a1ba5a4b8b82427fe0da07942085a418150584afe1db0743d727613ae9032b32ebb73ead295cd5b97f0f581f889caaf2751287

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 b932ebed0109fff715aff23e5ae77d13
SHA1 9caa7475001ab828b92e10429bc626af43db89b4
SHA256 9efbe927aa3a815842e442361a07926763c10ba1f22656d4f6aea1a082629c64
SHA512 73a3b8572612730a09a46218fbc52633621f35739d01bb8c6945e005d7948b52dab269d7b97bf307daa38a309a690a9b18706d44b199bed35ce7bafde024ac2c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 e1729f3472c8d8ae72a32a6d77e90652
SHA1 82d25391859f411d1ad0d5b5c856ac33165f097e
SHA256 2ecb7563df677d7991bba9564105fc4a75770b6f66a3c2ecfc7c3e1dbf3e90e1
SHA512 1e9671eae566797b8e07910f080fa1e81fa0cab71c041298f214242ea68fedfd8cadc95aa7deeec15a0a102d3a4232e83b33762c8fec08fe476ebeaf2e0a8b3a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 dd1650113e310aca2a284ae352f5b0de
SHA1 dbaabc93340fd93faac6eff654446797a0d2877f
SHA256 095d05d942f9e2202daa761b85f82cd7d87844a3dc11ce27cd173c45f7181379
SHA512 d380574566d62091b031ac9e0fb9af11b06ce0d35ee764659c7ebd571fec958aa576d4c5f1df5ef7929895f6350a895455b5ad1fd9ea8cd5f508c50db5842398

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 e5bc0b81f77895d371daf655a279652f
SHA1 169f5cae67ab7f533d6f59756378ca574a1cd265
SHA256 bfa44bcbed9a5efea78572ad41c07496ef7d25e0542fe95b057bf97ad00117ca
SHA512 f2584e9bd3dc0d0e445881c7e9af3dbd8a633c5b289abbb705a91f49d2047796fe5967c2a533aa029598c9c4b2583c97416aec832de0c46cf0a9489951d0d344

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XQMFFAWM.txt

MD5 f5ec8932a665405a5db236e5e2a2005c
SHA1 54f5e2040fa087336a3b7dc42d6fbbac2cb5e83e
SHA256 1f6be1cffe419f7955e8a1f632f9c722cbdfe02b25bbc2f682d00ead8e4f1e37
SHA512 d0a0ae406c2077352d4e66bbc1946d178635170ce68600ee450bd3a032e8cf41f06066878b471a784cd1546e737a8f9c6d462be8535b5610ea090d36cc1f4c25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 6a41995a1367f78186db2d0a673e5ae9
SHA1 b64ee88fd1b389d3719c25cd91ae8c60eb878169
SHA256 3c7c286afa1d168b88b6f88c0930fbe88d24faff2a8b83d091da542efcf9abd9
SHA512 1b4f74ca7da06252d328106f26017add154a12196a62e3e39512e5d031dfffd07b1cf94c6acf8aa61c33f6733f121e6deb584f61b338be6f5aa7fbf8614556ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4bf108615744321e2027d23f6b236c5
SHA1 124b0c56de10c55e4f58cbf1b8444508e61cf46c
SHA256 7ecbffbff39c7c9b77ce6e0382a7c759b8bd5f007fdd68d9524187d2977f1b18
SHA512 a502bf196896b3f251c12529219ca36abd4c17821d3a95d170c582e5b949263ba797a49e03b508051275a43288dbfe38d9dd7b6fb9111e71ef825840893a0127

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 642dc959a62fd600eb0e69e99ecd0697
SHA1 7b6e79053992dcb3103c8fe1f2a8001d8ddbd800
SHA256 d6308a4850a9dbb4cc5a66016e479425f3d3af54e2f43c4692f05d824ec84cc4
SHA512 509d41bd4ac528eb70b3d45900a302041d51b45f0d8ad211c22f3081a8522decd096dc93ddf6e7fb6a552ff84120c53dee6014cceade56f5eeb2f8e319d20d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bee3ae51593cc71db8d9d51dceb772b
SHA1 968ee22e1c13c6aaf3c12047a4f199a2a615590a
SHA256 da31b1cf77fe9bfae6f62b462c46d83bf341216b609769c345c8d0ae98dc0d21
SHA512 80c6f4b966c35b22e98568347cc29cbb855372addde8cc3b0c12044db6e3e41e624d59f4d610cee38744ac2a540d68a8ff76e7480e109487513e68d80aa0cf84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de00615370aa90a971bc8dd3d1e3b462
SHA1 c5f38912839548da26dee1129298ca30745d5e49
SHA256 c486414fd73425e594468c7fe976e661659c50f9fa23eb47cafc7eb6f1b3aac7
SHA512 53fc3f623dc2093b525e899ed15b78948120d8cc840f044897f46ccfe8ae541ab603fabd1de57d34ba0a9e6a0ec42cdfedaca48756bd6ec01c3c77f82b9f0d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2143e8e153ce960e1ce43f3a0b99058
SHA1 07ab1291d3c8c419145452365d24e916d4320d57
SHA256 c9a6b6de77c09a6dc5050def7d656812ce36a12c4b65d656122664cc8f1d2b12
SHA512 7d9c0b040ff74254f62a4169e9cb3d4323a2993df3c7c66e1cdcb1fd50e38ffbfbba6379e96167f0527704d2c5ce06d7d30c0022e5f5e2895b808025ec84d022

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 503a27cc814e07dfb13f3546644ad989
SHA1 0f0cfbc6c504aee553257352a4e1dd7275570251
SHA256 afad24c11c5303f4141c9f38009a089bc8100d0abe837c82b878c6309a3af927
SHA512 a9734b80302e0791fbf8755289770403d356a8bf9ed6d1cd253793e2c9a74fedfbdc541a29f868f9072ae6198e97b4664956c7a6ddf5efc577b23dbb47a96f77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36d572f778083c2809a76d61cdccca0a
SHA1 c2522735a908ab30f59e4fbd3fbb6f5891331d2e
SHA256 81b9778710c12cba1f679b38421eb1dae2e1b18119e9adbb519f719dfaf48e39
SHA512 d774017c9bec2ef4bfea11ff4f8a28a96a2354c836d956dfe4be64cca1b2cd64ac026044f9d7bf84dfdf10cffb3c141facd0fc12f9c27283f8a4a51d14dfb7ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 640212ebd4d071b232b25692efd5d71f
SHA1 b2f6426cf095b5d03baeaf904e118b0157043980
SHA256 493556164f151a2e63f62d923ca53667c2a7963ba739d1eb7b36f1a4f174f018
SHA512 0c40070d8e8e46bc4a729820a87eefbbb54603eaa8c052769d71420da6d325810ce40b429bf279f08ee5e938982f5622c209a48ce49f8592c06194bf9f7d496e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 644bd56a60cedd8b05bad2b2dd0e8bc3
SHA1 278c13ee0eb0dc0ae4334b3e78d420c15cbff1c8
SHA256 01fb0358de6516a83e139140c0af543840821bf76c696cb5a76ee9abb1d984f8
SHA512 640052aa6d0c251b655a9b0ccd25778a45a549c06a7313d45c719b2b552787665265cb5d9517e398e5308240b617c9f5c02e80ac528bdbf3ffaab54cc93359b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92adfeb3decbfda9e1c6aa03b9be9158
SHA1 7b935223b77bb01c1a337626182de471bb89ea7b
SHA256 1a8f8574b6916427c1137b913bc3866370338d74d3afcb8c9694d1ab31e50c57
SHA512 dfbcb59ba1589984904cc480e307216bba0383e839c1c776ebee72e38cb0409fcbdb3f4a3e026fe319d029302b4b6f49600ebbe674215651471d501b67a0294d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0fa393ae0779eab5ded7d165cbf0a2
SHA1 f726ba27f3b67464f2e3a874dd8ae25f45fc6329
SHA256 511be3618f254e8d055f02680326bad322472da0f95a5643d5826dacb775ae06
SHA512 09177aedb5188aec815ba8620287f82b1f3c3a4a0d92511154376331c20f74dae495451e020d33656cd8b1b0810d3db1dab7b84233e9af380b1b7867e36bb0c1

memory/2228-789-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ff684cd3d1d94c2fb6b46100f307d8
SHA1 132f5fb5a6dcae572dbd0ff97eb367dbbb9c87b5
SHA256 c872f03f360cd719310fd2303105d47b8ab815561280819e5fd03241e8029959
SHA512 419b717a78bfa29fc5f8d45515e1c50cbb2afb8702b5b152c9833c63b25f951a70eb0f2c7b32d6ea1ca747175753e853d62629ef51eddf91ea59072f6e8a0cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1536_GVAJYFDHIFQMQXOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 803b366d78854a267e1a545e4fb2a4b0
SHA1 06ad18e19372b2045b0824715daded75ade86857
SHA256 4bea3ed9113cc217da909d39e240f437e7fe5412ee29712f0ccde2d1b4a117eb
SHA512 0a4afd3254dbddbc4aca3b98e85b3ef249e4068b093fee879ef06857e3ea498cf8f8074e95cc64aaa7b8f824f57ec8eed73a9fb21791edccd3143d9c450a4f73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\12728d11-889d-4f2e-acf9-83a4b11a9051.tmp

MD5 895259f4a08bbfb20360384c2ac1f09a
SHA1 8aff76fee918d18d2acaa93bf64e94e8a6fe9406
SHA256 8860cdef6e20b4b38cebe3390f32c65f733f51d04efa2f9345371c3fe7db9898
SHA512 ee03e1234641ac2a1f98e81df1c057db000524be363bcb4d4b805bc94048d2195f21bc75da6ac5905941774c5445b95136c75828bb4310e6e8c20e5b4e9d4073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 8833ace222b15bd8ee8fa0d859c1c0b0
SHA1 94b53265a53df41029efb5d640f8c3bcd9468329
SHA256 f4af621f1529425ef7f196c3bd180b269b7884290d2c6501f9937890519f5fd6
SHA512 41494718f904b8d0f844d0f6a0b7ce190e3e5d2a9c26f2e4068b530401d996f8c9c30cc59fccc950eb2d8b222a889bbb36bab20583905d83b281aea6d8531c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 386a14d539e6e5389274f2f999bd859e
SHA1 fef458df5e93770d68e2f3dbcccd88f58dd977ab
SHA256 77976918914873836ca4f608429dd8288e5c412aac1b4a220bf9875b23f2bca9
SHA512 a20250f4b712dada9d559481500c5e43e95a50b53993db70e23dc786dbd889abe6b318cabff801693899b93958701a1bf151c3116382bb55277a2efb93f23a9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 d035405822364cfd4d1012fcaf19398c
SHA1 d2b588ddffddb22682fd5ef80e9e60ac0b208bf5
SHA256 d5ecddfc8b14b6ccb94f635d250a15108cabbe283614c06e9aa0239de27da9ed
SHA512 ea030e9fd1b3be7385b83a8e07294e55c10c7ddae01e21cc2c9a218b2ed0b7bf79a1a1ebe4a671023e06b121b9fe931bae15e0e6ac9eab4134674f5350b8499e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 cdd47269a9649c9ff29a4895adc4a4a3
SHA1 59faa717b17fd3632db95bfc6610545a48f5d901
SHA256 835fb94b2a76af1a21b68ea31d0dc79568dbacd126db541bab03be70147431f0
SHA512 449d2c6f27cf3f5ca865dfa7a5422bfb08c1b40399cf56ebc57ea4b73d265fb935f228fd068ca209a2f2ea15d93a0d1356db6dc0d54cee1d1b7979f9d1afc55f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

MD5 cd478ef7eb5f07323c6bcb8a9216ff8e
SHA1 5aefd0169a461722867cdc0ca6ea67b3d5b020d7
SHA256 84e3852bfbcf9365721ff69e4b42d830746ea9aa651475ae12680fedee56bc93
SHA512 56460c08175f0332246ec814a3f518055ad4b1f90ebab0be2e397d4b1583aaed51d447048bd397036dbb53e9526bd9c90acd55e2216d3353271c6c10b350fcc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\42f013f7-1566-43c4-ae71-6876180200cb

MD5 b5bd040b4154ba09ebb58a9094d0afee
SHA1 9c65c1eb03305ab30b305c9b747966a315ef5471
SHA256 4848554d9720cc93be9747539968de4938fbbc4210dc7be1ff88f50fbabfae9a
SHA512 c2531220d7fbde37cfdc854bde2823f6d304f76497e4c8ae7c0dcb7f23199099d9059593572e20eef4ec4057170efd14bbcb2098dfdd250da87ec9ea8776f4e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\41739d37-cd37-4a58-b5a9-a418abb8a1cb

MD5 86b23c9f1a2229954839d3f009493793
SHA1 5ee8e6d0e56dac9b17f191c1c1774fa70a9fbd87
SHA256 8a5a6efec46705fcc455a8303243ecbb07c15f7e30df5ed1d6d8f2ba103c736b
SHA512 9ba7cd27271ebf46b065793685c252c9a466a72793cca104f1f642606b38b00ac66c9165f14803831ec0d7ca26ab34d63a900e0dfaf808c47178c351af0c6387

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1a3730d2c03dc5dd6ca328fd31ffae25
SHA1 ea5ee0830758e5e374b9b6f4ea53c70e988fd1df
SHA256 012dd7b1a2c6393f6d04e1dc1a0785c8bf243fc9afe8f36c1ed5915f164e6579
SHA512 2643624c1f3dd3f16cff9dba22b70f926e2aa24478d90bb8392cb563d401ec20cf7377a2d8bbd2f04f662abb7271d1167a064a5813fb58175ec2cb352d6ec5fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs.js

MD5 feb8dd3ae4bc44f16203e56fa622eca4
SHA1 70af4350ff9c320a5ee3bc684c981e364bcb45dd
SHA256 0a6e1515c616cbfaaaa84b75725001e3f20848964d362b113c29af4cc2b67556
SHA512 7aae805a667232c0b2f8d1d75ed7ae377456bd44b7481726dfca896d4e213aaa6ffa622d310cc4bda6b01cb046333c2d992df437b5b23b7ffbe2fc904f8b0f6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bb36dec5c4b77141a03f48f5bf1b9419
SHA1 78ac8c1a44999764676e4913894573de3c189ac9
SHA256 41613ad7c6f7c252ca942071f8e3137692aedf1caea16f928aa00a2d7756cda9
SHA512 0393e1711948479c80700ceae697d50f476ff364a3df0a6258e9e783a2313e69ba39a6e7d65c36da780ffc1b4c15b4bcd7bfedc6e42c8e5eddeeb259e3a4cf3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 795f8866e12adcec35ddd45f5f14f07c
SHA1 ad5c1d159764ef682e4c89ebfbf2c2f785cabe5a
SHA256 25252fbb7ee8490b485967aa6eae5fe09d342fec37d4c2e571fb57656814965d
SHA512 7f13c760a2e97636a3b24917c694b9ef5d2b6865c27f774bb740d9d65ce61ae94b94827dba36fc1a70e7b79f8d888926ba1c652ef005829cee34331b662aa0d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1C8038BAE9D4E52C4463A14FAB50BBA7

MD5 ecf0f729cdf95a06adf44b317c88a337
SHA1 a44e22eb35e60a9ea6c89f13cb545942f21bae87
SHA256 1b3dcc1d982ebf91fb7387c5adf53cab94b3e405af44e5c962a42e3c4b26f711
SHA512 5564885d86196efecc02cf1ec7fa6b94ec97c0b3e3cf87a467b3940934da3df4d2a8ab4022250cf59b687cab5f2021befceb59b6ca24e01fb634b8057201d045

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8b19a4b9d3818b3c0e97645e635c369d
SHA1 7b7bedb4485412052e5ab3d6207704904fb530d1
SHA256 6c305b0a5bd1527e93b40018fe1de162409adca2eeda171f0b00d93bd3fea55b
SHA512 cc744ec436e2f7bb42eb3f17e485e153905cb6b05bdb921573ee0f782f16e514569d63594a76e74fd9c66aec3d11bc6bd8ac36415e7feaa8a82f4316ce959728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc96d4d505812a0bcb9fcc39e6fe697d
SHA1 3f922a520f403108273132dcbfbba497812eb93c
SHA256 83cdcd483538f0dea76c86ea793dbf8b170aaecd17ea63d9ee1acc4a59598e55
SHA512 365877a65e8acd97b44f709243b314c23bc5d8f6eae87cb0da9a0830ae681999760beb2544e99149d300c5c8c68983ffa90afea903cb475accb928ab0108d442

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 3b189a5da451f0e9f79bb0d1b9260557
SHA1 4bf5bed0be39058578dd104210b75b1a3827d16a
SHA256 7cda97689390c387657f394f49ef2431148d9eb80600b9cfe92e439667acd5fc
SHA512 8f72c7ae962c60417813433d7010c96898173ba4cbe9bf8a45b86b1df5ecaa8f0073c2f8fbc86f6e4933ee6f00c3366e7505683dbe93703575399f5390bea178

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f2798203c01f560b5dbfb278e67fc103
SHA1 1b7c23d587f27f04a5794f96ef01445638e8fc29
SHA256 3795556c0460e983786f42ac291480804b237a66a41e32145d48c2487eee888f
SHA512 c77fa62cc57f241828eae3468cf840725d1e4258e61e21b2cfaa8614d07a4217260e4d0e5550912dc159cc73f852b1de04b9b21722886c014ed09e87a2e0566e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d72452cd827d9902f3ef4798e5b19c2b
SHA1 458b721418bedf5aac114b0f6d29e3630abcb761
SHA256 97d2e973d77bf71147cae07ef1042aef71bf4f326d577c2b6849b760ec5da9e2
SHA512 f13b7f35f2d5b4c0a680b283a12fa79899e836c1680e58137008f659db335718df60abece24b65d443f861eb23a709ae9138bae862495724553d3ada3afebc2c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 ab9c976db612cfff5dcf045b71ecf515
SHA1 69c2af5e1388c649d667fb0867b06b355259fc59
SHA256 5830ce95c07ede714d9bf76deb23a1fd5bebf829b96930cc0715e86e96a6d6f7
SHA512 fea5e160b2e8f3dc77c102fbc45ca8104b3140324afda95dcfe2de3143d530a29dbacb1c243dc3fb61c8bee17f9a4f7cc954885590f33393d575ebafcb3b5d03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15327d71129550fbb1013e7001b53fe3
SHA1 e3ce7f28ac8699d95b3130b441c5e7415de3e978
SHA256 6269a62210bb25dbe9e1c88f0e2d8c9148b8384d67d9f6d46982071abd78d660
SHA512 951eb8983acdbdad2d1937f19a6739064333e90ad7d764608700b7b1b21274d9caaee2b1e54091d949c325905ee9b878b3a999f6226c212bf348a5ad7a5c4907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b22a8e1612b0f404e6e6503b0dc17a63
SHA1 b47e9c6ce2cb99219ece4e269ac1078f365f1da6
SHA256 fc67b459a82316cf3923dd9f6dacb9a7ac19349fd4da1fa851e948f8250b4bf2
SHA512 e028738302912eb6191391a45661e0b947940e482983123731f9a8891757761873cd417d24e47e8cc5ade664203540a6f78c9baec05e6cd216730ddebefbc63f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 946534f289717e304b4183ddf208a4e1
SHA1 8027d8cb6cd08654b4e65dbc13ae4b759b7daab5
SHA256 ad3455b3d692fab6002ba8d988fd2ed175a5605b689228b7a9537cb6aa199f01
SHA512 2b02d7de81249f04698cbcc2f3f3a74f69cce8591dc3bf0ac8b8d6d6c3164fecc5404944563552f8ccbaffb91bfe172943041c1e3f5969964ac65316a2735314

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99c1b6c73e4978d676e218f16959ee15
SHA1 e056e78368e11edbbff77876ceb227ed9e33c269
SHA256 a5c6193cc45ad616a5a5bf69ab4be62b10f7db45b363bbd92a86500dd3fb646e
SHA512 8ee3adb3f3306216104af065b2595e72cada3eca879ab11fa73a0ba6c7a8a319a7cd2c6f6eaba8a20464e25b230d48b3478013a10658ae3da167ecbb40b72097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f816329e-6dcd-4ab7-9aef-3ebd89f057ca.tmp

MD5 eab2a0c85982ab127d12bc0a3edfe520
SHA1 6210028d8aa0f258db80ae9a9f2c0c13dd15f5e2
SHA256 7eb6c8e58bcd90bd4310cb07dc68496c4927d1a9c419f0074d925a63ff99bbe3
SHA512 736178e0cfca7d4ade33dd21305b828c9cf4c31063422f7dbd161a26facf30fc825fa9343fe4bce1c756c638be01d2a180c1a39b7b571ee75e83a1f4cce39337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbedba2532b29f6e27ac895272628da3
SHA1 f1ea48f051ad112eef297f551adfe6d552626d80
SHA256 29661e0b65870cc8182bda66070030b0e4e26c25d44d8374f7dfd571d4a5ba79
SHA512 6b8b928c3df9eaf7d459d513c8c6fdf4a1a0662ec1eca69abc88e572d79acaca1b1054fbd239c857dfecbf5280f2c7516dd79bd8ee52b90cc18081471832f50c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3045534b2b52094a730f3c1b6811849b
SHA1 758ad890304b9c1a4290f67150ca41488a39c5c3
SHA256 5468b8fd10e80a477df904e69eba4da0112b19a9aef94f4ccf370261b28579ca
SHA512 7f6a72ad079c2accaf48bcf56d40ceaafd3f6205c7cc2f4da95ab1934308b4dd35f27cf706117c17a32389e873f9743aa9644b723127f80c44b92a1a19a8d37a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40815dd01600703b0a2c27acd7aeaaec
SHA1 b000077aed479db9dd23dccf6cb18652a0da4ea3
SHA256 c4cbe3c60ec415252d1ff695d5de4ba91739846e1b08d681e555a19acb1ac2fc
SHA512 3d3944cf080323a33e37853c5a7d9ecf790d1151e04dfeb77fb4e5c44a4996155b050682a2b35fc3271b307dfb3ea51d6f31a61c7dacfa84c674227dd3adc3e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 77bc33cc30296a18d385a7294b2bf8ed
SHA1 04399313065912a69f5841c82096f8775364e85e
SHA256 8c9cf3e347a24a510edc2e0e88337590e501053083cd1f60e1df160f751bce0f
SHA512 ef43219ec6d4ceaa6aba3cd46e3f3cdf4a4d3feb87ad8d523da14c389dbd992b724f444dc06120aeb180415a064d6c7ce40c7be0dad8a5edf5948ce401e0e852

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8326dc9f6713bed68018630fffe1f1e
SHA1 2818720204b50c2c4e18c83e838f6d961d083975
SHA256 f240a37144edafa99fbe7bd3f85aa1a53c8ff28c5ab9fd16e698542cd319e109
SHA512 6aa8389ccda818af25f421adc79c07ca55771195daab1215dd3dd8684a721b1e149db77b79f7e9881bfb2e6db88ca34b492e76d44dc5742c552e06c6dd00b575

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7251b64d210e3d1c8fb057459db1d0bc
SHA1 484242cb46a0e5f826f02a903d8252ce14f1a189
SHA256 56a06bea5a147a59ef822eaf30815580ee3841c10c65ddcee2ca1fb2f29e010d
SHA512 1e09137419e9eebab7f841a58893e2634550b22796eb425d134c80fae35fe47cd0ebc6062042bb162f6ec90c23889b03595773af98c2139a0e4008a21b97eb83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e60da53221be79cf04610013c641b2f1
SHA1 f7a529924c2e75d0b2a5eabcb6d0615315cf0c8b
SHA256 2b8a179a6cf79ddd9189b268f3e4ff31af68a349ce270390cae0f1c24ea6a75b
SHA512 acbc5f335889dfd70c59572830b13d5108217bc65d6f51ee1ec236645f8c4281d630f9d4882d6622ddab1cb39b68ddb5dbbd5d6fedfb1afc69f94979978aa9f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 f7141f0c3b0300cfdf7da5b44e387933
SHA1 dfbf8010d90cff3480a3727895af10f2e25b4833
SHA256 c5e901bb707f9f15c19b2da2d78d50df4aa67d49bec12c0787d6e2e5d5eae751
SHA512 7e0dcd6a3d97cd96126b9dbff56b7e6954c1ad374d556ef45b1a5b26621cb041ca356a1f740d20762aab719af2cebafaeb338e50a0649b5ccd707e8d24fa177d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 d39b39c002f0fe8fe7c6359a0dffc55f
SHA1 55890778b48d4b99ce5fa942ef2b59d1e478071e
SHA256 bb59f10e3c27e626da2ee1bb0cab4161139fe8b60be08d23d62b0d6ed56b1788
SHA512 124585aba26ab065db7dc1461443964db60bba5c77acd212850dcd484452adbc0b539cb4f84a239aea218ce280e26645b4145c8e8fc031571661c0d757990f5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d403865b5fd616b9b043cd9f9f2be6d5
SHA1 593ecfb0cd1f9742d0165e65ddbf5bf2f6d184fd
SHA256 2977054894383e16c8d87816c039507b512b875f74643d2ea940b2f405e6b9c4
SHA512 f309aa941e2a8a6484a4d09725824c0be6a7212fd93943c99edbfe807097fc55013b7c4fd7b528dcfc1a26097366ee9b73d13c3c8e9b14b77c38f73c1c6ad8d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e429ca470ca1f892999867a9d5a266eb
SHA1 ac2450887ebb6f01a27d3ecef87446e71075dca3
SHA256 0dcd914f5c19a28e23cc04e2c790c4e94a10aee7eedadb27bbc6d4156d8fdbc2
SHA512 44cd6992d333539819e6d50fb2899f7aff912e447be74da5604d11ffed0143195612960fd5aa2cfa35e8767bab553ff94f12345122917e74c31a7e9e9a0cb062

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-07 21:04

Reported

2024-02-07 21:07

Platform

win10v2004-20231222-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{32B7CB3A-1E56-4CB1-9A5B-5CADDAD84513} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3632 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2344 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 456 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 456 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2684 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2684 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4072 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3964 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3964 wrote to memory of 4212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 8 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 8 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 4668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2144 wrote to memory of 4668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3632 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3556 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3632 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3632 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2024 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3632 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3632 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe

"C:\Users\Admin\AppData\Local\Temp\5f6287c9f1b5a24d70fdb7d13925d2e4679abd082690feec77be51d54181112d.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08e99758,0x7ffd08e99768,0x7ffd08e99778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd08e99758,0x7ffd08e99768,0x7ffd08e99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd08e99758,0x7ffd08e99768,0x7ffd08e99778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3225691061046949988,12523541700539108597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,17931456407392227789,10106403924858765561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.0.122638664\377114032" -parentBuildID 20221007134813 -prefsHandle 1848 -prefMapHandle 1836 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11791c15-d4d8-4d36-b568-59f1b1534e5a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1952 1d66b7d7958 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,15491626207098524771,14675018620997872968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3225691061046949988,12523541700539108597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5542296922664613636,5499748035697352582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3138124771780122775,1613166926307767714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.1.694090230\2077544330" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6485a927-7041-45e0-8ea7-8399b8c2ac4e} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2436 1d65ece6358 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.2.989526075\1410798487" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {726a5650-5e54-4d51-af35-4793e8349974} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3076 1d66f13d358 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1900,i,13512852158313548562,6101279645566488801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1900,i,13512852158313548562,6101279645566488801,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3904 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4056 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1868,i,17786628884181160445,4841543071169965919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1868,i,17786628884181160445,4841543071169965919,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4876 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4920 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.3.1638652320\159121816" -childID 2 -isForBrowser -prefsHandle 2916 -prefMapHandle 3368 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {129c3f48-bd17-4f98-98ad-fccbc5e07b32} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3144 1d66fd44958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.6.1888051838\478715394" -childID 5 -isForBrowser -prefsHandle 4348 -prefMapHandle 4276 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1713730-0f19-4380-9fce-256efbb5b23c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4268 1d66db8b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.5.1806539890\290045184" -childID 4 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1212d5f6-993a-4517-a498-6e47b9b1e590} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4072 1d66db88558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.4.1989003689\920018230" -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bad5bf7a-04d2-4a85-979c-605d8302ed10} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3936 1d66db8af58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.7.435083871\2122197219" -childID 6 -isForBrowser -prefsHandle 1208 -prefMapHandle 1204 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bfbef1b-c7bc-4f95-9259-ae9629fa5a5a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3760 1d65ec62b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.9.1238798187\549410122" -childID 8 -isForBrowser -prefsHandle 5996 -prefMapHandle 5992 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d5ee35b-229e-4b53-a60c-38db07119a61} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5912 1d6726c6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.8.1597385199\786878492" -childID 7 -isForBrowser -prefsHandle 5820 -prefMapHandle 5784 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {702aad48-8380-4e5d-a967-cc653073a7b4} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5800 1d6726c6258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3220 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5142662345310993542,9369302286842634667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=852 --field-trial-handle=2168,i,14295884961836393889,13760915769965910517,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 143.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 91.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.206:443 consent.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 241.144.24.52.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
N/A 127.0.0.1:50208 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 147.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4.sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 201.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
N/A 127.0.0.1:63632 tcp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 155.179.17.96.in-addr.arpa udp
GB 142.250.187.206:443 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.196.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.206:443 consent.youtube.com udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8a1d28b5eda8ec0917a7e1796d3aa193
SHA1 5604a535bf3e5492b9bf3ade78ca7d463a4bfdb2
SHA256 dfaf6313fd293f6013f58fb6790fd38ca2f04931403267b7a6aef7bfa81d50bb
SHA512 51b5bec82ff9ffb45fee5c9dd1d51559c351253489ea83a66e290459975d8ca899cde4f3bb5afbaa7a3f0b169f87a7514d8df88baaeec5bd72d190fd6d3e041b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1386433ecc349475d39fb1e4f9e149a0
SHA1 f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256 a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512 fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a43c5442720748bc3520106b9b6d4737
SHA1 3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab
SHA256 0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c
SHA512 9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_4080_ZGUFZJQTGHCXGCNM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8a76fc73dcf3ca2da441223af4c12964
SHA1 6f16bfcce39ee07b2dd5b560c97a58ce46684782
SHA256 294c875c0080fa444f432e2b68f1410e38ee8109fb7a816b08be690924aa716a
SHA512 3fdc636dd7d461227f7beddada969bca841b57caf6bc60333b9682e21fc886a7532af152e6d2383727020a3f1a0874efe6b00b213830e0d6424ba870400a2c5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70f3cab8214d17335c2c25b4d4528a81
SHA1 3fed6266330165ff47b1c89c467e32e869dc99f7
SHA256 ac5963ae04b9ac43de3d78a7480e9f0387ca52f5bc726e0f195e40028faa5d8e
SHA512 31adb2a251a2b00afa427f2c409368ae22ace5197e1b5fd83cb067152e3f6b9c164838dd29560b8f7eeffb876a073a0215b8ee1af516ceac58914afa2093e375

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0bbcf6b4abd356620419865fde1b86f4
SHA1 a1681c1a54e0dd9aba8b5b7ca277e9936cc57660
SHA256 45b429496c7a9e673e213f20f39c2282a1f766644a234fc8e91ce3fc2d0c40e4
SHA512 c8c00e7a09167d36a106ac4c2cd1edeb132f9b358699bfba26a282d5df5e96a87d446a585ffcde407bb55dafbd08781e871eeb4b3c9e3d3a10c8a755ccb6a4ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eccd8e996fbfc4a25f6ed4b64ac9299d
SHA1 7d9fea75bf5f13afc433fb4129832191d5dfd6b2
SHA256 29e6513eb1b376090b751786d7d70a8418d116340354882e8514f28302057882
SHA512 823f6816f3fad53b69d73e32df66e174e9741a350604a8828e68b7d1006174a9626bbd51ec5f4e34ec7d3d9e76f71f023d6911a67b45cf6aec84b9fcb0385f4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 40c91b8656791e114dd8b5fdc4df9236
SHA1 a6aaac1f465565b598933add5dace315ec36a81e
SHA256 b026bbbe526dd3656b047f15c4a01dcae1257a86afe8b78886d0f662ddca8fe5
SHA512 6e1573b8f4f0185e777886855112104ed2108ed4fb0ac3e7458d47580a448f1f385744f1dd19bbb9a6cec73d7d5a52bbf9e70d7daa15a8026922f4c138f3436f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 656965b12cdea23b276160924c8f16db
SHA1 df26466fdb1fd14fc6e95af58b7d99771f305783
SHA256 d01615785e6bdf85f7be09c802e2e2bcb46b2e8859357339ca787ebfc4ed1412
SHA512 30d365ae369ac0ba1f6c89f1ff29614ad3e71f4ad90e7029def7aa79a1ac8eac987ec145e9744f99f1b56a8a17db2d83c85cdc17c8b0bca22d8e1fd7f225ffec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e98f74fc33efb85b1f08709c874dad50
SHA1 332b9287c272e6c8c246d5f5e2dc9ed52127b2b0
SHA256 cf7f76dce8ee6f0f5cd3bcc4a2ebb17efd862ee2e81ea2014e91bc712bec56fa
SHA512 3c5ac0d39356ff498c3c1796cf97c37ce4d54408548bd285f25ccab5d087fa366daca6db40144a4d3158934df1e4e74fae4cc552e9a100b78982128b38e7f661

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0cf38a538711222877706ece11b2af71
SHA1 7ddac4d55ab4e1c7091b91cd07bd0f89d5ea06ee
SHA256 f27374effa592b8b504454156443c0fd99b25b645f1e15f6420a4ade9c5577ff
SHA512 d3a8258c318deb8172c7ea3b38be527cb80f81b971abcd11578fc6ff1643a88045034151d0e90b31b5b315fd19fc4f95f7f8cedc073c75841730af7dda614d4e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\555b5fc4-e251-4b7a-aa63-9a3dade09c54

MD5 dbeae62b42c7b03831f2dbb0daddd025
SHA1 c5112fd4cddb659954e1da0e335a08083130f8f9
SHA256 e15f8771b3a9f2f24c66d1d17dc158e7b5bcdf21f9bd73515e9fb225523b6114
SHA512 55f72f3f3c556f41d99f900ef822fa7a4636c24ea11024d51fa66256ff55e0ce5698bc6a5831fb061e8b44f415666d2c316459bb6b42de15d942fbaad588c1a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\195bbdd7-bc88-45fc-8315-a64167eb36ea

MD5 73c6e1222ff6ee61b27748fde7cfe1c8
SHA1 41f427c5063183f0ff2256557adff45234aa8e9c
SHA256 83106f82c8cb77649e36e5b4ac5e854eaf954a1a3116085771c909dfdc27dec6
SHA512 e5addf9425cc8486a1647450c8530c7f2fc9b8039d1f10d60d4bc1d256d19ef5a58f3662e40dc37e1184acdbfd72c4d0d649d68bc48177abf913ca65b85a9abc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

MD5 6445e42cf7d994b484250760ce08b463
SHA1 9708ce88d5cdb0842f4e2247994f025f50599e15
SHA256 d2e6ebd6ff4725e824fa22470b72b8aa56620327d826694e76469d6da6b7a90c
SHA512 65bbb803c16b44e906b55cd61e1a48359288a8ba047278fb15be037d16fba22aaf5b9622a131d24d121cbe7bd092c0c72f166ff9889b0eedb6bf5cd9610c091f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3fcc922599e2cf7e06b1a158590da560
SHA1 01ed18f9611c37c51da17ca366c51013ff388787
SHA256 42ec2e56f22a5b5afb4e2fb30ee600ffe831c04c9f0eafc6cc9f83e7dd262b45
SHA512 1175eb6e712bf2b746f74dbd228efc69a2c2c954de32f45a9c665fe9ce70a02f97031cf924e04293ad958179cf3b04fc91e34e56275fb2151647d461f743cac6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

MD5 1f159d7df243def5105c10cb52926074
SHA1 ef74ee7d48f83c47b550a3d98c0a227b98cb49eb
SHA256 882b2e7d6174291766fc6e896334011dbfa442a513ff128e242763ec07645c43
SHA512 9c83575420744a547031e9d896eb2f7963ccf337ac6a31b90bf4c8ca410fdf917461919484659517fa11c1653508320f53daad65dd225664feb6f24b79f5714f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1932d6b451f4b503bfe93b8a878aa5a2
SHA1 512139b4927af22776803206e1b12ae465d69969
SHA256 30a507bb9d232bd4182b469e072607bfd4aab749e9e9748bafa63f7bf2076142
SHA512 1ecd86d1fc9b5f8fa9ab10b6034fb726d8c89eb4ca0459c3037e7e9d9a50ecc5693fb99b2a29d775f67005ebca661c66d470474bc06de5440b7495b4dd5197f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\D84C5E508BEC80CE1E91251C07B589F488FE6928

MD5 c19e705493a3a875996a52bd1efd4ebf
SHA1 8514becfee590e33a083d37b62ad21c68eb69744
SHA256 0977aff661bac29d913b073ce8d2954067b7edb4f367237844d2279deb2e4b74
SHA512 153acf629e5f24759535e5e6036f8533d8b7ab80ab4de7c2973875a8d5b6e95a0aec254945fc672c1ac63650cdefdb820dfac672f2d172f165c3611ea3c4afa1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\6DE3B287583C69153D3E33EBA0B7051F15BB81CC

MD5 8f749754113ec0a99012b4ff522141b3
SHA1 3927dcf3f4d680718fbc344ea2d27fa25642d835
SHA256 3bee5c9ad5088f1bd26900af8fc7eb66b7824eb55c59d14a25118576646e2c0a
SHA512 0958d694a65fc21af7a49b39bdd2927313690cab976269d1dc66eebfb237322bac0481735cd5fbbe50c2d350395c0a63ea704e32b1f5d144b98b4ba03f96c0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 09669771a406b60b62b161a198e46566
SHA1 59b8fd31bddaa4b535fe4c13768bca3dc023d3f0
SHA256 71ad351ad4c777c29f07da3a383b9f450f8fd390f18e6a23605d72d5c848786f
SHA512 f1391aa207abefbbf67465f0d65b01f0ec89ce5bc5e7907efd4077e24e1cd384b43c0a1bebb9360770f63eeefd9a3eec94c216f394ebc873597f9fa25d265dc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 e5b06df620ab1b4de3756b4e115c7572
SHA1 0434fdfe944dec5031d1e61350e53f81ae85c6a2
SHA256 149d5f39230ee21e74db3a449705cd798eaaf032a5ead56086ff51759ffd8bfc
SHA512 11b664d4e2ebb916300f030ae0a8981f83869512185645b827bee74d86f3c882766b0fdaeb33a02158b85a5dbce7264198deb77211165bc4741d73f4dbb65fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 9a3dbc8b483c1ea72700084a89460e41
SHA1 2ec2256d4e7210b29a867ea9ac92e6a4a52a0e9b
SHA256 1ecaaf3dff3b52bc759520889407525a23ed323e6779922f1af702c9aba7bede
SHA512 104830babb5c7e71ad6bffe90ef19007db8188b978b0ca21fe2bd3c0f175c80b7a62ca73a62cc82608178abd327055d511e2719cefc983af712f6c524143326a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 02ce533b44e01a3656dd78ecbf617f2e
SHA1 03508dd1347d05f64dd44a1fd55e0f81ac406258
SHA256 34aea36d44cc448b84d9ba1890f9125d52e6ee75dfbd726080c1810babecbfe9
SHA512 ea19a56ce88462196a8d5ea55fe7d006b748928b39260777b787a933af2cd53230512e77d40898285bc5d3fb87d3ead2d21500382881225272ed4eb2e3eb6a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 577e380c074fd5c0941aefb85e13cc80
SHA1 9409cab622ffc65d0beab68b03efd586725c81cc
SHA256 39534d0e32365737784ce174aeb423adab24ec3675f285920886a76f0c836700
SHA512 352306f9b3bc6963e3ed75573d2bf9bfec5ceb302ab21a47130878dea34a3f662bd5d0c3df7e9bfead2852990bcf86f027f2d00db03f962f016fa4121f991fb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 92c1a75e44c7006e1666383bd2538b2d
SHA1 af87ec0804592aa3d84ebf011b756ec604859c87
SHA256 f483e3a3e8541540eccfc6676291a7b7a216c3deb4a5acf6e6b19f057f33f433
SHA512 c8e0154dcc36d088e0863dde3aef20a4338d2c38d1b5e2c2b114cc8bb7ac97d970fa910ce8de5cf089a550f5aee7ca7a38f8e45b51dfd4d71a7671c01e20efde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 ddf820f3977b4a66ca54348976172cbc
SHA1 6d4d1f20f70e5a5488b7002b0e9053a7e518be73
SHA256 1d8656c5248336db462c188369901f4b0353792cff1430a81ba86a91ad03dfa6
SHA512 720bd6fa11fdf8df86bef5046c3e4fd94bc1a6a5650bcdce080df6a78f9d39396a94e73501b138f9d28b889ad29bcd518b7ebe7669ecc6cee312e50b6e2926b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 8ead488bdead432c5855020da0d8a66b
SHA1 618981efa77772eb31687344ff2034585a111559
SHA256 69dbc59f20a1e7951e073d2aa5069613739a12d33c3526ee9d4d47ee0f6a33fb
SHA512 63384d6a1ac958965631eb84af82744c6cfbe71a2982a89bb8f101b8e6f9126af6baf448093e06d922c25a68b6a6763667ad7cb4728ed5ef1550f9b5b7ebc409

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0088522c98db517a4816ec6f7a286220
SHA1 5216eac1f1fec56248ec32cffe86d1d1290040bf
SHA256 f8acf472fd5bd61d067c745c5014c7b21c7d5d185449ae4f7cdc4aa711788a83
SHA512 06cd126e69d560c17601a1132b2b5844f5f9b538343811441975fdeff15f5b23497f115c541c1d28c0d0dc49569be392b70093748635adc90cb770376bf68823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 7dd1c1fe5376c6dbbe4da12f8c30bc3e
SHA1 0251a33f6147638e88344301caaabaa7b36f9682
SHA256 79e38bc5d86489ea8b6b9f12f297e9c1b6b01a37603b30df75e0630547e9f839
SHA512 429ed63048333519b167a3e98b3df93aa87bca4046ccbf58df703217b7b776aea1319aa08a7910f6f62a545e4078c7c227b7916b1ae3bf2f61388522e7f10423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4c5157c4b6afda7645c43739f56d7aa0
SHA1 868b959a72ca95e7e85d98518474593229ba8af5
SHA256 7d214b7f7cc6f95b5564aaac763e6979964105151fd428449d8bc773b2b4a8dd
SHA512 3a2c0643c4123073dfcb0ed76db840bc907fda33bfd43359ab385ba43e49233880e2d53f90c12b478181ad3cb40c774a1dc0006486a0ab68370ac21b3ca02b03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e664066e3aa135f185ed1c194b9fa1f8
SHA1 358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA256 86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA512 58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2893f27e135d1394ff54c6bfff58bab1
SHA1 95e2143c260386a353acbb8c3b8a7a841e5ad6c2
SHA256 20c13c28c7d8321713efe387b5833f4663ce351d08a62f8bfd5f95ccbdc48f4b
SHA512 da3d1747a794807abf195b124dce89b4dcd83b685202ff643bc2a8032a61e654ea05f4ad261fb6af32f7a24af17d5c77486d91c0f322df4c6dfbbb089d08d52b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\91327050A5D76DEDF98ADB9E359869511B7AF892

MD5 5e0bc67720f66366db21170d905e1d0e
SHA1 f25055894c458c32487cb46c512a350c34d494a9
SHA256 87894449c189251b8eb7ec46b672ca1d6af4310ae4eaf1e83645f09cfecb9246
SHA512 9b14c73afeaeea792cf30b8f98b23b92649a63058f728d5829ddcd275a8134776866c310fb5ffd1289304c4651875ace12ce10b193f4bd5fccd1ea75acad1e9e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\19E3E649EDA06DF28A84E691244B9A32F8B84E43

MD5 4a340fb46849b8e6f46247b048c1142b
SHA1 c8d356b9ceb8b73b324d5c2e888041911786fd68
SHA256 2405c3025da20f19d2d7031a963e098fc52e1701acc3ad5945e45c62f1b8a12b
SHA512 191522a048cd70573fd6cb87e1960cbdb13bae0e553892868e810d7720cb3a8c63e92b6d7b298dde9aabf5d149e93ef41900dfad1cfe5941862f33ca7373aa11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 a0318288dc558d26022c275054485b12
SHA1 62a5b007c872909c4588bb598a4f34216a363464
SHA256 14d1d1946c5546f82cd6da49238db10945b37d2b75461fd8b322bf8afaae0a7d
SHA512 2339b8046f2a754b31395c5d3826d6787627e5cc2f057728511972537a731764e37db73e57cd07bf0cad82b7598c30eb47a52206bdbab53abd4a4f178142ebe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 b65693482680d902651207e585d54754
SHA1 350b7500a9b255669d38a6d6ca0cf808038c7767
SHA256 4c60d0e17bfb7fe53b6f4881cb5f92def77a64ea36fc7b5c0522498f0dccbb67
SHA512 399c4c77b4bc79a08745dfabd19f2e9978099adb2af42b1fc8fa40506a9151950d972ef71c0a7e4797c3a27baaaf67f0fba75b136595dbc253cbf2e2ca378083

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 4c39438f7c048bb46c218ed97b19794d
SHA1 57b8aa8589975c2c401d6405935c5ba58ceb8c70
SHA256 da1a928318aaf194ea43568159e627466b96461bc0882b966639947ef2111bb4
SHA512 f9e5205c2e9fafa3c136d4449052e918c3b6bed85497104ba00cfae55f8222cf989e4bc1f5215507bf6a77c3f7032a8e2b2cbf3010eee240694ec793613ec301

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 df4674fb2cbe04d435de09b8718d2206
SHA1 c639c65370de35d185ebf1f932a85dafefe22976
SHA256 9d220099005c25460295bb5b2c77fac5bb759ac276a736caaf7c3aa5bf7c2bcb
SHA512 4a8ea5fa810de8f34cb53ea281d2b58676de6f5e44b14141b16b4b9b3e4c2207ea7cf0a3841b0188e130d9add137ec677d558893eb41ac580383dda44e1cc641

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 0fe9bff34999d5057c1796aee3fac7d0
SHA1 99c4a70b4fc37ba1a20b8c4104ab8762643bc683
SHA256 ca74d4478e3cc3b666ba80f583f23578e029f0e994d30edbcf8f7fff60d85ba6
SHA512 be99eef9b258eb8a173438f1ba4a58813f8c640c880a5c62aa1a960e799d83e5d16124179b16f1171e8c2c5a8e26181ba917378264298decfb7cf085573a7289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 5944eaba4087da01c31efab06692f901
SHA1 d17ce6b1331847706d92dfe076f109303e292815
SHA256 e619181abcf27d51966a6841870e0d251d1f3c35082d0b2079e993a73feb9342
SHA512 26f370ff875c17c30f5267dca52a59986efa3a9472ca002ee3e84740c91cf2069207962490cb9991d6a312d80f3efff89520fd108bd92c8062b71cc7901b2440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 c48ece6248398a3765efbe7ffac658d8
SHA1 f85ec59824398e4644abea48a94a93eca1be26f2
SHA256 953bdd9528a2914339661f547421a4386d0c729cbea0ebd5b96aabb4b798e931
SHA512 5cb36c505c01831f3b0a39c5975488712e83d95e9ccc6645ec487801f062fe11062a0c999160dcd1f0212116135e2c1ce94e29105cc69da93f7c1090432f3bfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 7611185685bd3d51f1f6a5a2c01b1767
SHA1 11aa48a6137c11356546bba4d3de8d395be52866
SHA256 10273a73d9c28cb0f4a148124da57d6094b0cbf33496449042502cb1253c10dd
SHA512 38366263905421d8bfae7e29db06ab74e307e2c7ef5330492f999d0a61956a7083465f4ef389ab0ffbdbd6e0fc84351eab6d593456f5b4999250960be3a39e5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 144a5739140d865c6cc237a87f49f3ff
SHA1 5ad3a126d9a426882cb1302f4a58a13e132e9601
SHA256 7df2bcb2c7190dc85228b77e42918d62307d9644ac243dc9034555697daf9cb2
SHA512 a5387684854a155410dcbe12696f2e29b30d301c31f3dea83ed179e9a2fd9c9d3f1e9795a7b578c405ae383528ce6cc50f7993db02f77db6d6b364e93f567d52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 eb8243e4418469542501ad353ead9f22
SHA1 74fd4a687b61abaebfce2cd18ffa68a8d761c616
SHA256 50ef5631ccafe40c09af313c5473e842c9226f662b8e46ea303e8013333b948a
SHA512 ac765fceb9ce1ff53c9b431898f29527b8fc5d6293e74657a2d96a36c4f5ba234708146048b33d5d3c13053a007b8bf7f2018e34b13351786e69d28976737289

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96fca7bb4ebdbbf738acc17e9cc94028
SHA1 0c193b2e95edf81e1954d0d3d4d43a0c095eff00
SHA256 0ef3f5e861e91911477b56dea4abae0638e809c4bc1e9a6083ff287d6b003a00
SHA512 e35fc3393e56d4dc35ed64c49ac2325970dca9f20272df2d8123a3e7b0688b011f262f56d1d313143aa747b4c52d0d1a4da4e6746a244a3fee86d23f6bf74bea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3aa79a79624b5e558500e2c474415df0
SHA1 f7a88225d7dfb23a07a53b28d4942dcd8d4ef965
SHA256 d0569a7eda24b022aab7ec6739b9ba1aba56166a5ceed83c9f534d389345d134
SHA512 c3a6efea3ba1e0690c6789a25f3531e4b53184e87881bc9a1b6513020f4cac24014db3c8e954257de2c2290ed8af4b923ae93fbfa491a24d39ffde8fc9593854

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b69e.TMP

MD5 68369721fabaf434aba6cdf55fcd241d
SHA1 b6445e66fb5911c0048351e4ebbc21f8d4c2dba2
SHA256 af4c6eaef01adf7be7ef7e666b3a3367156a3d738377178008874f6c27c3e212
SHA512 04058ea1854f27b9260ca5e71b5e33097191e4590ad3a99bdb406b5ff192b53c4748a954eb5c2afb44d53e69850125fa320040d487e3c9e0a7674af8e66e4ac0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 deb679dd57a59b8eca1b79265dce41ba
SHA1 dc7cf23dd5482f0c4cc0524a3c92c4ecdce1bd02
SHA256 5c01d34894fee76cc797716eb0374249f22af5b751679c3d7c26b90f04ffc0a7
SHA512 4ac03d3e35b0f60a907d4b5dee868469a28dec3156f0658f57b6d36e1b8d8dcf8e83ac8e9aa8e48d4f2db97b37371b45d4d1b76e709a9f10e6b041fa433311f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87a404d77c424c181d4322aca2caa08a
SHA1 9349251f9e69f1d4b27c4f31105054b8f3042442
SHA256 5a6c8ba0aba65b27a6637260baea5bc787dd4585da97270225312bed1bea4c29
SHA512 30114619dfbba19b0852dce26be02498eb8d343c5bc4d7ac1ef7e21eec5ab1f36f02099d02d446fce39af271499902ced43bad966e918123b930b4ced8f706e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

MD5 6d888d89ac5328c04ab6a2bffead63c2
SHA1 cb130736552f25bbb749c3a915c07c4df3ffa6e5
SHA256 523f536407968b5347763640410eb26412b469868cc0840bbc670bceefef176a
SHA512 1ce4132880ef65e405fb35f12f8ebd37333d9ccfc010312395e4fd8c7ba6fc119fa85db42dc75af8639b012e450b319ae4b7763280de534c169d58ffc2bf3a4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac6e1d10-5968-4bff-bdab-afedc0373580.tmp

MD5 1c2421941101fa4b1d744a7f97cab69d
SHA1 a47bb96fedc45b37f45adf126f696bd8c3790fd7
SHA256 4751e8871b66b2892f259231b443b625f50d1b445c450d56dad33300ea630beb
SHA512 9fcd8bc774585ab9958ba8fa1fc0c745deb7da24d85487ff24805ad3c80a0ebe5aac085db1b88ae9c36cc0a69d260eaa7e26a67f1e98e1f107f21c1e9f8b8496

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

MD5 7961b0f316599f72518f709c601ba939
SHA1 1e4eae17c4d005966bf32bd96b9c2d2ba18ce71f
SHA256 0fc7bb4ac9725a92072bed0b955a99c62b7f68da75a538a17fdffd7b0957f6e5
SHA512 896861c639196ea6251b48483fb7f706327d81b1bea3eb985ee54426dd851dfc11bff29d564b36227d86594c33914aaac3ce226db3fd75eb9313443378284bfb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 d4d70ddded6b027894b1d22ac0cee0c4
SHA1 a810eb5e7aaf71cf89765b295a0571f0d38c1bb8
SHA256 d6bdd5c8a04f396077257a5f13761404aa4f7ced32dacb55851485c3b62e630d
SHA512 c3fe6a9e2b1c95510330580a08f75d538ae2011d363688dcef26e7140e89a3f88954ca05ae07e8fd7db5bff5d0c4d7fcbc03d04f053c2e25c3db61e6b4f4c35f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 0c0b7a97762a859295dcd1b550c920f9
SHA1 6de8a4c39e28abac8452e7b80c86f02d051b9222
SHA256 6fd8a1cf7cb081f4ea36114c0511f7d9aa58454bfc66995857dbd6cfa9af2828
SHA512 9c474fb1dc581c733e3bdaeaf5cc306325820945f3ad680632511a79af8e88cb745bd16db117a68cfb7570f113a050abb86f13100c9214bb66a23f0d955e383b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de241a9f634a25695b18d7db7a99d988
SHA1 8571742887611d9457d9fb8f1189077b87b33410
SHA256 d642772f6f17a5ea3deb028777e4fa19181a0ce3e15604669b384913f9fc10b5
SHA512 d87fa797d433f1b5fc11c9cd7d3d7901893839b6e7d0b597ecdc061572b19e334ec48b9d5751fe908ae0641c6ff4b87934524a6c89a23982e4267b18098c60f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 321a57ae8e3d11112db4620d9dcc74a3
SHA1 22578c5840fdf5dcd634279656795b9080380b4c
SHA256 df33e13dd293f9c8762706426d2d8acedcc1d4de027d5c9b794d35e6700ab894
SHA512 d0ac1859711851742c09a649105f87c9fee858631e1dd36020b219609ee5dc63a4570d633d03437179c7bb8f43c63225af48186953084fef44599505547da252

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

MD5 35293a6eea8743e37d345cd809e10c5a
SHA1 31b9f1d310f852f01418a9ce006c61a3497bcea8
SHA256 34e69753e28b17186b608b69793e86c9d342b9523503f0195116365810fcccfe
SHA512 603fb4ccf469c936d5816c54c50c43bcb933e5123a1bf21060e1bb03b836540734d9748d73d74821c9c9076205bcbadd621c9c59f2ab64dee1396dbfcaaad088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0396a6654a3631b95790736b355cbfb8
SHA1 7a90bd13647324f84a30c36dc7c194fd5b1faeaf
SHA256 bd1650a0a4cbbe33a07a9c1af87f9788d9d9421d62763b0a53774afc6cefa563
SHA512 de4ce9179787fe78d9258fad888c618a0cfc50179ceed700d4cadf133725fb83a57bb8c3c06d81734ffe595aa209fe703a64c14c24dea0534b5e41ce657645a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2a1fac5189532d5637f96bc17b511587
SHA1 bf1558fd4ab8bf48fafaa4bc1be885dcf1ef760a
SHA256 07eb2a6405c55d16c6d4fd124ec2d2fa4e6643e49e1c4392131f8fa71ecb5960
SHA512 4f7e1e150a01a427d8d3a0d22d562c9083d8f2ccf59d0fe6257094352ec8185f47c2dfd120a7951d4cbd14494fa7c70b64b0a78c654d12a9746177769e6a1b6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d913ebed910e5533e8d236d3e2b7fd88
SHA1 fb417b2c0b0b2aca0175d48c98ae03a47af4fb4c
SHA256 3eee47e4967bf1c9fb46b6da7daab327e5faa3adc2df32cea360935cb1f07b3a
SHA512 7f4130a492ce2842137a0b4cfa0747d07c0a385ed4d2518d5abcb1afa9fdc61aa2b04e87c5f46f88b7d4ba58a297691f6bdff3aba625eadce8e6574cdf496bf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d67d7599f9b438f01faa043bda5e539d
SHA1 7d156621702514dd7efbcdae6291c4a1b663b64c
SHA256 eea3bc4446417af5205e672798d89e9c9baf0206f61f006d1d3cab6c96c9b8a3
SHA512 c79c29b6d65952337b72c404db3ffcc77d92e81cd0f99e8badcbc36640641e31deb113b695aa9d36bda189477758c5da28c71f2fd62e8b839cdacc9bd750de84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae3f4ff8fa401d8c481cff1d9f2959e2
SHA1 8cf616daadb8b489fff43ff5f8825d8f2eedebf7
SHA256 22916a20e89bbee96bafa4fe997d76227f6aa386651d14f0e7d2d9636698bd1e
SHA512 e1133a410dbeb3b94849082b580e771d18bccb60f1478e2dc6c9578e0541da6728be627d0d7fd26e001b74aa9718536f9afd0832a376c817565c8e135a69dfec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 993d12192a484db5bb6103c7e84c55e0
SHA1 d59fc420ca238f214136eb17d9efc9c52e9c4a06
SHA256 5f46bf424ca16a7d0e7a7af47068c64cc6269e71662c74bfd824b5d5442b1cf9
SHA512 7a7985598c547f939d590cdf875d773c222e18bfa8f1fa5736de0ebf5a5b161c8667978bd955b229ec74777d203096db251cde943a378b895350cbb88d590133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3b10477948b6ce3239bcac560a57a3c0
SHA1 ed0e9e54849f2b0403cebb2768167ff9cfa35c0c
SHA256 fc9dca8d10ef3dd17c614ee3ce8aab7f9961183b2e60618a60aa8b4607b6ad43
SHA512 cfe707b92140748146543518707beb469cfa967c5c58e26045e5eb51404dbc6cfdfb5df1adb05fcf9545a91b7e8bba4ba6291276484611a41e48a2bd2d9860ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4a0c42fbf3db43567092152a8d2e6d4
SHA1 4ff6748b6b737d1d236c6f972614054345b9a0a0
SHA256 56d0935cdf8c753c8bf110d5ce0756b20f0634c8de92d127f22ed3a3ecd6ae82
SHA512 4fab801ddd980b36bb10e62b3085b10fbca8b63f6466c8de1ebf1e949675d55043b3ebb2d1f4aac905a2b2c8e0f66c95bfb59a08528ade427846e5f48c950bec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 95b9182e2d790c39d34a80b72e2d6455
SHA1 45c9a65d084eeeee0d27e794729219fda0f3b294
SHA256 114f1bc7f7cd65229ffed8347a92e83b672f4885551ad2db9a46253384e017a9
SHA512 f3e943130eb0bfd42cf7c6cdb1ad2a18382a3b199b30c228225292d2a2e9298c5c60d549182eb8360f604d180c99a55fad1818b5766b6acb8e8ab023f7a095b0