Malware Analysis Report

2024-11-16 15:51

Sample ID 240208-b1brgadedn
Target 5bb2d0c9ee6a86afb4169f89f6b9216a.bin
SHA256 7a4319b13c5814fa1a1cda2fac178b2c817c10f2a607afe119247ae4114a9dd5
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a4319b13c5814fa1a1cda2fac178b2c817c10f2a607afe119247ae4114a9dd5

Threat Level: Known bad

The file 5bb2d0c9ee6a86afb4169f89f6b9216a.bin was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 01:36

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 01:36

Reported

2024-02-08 01:38

Platform

win7-20231129-en

Max time kernel

52s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75577E41-C622-11EE-A68A-46FC6C3D459E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75551CE1-C622-11EE-A68A-46FC6C3D459E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 784 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2372 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2688 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2688 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2272 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2272 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2272 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2780 wrote to memory of 2272 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 784 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 784 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 784 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 784 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2372 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2860 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2860 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2860 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1560 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1560 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1560 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1756 wrote to memory of 1348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1756 wrote to memory of 1348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1756 wrote to memory of 1348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2372 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2160 wrote to memory of 1916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2372 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2372 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2372 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:784 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6759758,0x7fef6759768,0x7fef6759778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6759758,0x7fef6759768,0x7fef6759778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6759758,0x7fef6759768,0x7fef6759778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.0.1107764177\1906016120" -parentBuildID 20221007134813 -prefsHandle 1256 -prefMapHandle 1136 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8214a359-cc39-4242-9cd7-132162f6f1c7} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 1332 105db158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.1.1072431312\1028871874" -parentBuildID 20221007134813 -prefsHandle 1548 -prefMapHandle 1544 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60e69d60-f144-49d8-a6ed-8a7543dde010} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 1560 f3eb258 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1316,i,14123530714947788074,13170105651190155609,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1364,i,16954274084391363786,8039196841556436798,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.2.1091831664\1110476948" -childID 1 -isForBrowser -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95f97923-03b0-4879-85fc-54918b89e949} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 2480 1a547e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2336 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2164 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1316,i,14123530714947788074,13170105651190155609,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1364,i,16954274084391363786,8039196841556436798,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2616 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.3.779240603\731291039" -childID 2 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 21605 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb50615a-24ed-4f9c-840e-617c7a6ef520} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 2812 1aed3e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.4.398479713\430399868" -childID 3 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 21605 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cffcf75-4e20-4ae8-af4d-d7ebb4fb9e8e} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 2908 1bba7a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.5.1799760049\1838885957" -childID 4 -isForBrowser -prefsHandle 3036 -prefMapHandle 3040 -prefsLen 21605 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8721174f-0df7-403b-ac86-e18c20b1a1d2} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 3028 1bba6558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3352 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1168 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.6.1694276967\65338829" -childID 5 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 26083 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f550aa4-10bd-43da-8586-f3507ba38dcc} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 3536 1d199658 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2108 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.7.390393180\404469046" -childID 6 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26352 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0123a3fa-f41b-4591-8b14-d67994156beb} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 4068 1f32ff58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3740 --field-trial-handle=1328,i,15235166461903399578,5863993122915834593,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.9.1570368787\1469844368" -childID 8 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 26352 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {829ec359-67e3-435c-8196-e58f7b2355c8} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 4312 2002d158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.8.1656825469\1710160326" -childID 7 -isForBrowser -prefsHandle 4188 -prefMapHandle 4192 -prefsLen 26352 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f855cdaf-c73f-43a3-9b90-dd66c2524499} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 4180 2002ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.10.1570362397\1091677045" -childID 9 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26387 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35e8b99d-5104-437d-a5c7-1da48170629e} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 4564 1cda7158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.11.822844118\1994649072" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2056 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd3040f1-871a-4a48-930a-ed45a0f5a1de} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 3840 1ae38e58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.12.7000540\2105085491" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 1232 -prefMapHandle 1228 -prefsLen 26546 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cc08a44-dea5-430b-ba10-f9cc601e96ec} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 4684 1ae3a658 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1836.13.461046956\376887782" -childID 10 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26546 -prefMapSize 233275 -jsInitHandle 560 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf366a60-41b0-4b0e-b9a2-4515b7fe516c} 1836 "\\.\pipe\gecko-crash-server-pipe.1836" 4984 1d7c2258 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.149:80 www.bing.com tcp
GB 92.123.128.149:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
GB 92.123.128.161:80 www.bing.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 54.148.110.228:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 216.58.204.86:443 i.ytimg.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com udp
N/A 127.0.0.1:50279 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:50287 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp

Files

memory/2372-0-0x00000000007A0000-0x00000000007A1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7559DFA1-C622-11EE-A68A-46FC6C3D459E}.dat

MD5 c1ce66722a94db4b4464bdde5429cef3
SHA1 f9d49440ac11c1061b78cc2077ad253e67904aae
SHA256 5d2078fddda882834f30453240662c23918cb6edd712e489b922cd0c24554736
SHA512 54fdfb1ce687cac062b161326ee59005942a8823a32cdbeb5e739688e91e86cf0997cabca73fae956aa282b76250fb459013b0397b4d7f4bbf3321b27c2aa181

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7559DFA1-C622-11EE-A68A-46FC6C3D459E}.dat

MD5 43576e12d11bc1390cc0baaca2c50adc
SHA1 e6afaa009741072c777c2f8e2bbf5c4a0309f8dc
SHA256 cf3fc3bd0e6f14f908dd936fb9851bb39ed6d48370dc32b3ce09933eb671602e
SHA512 f1d6cd2d52339cf8d6ca1bb1e852abfe559fc7515238e5a96a507e214c930ed339d9982fe46c7e773567f90629441b2e7569032bbe52817d13ff518d74f6a01d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75551CE1-C622-11EE-A68A-46FC6C3D459E}.dat

MD5 8bfd93f8f9255fa8b61a998e272a5fad
SHA1 796a75756b034cc537595613e3cb1ab3f59871dc
SHA256 2103eb97ab6e09f9e740c822009a55e62e86806b792f51d38f5ed9a66d997861
SHA512 a98ace5795c88f9f1cf89fc2e09818d863dd8a452487759aa9c9a6889914c8fc099fb58702b95d8ea70bb36711525f96fbb0126b7fe804e7b892da515b60f60c

C:\Users\Admin\AppData\Local\Temp\Cab1249.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18987434b4c36fe3d17f0cb0785524df
SHA1 2aea6e45cb67fef13b790e598aa2453d88d98fca
SHA256 c5e6de89ef0bf9bc209e16629f98be407c460ab8b191dd4ef08ebff350dfdbf9
SHA512 a0fcd2a54b6cd3947d98eb49abd1a3476fa1c577d479a0d6054a692deeaeffd5041c50778c12984baffb057f259ee83c5bff7d8a4c93f4b2b7875fe70e83d478

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 a3658b213dfd919f4bf0c36fe1486691
SHA1 2c6404ecbe4155bd791afe338737d39b67ed9662
SHA256 05d3a7459f05141a7ec1787573980bd34afdc318bf42552526423c7e61454730
SHA512 43a6a78430aa9bafa9e1491283d68388bee6779926f9d06291a75324adf24ff9342abfe3dd97ff36cfec2ba4fccc3a0dddabfabb720ce06134076293ccb1bc21

C:\Users\Admin\AppData\Local\Temp\Tar1345.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 24f906180a33ee773fbe65d01c68c3dc
SHA1 32d57980f3930d10bb670a37c2f585db2c6a686f
SHA256 a4219338bda8ea6eb118d880290388f2290a77a4013767aa56b6f19cde2f1675
SHA512 1c36b23c57316b06894b86195af8b643fb83a27e1e967e68ddf809fb5051c5a973747f3f8580914fb65e85910d7dc49ecae1eb96dc949cd28886f13729296a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9c20aa0cd0526967d633e3c68b10f921
SHA1 510e9689fb70179ad620b2e06ea55377cf6e1773
SHA256 bf6adbb332194422eab038bc36c944548288e2f07a70857edfbf1e1e25f5302d
SHA512 fb72c8d367ce79c07448ca534717207a4d7451c03ccb68dea8dcbfd655fcdb6045bbba343edf5b87103662143ba9b1cd26c917b83a1081cad779b34ad8041442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 588a8ce460cb3d79888b066b0733d42e
SHA1 a008152899a74f16bd50b5aaead83a95ce958e5f
SHA256 fafcd4a9485e81da16f4c902487a81e292a1d193bfda6d2fc52e29eb6e065514
SHA512 bfdbdba5afb0849bf3d58ebd8e09204f1fb53fd0b50c2e0183ed7e8c8862a5d7f15d71c9b42c0482cdb22a5c99a4de18b31baadf2fe7568d5d9c62ae6d301b88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88fd05bfcf6cf299f91cf63669da65e5
SHA1 b5f7fb61b9b6fd7c52d5fb27fcfc8f77c916dfcd
SHA256 beb382c3cb8937d5873b7966f39cae92a9ea2f02842ad5322cf9001ee16ea32c
SHA512 a35b32c094e3bea22d6a7abc50d0748be398b97edea4aac1265a0cbad0d2a099fd01f22c51dbd0082d017d3e1b814325bf42d1501689ce925b5e247b172310e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4180941c920a96381a1b4eef1ddafbc7
SHA1 1a197c9a5b9e943bee5dfbb9783dd3537e2f685e
SHA256 0ee4ed9472f34a8cc9ed2e801dea1138fe1b8c9f651af1576abd1855d8bc89f0
SHA512 e3ec15e1bb89fdc814958a6bbe81ab1b74554f2a15b40dff07574db1a2d7c976d9d25154632c5b11d1f69c72da88bd1c42b395a23ebd2c16a3db62bf27fba416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 08673f892ba5efbbf6ba870c4c805740
SHA1 f5f192fc66b636574c6e9e332235cd30b33e1f4e
SHA256 25e092e6148888e8cf2534884b8bef30c5fe535a840a797ca8ea0ed1f14a070f
SHA512 776f4c16be802bd579e938c56b9c61decfe83b86fdb066019aa931f8b3381234af0aa7089af950ee3fc46c7fa2e940ffd4e7b8566a449e5cee9cdf46508977ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0eedef8323deb1cce1eded828fbd2615
SHA1 dc7cfecc78367e6bfcc231e699b5f93f59a3f0fa
SHA256 70b7a1adf6b7a22ba82177d8482d41f58b368e6fbcac45fe31c77ebc2f355468
SHA512 1a5907b35ea3ba570d9789390c6aa6c9b66dabb330a8be6cbff5d68e10f5a6810f88495b86baa0be811fec24b303f36fe23441bde86692467707cd2c77e1c7a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9ec7272a4fdc8b8d8d5dd70ab060a84
SHA1 3ec85c413a4be6bbea2678b33d8b9802b3927001
SHA256 e07584122d21378715378991eb7efc0e916f67d509106e7a5afe6e10966c3763
SHA512 e4466aa930c743ff7bd70cefcc7fea0179936ac71d6c269e6bfee3cc8f5e67743de8b4949e06647b99e97399597df80563e12f41687c71e0ca1df2eef22eb770

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 394281550f5bbc073c1cc143e1da4b9d
SHA1 8bc43835996acb309b879d03e6905b72d471295a
SHA256 edcd672af00d983218d94ca109a5861b23e2dfe1c081d4cf5e6803f4e66d1de6
SHA512 f820a2419d293be9f40bc0740edfd9f75fc2596a2b07f02e49e84321fa9b5d78b7b375f12037f799c1ee7aabdb1d573e9d82a657c130c2d05c763c61af797640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 8b0a5793aad55957c0938d54104adcef
SHA1 34c682eb2c760cd520c7f3a311cb0d3ee74168c9
SHA256 da6c1a9d837e9316ab59df893953faa4087cd052768751c0fe9bcdff7b0cb23a
SHA512 e2e302b47abfb7681c8c4ec88ffb2e52dee0cbee6ad387df1eceaa65b630b5dca194d4cac61e5720e8184f8e24c8046acb3df85c28248be3e4ebdea292e8d480

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIJDZA66\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 2b0f5e9c9fa9e5589a03cfab8eba436b
SHA1 344485cbd8b13348ddee2a377ed6741401b331e3
SHA256 9dd9a6e9db21b3da3158029644b818a1ba92bfcee2d5ed85c9a80e1faf8da836
SHA512 26ed423232a5d462a3889e2831a9c10bd473733497343f5c147a616414fe55e427ffc88da757f35ae0c62178a2fe1a3be063cfb17d7fe6b09b19dac98b621046

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6CBAB5D\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 d19e04111c480110493b4804ea7c01a3
SHA1 089374a08ce9164d282605f9efb99b53d28431e5
SHA256 dba82f7662b023301d724ca964971c2f70daa9af24d1d909f21f806cf260da6a
SHA512 a79ed3631ecb6c7e7b1640dd49705a1f2e1ef4e5cb221e65731f95f0da43f22953db819a747b4f0c90723fa4254303e181e6c2ca0a66e9dfb0d7912c0d603e23

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFQ3DFF6\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 a26c434d9fedc8260ddadf3d53740bac
SHA1 9261aac4464d6052f70788ceb54488a763ebbfb1
SHA256 da3d412d15c93c74222449c601cc74068f1533bd7e90c7c427f0890668fde1e5
SHA512 8b4cf51428e4d25f6b120962ec592f59f0aba8090b3e57dd78206005b6697ed26a481e1f44d75b7e92fd2a442f41253d80fa9413ede5bb7bac60f92353b4a2db

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QREZNOEL\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3NK6Z192.txt

MD5 7c2b0f068f7d6f5143b234a4b1e64bbc
SHA1 bc18c0d1116fcaa79499db3e51a0c0e45f481006
SHA256 42b448fc3a527218c4d8f9f94d1a694288937928c1418bf0511b7dae920cc871
SHA512 4fc4926ec8540fdd85278f654dccdf5847f7605afc99eac9883ccf73c1c530360af5d71bd58ae0dd6754b719cf7cb7655c340a6b5ab7379986c49acf9ce4e622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 9fa9af89b3b5d0dcabf1b2d2853f0132
SHA1 5566e70f3336a90943cc964fe9d3e819deb43641
SHA256 78ff642df5801151fb3a5ebc3a593cdc6fcdf2782b118718e817503334ec6fd8
SHA512 2e47caae48427d27492a3e617528cb7abee68ed27727ddbadd7f8de6bf4faef85679b6ab037d25d8ed1bcc13cf1c903a092b885222f25d23293106490828576f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75312626e6aca4b34edc8bfca265be67
SHA1 cd65ea14bfa26396abdb72396742c9f6dcc956dc
SHA256 2348a345631d620bf758b4c71e56ccf3a71d29748654913deaed50b0f512de19
SHA512 312a55d9e0566e9b865c2a0c3f746d8f88db3abf29a4a1e5e17490cc0790a4780c80bc373c76dc5b9e55f944f24272b39287e2c67886a1e805d4d8d0137ab574

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59fbcfc2ab68d4a8fbaf95963aa1b38a
SHA1 5e2c1d610a0c989d41129130054bab176624354a
SHA256 c10fd568ff090614dc4a206d6ae370ff9da9dd39c36b6a92b3af4af0a1a94643
SHA512 cef307c7048255234460ee229828fa4ff673e6b3b7a571706d31b40baa005306f3b79be69dc0d62dd98827a212d5982006c6bd4c4d08db758e321300dbedb3ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6385361b2d01244f1b45e3d9ef426e6
SHA1 ebb3a40d8dcd6a24c2cc79944a63695f4285da5c
SHA256 a1c8b3d75b46a5c7c0a3e636e1efff74cf81335e63591a3c9c1458a0c7a4e6f2
SHA512 57403b73f2734ccb690034f66c899eeb2c87fa4ed815f6356ee6fba229090a121416df1cbf050efb923d33a4de0eb8f35dfd21034b963adb268b2edf5d66c126

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ae48cd5423e6dac047a2a99e1b4bdd0
SHA1 0ec802b778bd6948c2c4cfc80583f996334346f7
SHA256 6d83f42f8e5f66ece0cdd7c962a867d2d4541f0036ecee8df5e9e968424974b0
SHA512 6d7b4685b34bbf48abb51e746b1ffd841771223cf208ef37811c800681c61734485102788e5cba0e4c183a3a1e37e34b58dc81793ff2db7e3b3b35f87c753167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1db20e7c2f09eae95beca82007175e2b
SHA1 8bed87cf0c755729f2f9d90a95ab9edfa68ecc7f
SHA256 51f015eac2446a40af7e8cbc9e36c1aa69ae6c1dc07e6a0c465099c1e57db580
SHA512 ece026f49df3678f86c654dc614263bf164044e43bddaabf27f52b210c25fc425b11dcea12d3631b703825923518e9770802f4418491617fd2392f8e4e25b191

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 85454aae7d68fb8541729e87c389a67d
SHA1 cc4dd8a8676e6e25277d3681957d9ef550de1620
SHA256 355fb7f1e1d79e99833aad15656018b9451a7eb7a031b06eafa21412685bc6a9
SHA512 c50c2e8e7f65253d5f0b7a0f066a77825376544edd6621a75b5911de7c3bac2448a2a98cd14b4ab581b7c9ef1021f27229f12e09ed49fc8ef876a7ebc7465dee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e631973bd1e861625a15458d22ba3c26
SHA1 9b7acc5156647dfc8f247f137094feb3c6b0f9a1
SHA256 7b6a98639dd23b700a0c1ceff355202658b488b6034fa2ea182dc6fd0383e125
SHA512 13c7fcb8d06f5ea550614a030964f06bac7ce01c85a5eff75f045d178f27b83fe10142791ea2a79222b88f209d3648963d5a12b4927bfeb46d77e90700813f78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32d9619d5c34dff24eff5fe4996a456e
SHA1 f1112913c454617beab359081de57d25e84be76e
SHA256 5d35776991f5ccda7c5a3410c6891feea8d05870ebb003c854384613d5b01b44
SHA512 fd07e5b0fe3337cfc35ebd1773976036223050f7a65fda47f87bd6bd9a9a1f2c33565540c18953513812392476a8e5fe2f50f538b6b4441b7ad602775e4eddc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fa2e0cc20dba4d08d2a34f4f6cdd1f9
SHA1 7ad6b1c332d60d9613f6dca23c1e2e449b8eb6f2
SHA256 fb064779eef029560e2f3ed75d9225cc1be152982004c4b3b9aa33b1a6ee5fcd
SHA512 e411c9f6210e486468321f29139eec0647f888fb55674782c603ab69f2baa0778a6ea5f2c41525864af11125e5c1d7a97139b52cc564c5488be8604a0413154a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0203f83e49886ff929cd2eee58543b38
SHA1 d465f3934b3a997dd145475ae5e43223a41de2c0
SHA256 68e979adee0279499179a1b428c417b4d35099ba81abd9fffa682401bb52b633
SHA512 c87a673df4d9e5b1b9bba20025ae81c75b6cc448d6c671673ec1c30ee66ceb7e60a69965285d21484d40e684030f622fd2e001d3f26add696ff40679847deb41

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2372-1007-0x00000000007A0000-0x00000000007A1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc224701d3988dd5549f5d4adbf10fe4
SHA1 bf7837f102c82b785f087208d907c86f3de96bb4
SHA256 ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21
SHA512 da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1560_HIYFLPUOVFERBUZH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf7677ee.TMP

MD5 0b4f8287e9cbd03366448251400c5db2
SHA1 cdf321e2b8a32f81e1fd891be581b63670b16cd1
SHA256 8954f1c7f0ec42ed38ba1b6ce056f18bf04ab43ca3c335218c9f80b75054ed4c
SHA512 41d1f05ec30678446b083a77c7852967c4c4d41ad1cfb8c963276b840b885f410fb78e7a37e16955b090f20656c3f7e5fba6b965c7a39b3c1353e2838f4bbd7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5551813a-da30-4af1-aede-33c1e8a552b5.tmp

MD5 4a81284d356e77a21ef089b2b70c1e34
SHA1 4daa2ef0955f74ccddcbcb38b857132f86f2598f
SHA256 9424050cfb6895e377d297e46fd094dd8417052fe0ceeb476f7665f1b9270d4c
SHA512 de12995f4cd02fc78acfd350fe0153c83903eb5bfa15b3bfaba43f4151f8bf73a3d085ccfe89553c3efb532366dfa6640c2ae5ad6971d4ea605d76016a395bcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 ea39479f4925be8c1101ff85475a922d
SHA1 6215b80c83b039a7fddcfd1cf5d051383ed2dcee
SHA256 6fd96aba4e18516c380769c6c8392b1e76db498f2bbf8a464bf334c5eb680874
SHA512 d0ebecaa13c76b8987794c96ec722c92026b725b1a60055ceab1c3d0de9d99c712d8bcce88d4408f4a77ac2a88d6e48ee4f315142c88cde4a7896b8dc379b364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf768a55.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0f034bd699de8528910745839afcb6aa
SHA1 cec37bd256f13f8071f2af6fce3079fe975e8455
SHA256 d90746e8d81e31e2a7395ec0d8338efc53d9de3815d679e18bc0c9e94cc7ac4a
SHA512 aaaa8faa1a9a4b01b69badb93365f1f67a7591774fd5636306caaaebf24d9ecdc6dad2a3fc9ea1a44ee62188ec93c852d3353a8401266807bb657c8e0f2503c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 f688fd2c0d7a3236c89a0c42bdea811d
SHA1 68a13cf6ff8e9fa46fddac7b6ad6794e9c0df8df
SHA256 50c8cf477bc96f44b1d28098a5ae1fbcbd13f9c712804454d698cb1248b142a0
SHA512 2e232125ce377f9411baf2f337e68a28d60feeec5d475382fe632fec45c7db6d0d17a7aab6d80d75bf1968a09373ec66683688398c3b7c90360899aa6cf37d28

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 4aaf3a2c28d168fdb5372badc770ce20
SHA1 1badbf0778bccd8e3c05ffd7adacbd82c2f4a4f9
SHA256 4064b65edbac6fc34ef442fdd12f1d8c6a96d5f69acfce25501906d74eea927b
SHA512 bb7092045373ef59264018a3e196cd406154b33cf9278b304ce627b1baab807ac769c22bcce1269543956218a24c2cb6772461aaa0181f265ce60ab7936e563f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\25950e6f-4bbc-4d29-85f7-53100cdf679b

MD5 ef1c2ff1b89f862ff213e1ff957283da
SHA1 35adc1f2898b528cfc9f46632b1653a3ff7bdeab
SHA256 b7f31741aa4be253b1d318cbfd6be86e06226427114952c51b3c3ecc48518d66
SHA512 643cd9c17377b3ec293401675d5e24ae0bdb5e9a294015ecdbb275b499f687af1a8d00722e169b7c84de980984813b2350f933dfb6f19fc3aaae18d24ff5c8e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 845b24fa827f5db9eabef591913ce259
SHA1 fed1a2eb3db92842fd46ec685740ad009dcf680b
SHA256 f494ae91bc2ab5380769865e392b24bef7555c527fd7bcc78944f5d6f6471047
SHA512 d420a245c82ece40b85481a029e705d252f1dafac9df343821f717394f6ea0606a970bfe78f974ab8af17211a293c49eec3c565c9bd6542f4b774c27c94ca792

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 d68e1293530dbb89d0c204dd01f2d0bb
SHA1 9a1744ec66569ebc0f1a09018ec2042435256a50
SHA256 431d8e19c20a780fd5b4533a8c22e94ed49bc340a4ff3d342a637fba6653c01d
SHA512 58ac369101e79c7a339612151f23f4371f22bdcab771b58e3d7357fa51fb5c7b39d9bf305809cbae4a85f88d8fa4454102b6e9080f571e26346b0738fd4e1677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c92843b27883f8e9518d9c272d4875e4
SHA1 f1d84ad5f4c52066749ed86216f3044d3647e06e
SHA256 8d7541412746fa82000739810c9882aa4f9a4e9cb4c14272492dae9ce3ef2977
SHA512 882af47d9fbd41c65a3132d31cf1176aa64d259324219045bebab1d8842f674c59744fb461b18707b9abbe62567022496dbb383d5d974c806f912b3d0b950499

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js

MD5 cbb36ca1d16ddd693f8b7dc182b4f9e7
SHA1 9cf17d44bd543168472bf45474c64bc638ebfe85
SHA256 13fd455887809a26f7a9bbff80216a2214f3edd5cbfef65b701c4a8772439b9b
SHA512 ca19fab16b3d1b30e0e3ed014592a8b9aa319c1ed0d7fb153f4c2ea4480aaf4efcc57eb64151b4f313d1d8287e2c558f7f6a0b6362cbe999c22d0d74d4714906

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 803127996fd8e49ef391533bf204fd8a
SHA1 4726df3c42dcda893f355fb9be5c750ff2c33e76
SHA256 953ff70c63c3ed8fcf5648b50b4204696e901bc6d64102a9f7b66539673fb76a
SHA512 d9e77125838015fb1642b00a8cd0466e502b9e6cf1ea62912388ce2ed445e63cbe5e23af0396220a5b5f6cffcca155b9feccc8f6622e015dba51eba6aa48b3cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{21db0d84-d022-49b8-ae94-78f843283759}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\idb\4113479960yCt7-%iCt7-%r6edsap6o.sqlite

MD5 e5371fd14028601545de7299b266118b
SHA1 014aeb676b7f23bc281377a0fd690791ee522766
SHA256 765c99c79b1671b3d765e6a11feb3dc13ee2cf09b1d34cb54027ee7ff228f99a
SHA512 1e0be63d7d47776f2bf082b24c1781530733daff17f8df85227eb2e7fc983316ad60de66178a1a087fd9ca715faa338e2cd004bb80b3faa122c0a6365a062891

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a3095e8a5ce713860b5fe87fb838eaad
SHA1 b33b33cbcbbc0f595f2185f416f70805bd118d7d
SHA256 a99a191992617ef62ccffb7dac65ee43fb824eb599981d09d00aa20a423f7aa5
SHA512 8d509c4a41782ff93b00587d0090795c99c33f3912f032bec0b5847678aebb9e21fdf0dfd020d713dd0aa4828b115e70ce70716e3e588f8c6f3cfa42ab84a430

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 708c96f0d7992985e4f9cd2c3d578cb9
SHA1 9bd576243a3170591883fd0ecef408f73ef76296
SHA256 cb46a2c3ba863d402df37cec3375906f85f0eda8158d5f1a302f97ca082908a4
SHA512 8ea5de572f634e67212a350eafade89fb0dc4d8c9388216ee13b7f3e1dabe892e8f0138e5409bbedae632e0fac6eea1a5b0d229774ca255b60deb402b3245ec0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4694f6558705a35fcb17e2a9fec448fa
SHA1 8911d239c0ba701bbfb521ee7e21ae00a0db12ca
SHA256 bcda85d59d77590a6863de28133125e8e94fe6677bd3d367ecfc3f4540dbcd10
SHA512 10a5fbd29b05e64bb744f78f68cc4d1f3be9f8084ca3c4539e3c8e1a7be06b123809ee84dff65c0071bb61692861b643a255490a585565a5299459638aebf5e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 778e9633b19dc5886baf1d85b0c61f23
SHA1 a78b4999c17a89e9a10b798af5f82b3e39016130
SHA256 36e18a6205aaabb01a34d3599cf8522ccd6af330bef72e4b3e4eaf02944fdcdd
SHA512 e88197dd39949685144aa0b82fe29ee406db8ad2ef0d0333b8f98bb1f9d167427873453d722891a97b1f40f5ddccb60a9ed22366f08baba75868488f635e314b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36a34681635dd1215f620d0e38d8915f
SHA1 bb58e4cf229e78fef9d3dd650637b4f3cff503dc
SHA256 5d00b1ce91e648535b97d22507ca70005923b08530ba84e6228273ef2963270a
SHA512 c9ea4f4fae358a6261b34c89e720220f1458639dcf2cb722c408dc8ea0bcd90fc4aae58e2f129582e69a21d10d4554ae7e01a7692797c924958cc72944c616e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da0891d282a6835eb6d4bd7e87c6fa5e
SHA1 17a1ad00ff370b37214f53edf0161bdb8b5b87f4
SHA256 53260c151168c430476c8d06744de2ddbc3d35b584f7a7da594e15571ed0185e
SHA512 5882255ab21a43e029be56053187171a99f956bcfd3df784240ef8a893da3cdd672e93cc0e402b418d61f6776b8eab5f4e75e71eabb1bfcb2c34c94d0f24e22d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f0a5f2aa0ea9f8fcfdb3fbdb02c188c
SHA1 dd8c2106093e3a328a44bd5e350f92f174fcae29
SHA256 422807bcddc7abc049f9e1c17c7bd4a940d5170322abbf1e50184ea31decb799
SHA512 4858e0a0afb81bb374c900f373fec8c45e82829c80b50164bdf48fd63376063feee8f262c133349fd444599153fc1186a1d803d55f33f3009bb5fe16a351a18c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfc0c2c34e6425649c39f0a3abe29955
SHA1 036fa2e2d301396d6651f19608d1dafe8840c071
SHA256 29fa35318e8b0732db1146e2ccb17d323ad39ce9aaa0770828383e54e8e10674
SHA512 fa40afc7fb938219f5c63bd032b6c97d36fe6eb7b57f52944f9654225d08d3ad03123a7704f890b31fc53d5815a5f286aa5e1733eacd552827c5b1fdd530220b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 165e36cc86d908a47ced403fda90073f
SHA1 5de57db7c1193127a9c2ba4e2e110e3fc27cb20c
SHA256 98525bc0eaea32aad2e82578704b6e00565a1d1546d9f2543502de1a1fca53a2
SHA512 a7c1df313e760ac14e72be17b410805598109f27201b4babbd3cb63a3660bed05501d17b73c0f7bf1022572538f19d46031e211a427533ce8f775698cea96377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11b4db7714299681ae8e4dd9d5d118af
SHA1 992480ce834685983323bff80e9b2aa8e7e6c730
SHA256 c9950c93eb1c5b575783a6dad44946c5c1706ae42281b50fb51b3dae1a10f2e3
SHA512 69dbb98845a5bd9cc574d068b0714538904e50299e3ffff75ecab2a4ec0090c285f69500c167d57ed99baf9a7eb929c412d56743a7fb594860615005c18780a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 055b5aa8d48a90b11f229ad1b9fb4fa2
SHA1 5b694fdd6ad6ad347b46411a7419269e6b63c37e
SHA256 7e0f5dc23b7999841746d6de073f34ad50c0b9e3d962b852bd511f5d35d44c45
SHA512 59a0910201968baf6e9b72130df778392f2b95b4653f6e5ec300a2e11dfcfe4e25abf577d531c11621d59e7aab174bc7ef159d3e0dc93edcdba48e3b0a711bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b29afe2feefb9f279270d2c58351bfc
SHA1 e7701aec3a223beff48d784bf78975884728a2f9
SHA256 286664586c00e6c5e1bd157106428eb878503a8b4921069dc6ebefb20b6367dc
SHA512 18c805ff04839fb1a079a1446adc01b05453dc99fa4997e0ac6b6aa74a371dd290a0db6f6342b28243fc6a968d5403e669cd4bf43624df76a0cc9cef2655613f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f17ccc8605bb688f3d93957a4824293b
SHA1 b8034285f6dd1cbd52b58f216abda1460acb0e4b
SHA256 2f131a39613f9f2a62e089666ca0db4b43ad8da8655d1beda29dfda9ec8f4ea4
SHA512 7722b35bb1ec29d797d8dfc549fefc1246e369866264c0305572fd0564878182bdd2c4f09dbe160a9b0015043e56b1e968f9e6d29ce9da33ab12a5a4be27ec4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10cbd78757625f68594cf378f1c1e4c0
SHA1 e9b1baed32c8eda34d82d3cdf862ab810ec20c68
SHA256 3b7d829c74a9c89433f10357a968286ace61364eb7bd35f0b0cca8cc0e63e9b9
SHA512 e08c8470acba256201f4422568ec37bea736d3e50bc26cc9923c81ebb4cee54aee8f4eba82e0a9b0cc2c60f5576eda56bb2fe54602e18ad0ef0cc9fc299b75f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3878afb1-1a17-48ed-b3a6-74bacfef195a.tmp

MD5 19b8c5f5be27813cd45588e4c605679d
SHA1 646b2e5f705a955b072d62c2ee66cd82eeab978a
SHA256 8debc3f6f38999e3f04524fc4da483d1b0652799020a4bba93703394f9847e0c
SHA512 086db1b4a741717c6463b1447d8e305fad50828e81aeaab0b6f72e72814d7f9e6777d894ecef129a9dbdc8ee66f201012c27f32f430bc77b1ad09af538b1bb70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 436a9567a7a04cdca83d44a2028066ce
SHA1 51a6eac2d7b059d451f8cfea8cd5f008faaa9ae4
SHA256 2aab0abb3b02701bef3a15363a37ef813e6aa07623f232fe1ae94669552efc19
SHA512 2e93d2590a871214d1515ade9a88fd3c1f3a933dcdf96e890ff6b7039f27ac24797c032694b557240a3dba318c073059705d519f355912b14c99e275f328cbce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cb27c0d50ed5d4df92bebb60f965f11a
SHA1 27c1066c919da8848ffc407847d6e126bd6bf3a5
SHA256 8d4c69197dac68b353adafce1b8b6c1dd2fd1ae60a8cb998e4c45250deb522fd
SHA512 b344f1b870a61960b0557ccaa25bb39b74cb0331d060259b01ed2d3b612f5e8a2bb0ab1f2cfa75c334d7396f3026fd3e18e19ad0bfb80225fd4b8b82c3e0e149

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 01:36

Reported

2024-02-08 01:38

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{992B1B65-1AFD-4AA8-8672-7080A7A1B762} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 760 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2080 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1212 wrote to memory of 1788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1212 wrote to memory of 1788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3764 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3764 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1632 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1324 wrote to memory of 940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1324 wrote to memory of 940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 224 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 760 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4784 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe

"C:\Users\Admin\AppData\Local\Temp\afe9422ffaf9a7efd82f0991b9511e63ac7f0796ed5fbc366f83a1df49c7fa7c.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7b3246f8,0x7fff7b324708,0x7fff7b324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7b3246f8,0x7fff7b324708,0x7fff7b324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff7b3246f8,0x7fff7b324708,0x7fff7b324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x90,0x108,0x7fff7b3246f8,0x7fff7b324708,0x7fff7b324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7b3246f8,0x7fff7b324708,0x7fff7b324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7b3246f8,0x7fff7b324708,0x7fff7b324718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff7ac09758,0x7fff7ac09768,0x7fff7ac09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7ac09758,0x7fff7ac09768,0x7fff7ac09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7ac09758,0x7fff7ac09768,0x7fff7ac09778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13388217517765069387,5951738911900975446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13388217517765069387,5951738911900975446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,3272976408237931914,2023695986068285739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3227609373669277232,427322541585452975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16523088382694604939,3297520097974158163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.0.1638298445\161214430" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56922a94-a833-4323-9ab5-821dba5d8769} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 1904 17978106058 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15886334268768386627,2894630713689235398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.1.1087111811\487517783" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f99046ec-6bdb-4be1-ba2f-1e2f5ee4c544} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 2384 17976de3558 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.2.882068416\2043867635" -childID 1 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fcd6810-c4e5-4246-969b-c8860aa39414} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 3296 1797aa20758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3996 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=2008,i,15698393410122433385,17940911486995315774,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2008,i,15698393410122433385,17940911486995315774,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,2110790805724675801,9266299203282099646,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=2000,i,2110790805724675801,9266299203282099646,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4844 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.3.1775491214\336743086" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3156 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {643e2f06-3aec-4444-ac27-193998bc1bde} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 3612 1796a662858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.4.1801480340\1503472478" -childID 3 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {337710bc-1f4f-4a45-a7d4-2278e52473a7} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 3928 1796a62d858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.5.1449668758\955500533" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 4540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {757a1ced-6940-439a-915d-9e44eb998734} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4552 1797c5c9f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.6.244046068\665723301" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ff5feb2-0acf-4d2d-8fec-48806b3b48fd} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 5116 1797c5c7e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.7.517150761\487198938" -childID 6 -isForBrowser -prefsHandle 5680 -prefMapHandle 5660 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e3ff1b-2ffb-4e02-83e7-6d08de0035f9} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 5688 1797ea5d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.8.1812757819\1020122809" -parentBuildID 20221007134813 -prefsHandle 5552 -prefMapHandle 5544 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c648b96e-ab79-4cf3-af70-60a34ce9e286} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 5812 1797ec2d758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.9.339290833\1812768870" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5804 -prefMapHandle 5812 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a280f55-8b4b-4d51-93be-816a8305781e} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 6012 1797ec2da58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.10.1436804135\1825883466" -childID 7 -isForBrowser -prefsHandle 6160 -prefMapHandle 6140 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2057636-700a-4d9c-abed-b959af55a77e} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 6200 1797edae258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5428 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.13.1951412585\1102005344" -childID 10 -isForBrowser -prefsHandle 4552 -prefMapHandle 4688 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54c1b9c-df18-4c14-bf1e-cb406b05dd95} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 6396 17979933758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.12.464174980\1293862464" -childID 9 -isForBrowser -prefsHandle 3996 -prefMapHandle 3984 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82cdb2de-776a-436f-9a8f-36ca7fd3cbc5} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 4020 17979932858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2112.11.373059461\886138720" -childID 8 -isForBrowser -prefsHandle 4576 -prefMapHandle 6544 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00be3621-f50f-4542-a7e1-cb96f313f109} 2112 "\\.\pipe\gecko-crash-server-pipe.2112" 5056 17979224b58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,2114318545298594190,9078106322244121857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5668 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 --field-trial-handle=2004,i,3595267037260993181,15867329379456699100,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 106.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 142.250.187.238:443 youtube-ui.l.google.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 157.240.221.35:443 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 216.58.204.86:443 i.ytimg.com tcp
NL 52.142.223.178:80 tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
GB 216.58.204.86:443 i.ytimg.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:53638 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
N/A 127.0.0.1:57587 tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
CH 216.58.215.227:443 beacons.gvt2.com tcp
CH 216.58.215.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 51ccd7d9a9392ebca4c1ae898d683d2f
SHA1 f4943c31cc7f0ca3078e57e0ebea424fbd9691c4
SHA256 e36c7d688cd7d187eacc4fc1ccdd2968de91cee60f15ecb0e0d874da07be7665
SHA512 e3773c19314c66f09c0f556ade29cd63d84cc778be64060a570eed8f6c7918b7d09d2694d9e2d379bdaecb4e20cb140749a8111ef267c67a620d64cb598e0619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7a5862a0ca86c0a4e8e0b30261858e1f
SHA1 ee490d28e155806d255e0f17be72509be750bf97
SHA256 92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b
SHA512 0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 062cc84c0218b55fdd1b19857d52cc59
SHA1 e25a3051e499e2269d9e2ea0f384eaa781d3ce24
SHA256 8fe2e20bb3cf656eff404cd69a740bdbeb2abde044ac1c802270c6bb349129f0
SHA512 bac28b92d9f095b08e6b68eadc1d11814faaf8f7ce24f8da404eac4127bbc560817492ce72a681192e80605d7feedfedf20543b0503840c33488d5728afd583b

\??\pipe\LOCAL\crashpad_4784_DEMHRYGEHYYDHVZT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06c5ed82216577f7b5140d7a63a79a02
SHA1 d1afd9a7529537696347573d2b770a20c831ce28
SHA256 7623c5533ae65b23682cde5415f20af9aca5d1d8ea16f84238d212d8de2b189f
SHA512 dbe9dc248d00778901bb23dd5a6e6fc0971b186be0916b4e20fcd82d555ac2e7846137fdf23128923422a10d96d416ff9168aa1ee64d5600d4afb55f8edeeb87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a1bf07f4b7d649375e56e2e89144c416
SHA1 d62762f2395467d799127ad3fb661acd920c9734
SHA256 235101c8ed76c23cdba914a5a56d1d1dd57d2bf6a5d765833937a5166bf063d4
SHA512 33a217fb17dedf3eebf34327bbbbc4e4b203a3a302a8a1cdb97ddffc7ead8fb041223f7ebe46f0413e5bc728333040f82bc630d7a88a3f09b1ba6dea88db0c32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ebf303fc8a868ad3568703169b3aeb5e
SHA1 69a90e98ccdd7641c607bd0d8724c8bab551fc39
SHA256 b1ad3389d51ee929b4d8175494b3dda786784d6656f2efc49fbfac2ae40bb7ba
SHA512 1935bca21db72b99726a4d7fb137e4c7ab5e4ebe5d66f60965d500d643804fde7a69143eae1c14c611d4108f444f8ea3fb965044baa3aaa454303f737593474c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abfbd65fdadcc6df4a6e331ccc53b8ec
SHA1 1ccd294981b9599047b0a368c3ae1d3019af21f7
SHA256 10a1ee4517670fe5e640af8ee5d3b0c4c583003576eb981f9d00203b6a960f74
SHA512 685f8ccefd48b217f8e6a2955761bb8367c1b1b27b4fae3a95db68d3ff1f0030fec7fa45b77aa6f0cae44c522f44b06ea4085097439edca10db44490e2b6c3f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9059a640d98d4f91b2557db58ae6d194
SHA1 2962e756e1dd01b73b18813c96c706382a75912a
SHA256 f89178acd942d1212fd8e0a2050e211ed4439bc68e9d50bfe86959e461f5e745
SHA512 e05cc8c3ab21877292401c834ee3d8042d2a3f4191cfe11603a8d07cc2c8e15c3bfa72e0c79b2d6e87e06d083a489d48acd67f129098ae0e9beb093e4059fb48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7efd28027d6312d377fdf729e8f91763
SHA1 07773d347815f201c4376edb4e3087645220faf2
SHA256 1127ec87c9068dbe4e972fea76774f7ba3482f06bf4dc1297adb91d77de7114b
SHA512 e22f43efa5f55e77240d35ce078bdef0db2559a8896949d36e36882a62a259665d2d99087715850b1edc257dcdc59428033aa9779f954f55ca8d531fb8ca9e0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 59d4b0cba82ad778f4bd9cd97d008d1d
SHA1 0124aa24703a58fb35d52e3dd79bcf6d5183741a
SHA256 725c0c8ecac7e28a96470fe297a87db9bc55be6e47fe5873c80954293c728a40
SHA512 60e637fa27c1f581265dfd66f424e7fce6fd75318d5fac577a82e26e77946b32fcecf1cbf67fe660b2bf8972da11e49c8741ecbe24ab08573c7bbf2fe67f994e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 67d48596658ec528fa6b99f0aee6695f
SHA1 b976078c1bbfc2d2dd104df4578e7cfc6416ea1f
SHA256 f5736e08ef4dc5f6b2aeb8bd2b685d9d72127b57437347c512ef3718769fd447
SHA512 3e6a6a606c87e93ca1bbc7b9a87197c505325c28fc3454f27625326a5c00d23455a7d6886400484d6243cc9f7624f5af89c7031190269cc81dd8bf5049c9244e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 175fa306ff381ada6c26c4feaae70a2a
SHA1 db064893c7c5af64f6960fcd13ee1a66b42a38cf
SHA256 96119e7992e4df5c653ba51a2f8fdb7240d2474310548b836e4998a9bb7c72a6
SHA512 8993537a4ba51fcde9becd39ba99063c94936f39fb53fc764cc0f7e88b7a7f5b9e99b76b42204287062f9685f2df7543d7e7e141050423c21696971bdb7d2c5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d8f56fe9eeaf571e048edd80559e4b1c
SHA1 d99d2c8e124e118820f9fd74dab960fbf8398574
SHA256 2032b2d9a4d0146647f91e242a22c282ac46624fe56638c54451d34673b9e414
SHA512 bf877a757ea4ac2d2ed12022dfe70fa4c958c3fc1da2b41e6ef01d16600d52c3111a2c5e15e285249b2a49ceb6c777b0f9710b47a1a4e2e8bb9dfd1687a76cd1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\786278c2-e571-43f2-a12b-8e06f4ae78df

MD5 23ae0d33b5255f656cfe691431a033ea
SHA1 0b66a57237116289b3b80dbcba4e0bb3a7b7d147
SHA256 9fa62ce5b0140b6de1c55dfdffd174840bd4c90e179a46c2e1269529bfb7c2fe
SHA512 98967a94cc4a810d66e2ec6968b2e84f025a524dcf1d07e3838e8335ada59af1c3cf04814c090a5ea24c030b3872145cba541860d3967d2209971c9fab574b1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\db\data.safe.bin

MD5 9097ea229aa22e397568d7aa45ab3f0d
SHA1 e8d0f9366e397196cb5d448410950b2278fa8797
SHA256 98d8f8c64c90ad46ac412354fca3fcbeebed30fb9ab72a2f72b8803565007d6d
SHA512 3e1ae19e2ca0c7c18b80bac262ebbb8e4a57d6d6985b8eb7f6632b544d642193bd8d1cf232f3753b44e02ac0377ff836c5eb5bba569b675b1695ec1fa58c9fbc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 02df51be6a58232d1e1a5e52a7ee3a59
SHA1 e60f831b84f519d0ab0c3d063aa096345a522e87
SHA256 5dd4ca9932059a1754b9875113036198ef83a9774c9b367ed9b27aa129bea26a
SHA512 2425c698f93e6cc9839c20242309cab9be26a424bf3d2d680cb18c4149b70072e07ea587de462966e54fb46aad8db458d0c015bc666f4b694bd193337277a009

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs.js

MD5 133bcaed263c6166c17e6362b04eb641
SHA1 6486b3fa1a587d7b0451ad684625f37bb06f112b
SHA256 b3fbab95dc047a77e38cc236016c0171d51f7eb8784c0bb714cfd88431201ef8
SHA512 03fd78a831b02d7cfdcc374ca14e9c776252be63e8ae2e364bb7343df251ce7f54ee4676410b40139145990f076072b4e3a04a74d30a0a770aadb7e7fa219123

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4214e009784d5144dbdca3ad7bac4cf2
SHA1 7db7879a154ef7cd943c9c8249f9c362aac25460
SHA256 055c6dbf0e53bf0bb243fa56c7a56e533151896f9a26ebc652cf040a1d70d15e
SHA512 2542bc6e3f365fb983e150ca097de43a03efbe030e3ac7be6fcb63c947e2b6ee1223249660f928197c9dc8e46a5b1ea38ed82ffb5c9e4adbc7c353bf3e3ba1e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d00796dba54d986a743f9567d21df5d
SHA1 a3883e577328d8e362011e857b2a803a2f87f923
SHA256 f2cdac337e653c3b94bbaa31ef7325adc3016869ec56402efb09308964ace77e
SHA512 1a65b0d8241e0ba4ea4c0fb17e4644438c9b6bcff080c6b152296cb6c4cd34740e3d4522d3d5ac8df7138d1c878329e96d28065878799ef67f2570dbdc731695

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs.js

MD5 eb51b1fbd817f598c53526d1e0b3df61
SHA1 a2636996745daf2402b05b1d9515472cea2071e6
SHA256 653b7f8f0b375e4e073d6a10ae2a9eacf52ad884316993202d686120e7c3bd99
SHA512 72cac1f854e175ba64564ea0571b8311e9bd8e7b9a59255aad96cf589f3b6459e71fb58b8ea845b9e456689fbc58c3192e6706509d34b9fa0774ebcddbf0be1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3c3db1592606110c81e92d022370154c
SHA1 ff319d5b95c8c4ebf4f10e292c316255d4935502
SHA256 76b98131b5124ce7611cffb85b2cf30c28943bc060e1bb87689c1848ace472ab
SHA512 2f40a72c05d745147d66e53112f295fd8ccbc7a8b29e60a072ac29c024bd08d51ac9dd0341e8df4b138592014f7bc293a6d57be5a480495170361db6f6216072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6b47f94bff4f1d39b229ce2fb44ed35
SHA1 ed95a0aed76c95bef2b0968e106207d1f9c9e25f
SHA256 07d595e1d482a11aa37ff6ccafe5996e7c1a50bc02f6ff659bad32a2358a1920
SHA512 b98cf7aefff48f1544a8284aa6932a481898d78cda66ae96bb9ab0b78c1dbdb552005ffa09650eba72319cd1bedf362b00c7334248408adccbe553e1b0d39f64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 52826cef6409f67b78148b75e442b5ea
SHA1 a675db110aae767f5910511751cc3992cddcc393
SHA256 98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb
SHA512 f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\default\https+++www.youtube.com\cache\morgue\169\{13945b31-a48c-4265-907c-0975c9b611a9}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4971ff655db4d47cc39712193320fbb3
SHA1 3e3db777e59ca28351c3155dcaea15f0d74cd104
SHA256 8ce6a40487f0d2888ec863e41d9136f09c4fe3fd7e476abe71a8135a95145aa4
SHA512 d04d2f3facdd0ee06c262f5561cd9b38e0f1b50fa2d1188675d89ac3c694bb03c7d4d9fb4d0ec0c49ac55ebf1e2296627b44ed564865f51157e7cc6a55715c20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\default\https+++www.youtube.com\idb\3728217877yCt7-%iCt7-%rae3sbpfo.sqlite

MD5 0d627278a9c6d4a0efe29d707436910c
SHA1 68e8d41b0616ff5ce0fe1cb4e6179a93029c6bc7
SHA256 fcb206fdf3eee38de7c0a42f317c4153500a6975167199d5c0929e161da31759
SHA512 5f3e38bec3ada13b26497e5656d926010f63b7a15b45ccde63af6a75d313b6e420fc00cdc05315b1a435e90771eee418ac6ec086b91bd5554e1cb720514bd5ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fab0acfda72663a0e570547901c580e8
SHA1 98af9bc59fda74849b00fd13f052efd554536dac
SHA256 a85a1cc51973da1f5bd035bc403b4f94d686892c76d09023bf4c595bceb4943e
SHA512 13b49968de11d88a76ad824d05d9c4c8a7f679d8035a8e66a74f8c2ce0f62482aca7b4487b82bf76f2e0b3d42ce90acf2b4c3af8935d967a55a9cf3db02dc655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e4ef404dda1b3dbae958888674d5488a
SHA1 e646621774127847437dea2a8f063d4a73a566ce
SHA256 28b7c3ccc0fc455d808ace29c835e88625fda3f0132da98694a3c368679db2d6
SHA512 8e8971d5efbd8bf29321126bf68981af089b7bd2b57dca34226adcddbe463f03a2a51883a723594fac00de7e9e758e001f530763e9f3007a1b86fa7d344534b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 b0b439b7e0fda0d849a30b3e9fe5cdc0
SHA1 186bb36ea6aa4e966e536fff9df9a4c846addd79
SHA256 bad9c84267d924ac86be698bc10af250d433ff1855f8ca7f8f4efca2ef75594d
SHA512 8b5e4b3fabfb27e83c63a9b2c0e8eff431cd597714249fabe1ab6d3286955cba2b04adf48be76b72519fb08ffc36f840d53e53a1916c8cd20f9c618b47af40e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f56cd42c4fe3cfc3b4911999fd11fcfe
SHA1 06667b0c5052df8b9666009ff1f9d0098723f99b
SHA256 4169db8ed5d0b439f553034c3f43008db27220eba1b30cb8db32e1a99772a2d9
SHA512 0e64ccfaa4eaa2329083f6866b03b4274a7a4aa30d409ac50a50727b8a7bb361bcc7f25e0fad2f0393645ecb4fab16a65af441d6858f2f468d47cca408e449db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 46f142e67520a5d85e9e35459211a46d
SHA1 35e2f736216cca983b3f52c84217d041cce55860
SHA256 5ce498b437b99d3380211cceb192d422ab6de982b6e21d7e91a5e2ec164b799d
SHA512 a8e7ed170fa6db1c285214c8dc1ce0aaa724ad57df0d4e54f55a5b41c274ff7c5be7abfee8f5b65c0b79c84df611185284b928e1ef87a26225c7d25a49ee87ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f92a3d6da522ff2ac18d1dc1ccbd0873
SHA1 7305cb6c0eb7e9dfe839f3fa7101ca3fe7941b65
SHA256 9865e105b11090d387b138f88ff95142354bb57d43bc32df8536248dd4a1fe63
SHA512 aa122525f92e893be3fd38df74ad258ff5913df021da23ce2cf25b438e493d3f3d6552d58bcba36b1fa6dd840749710574cbbb6ae668cb6e119c28545d68ad0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e148.TMP

MD5 a619e2cfd9958ca1a3a869af85ffb90b
SHA1 d9c71935f80c80f534621f8f5fc69c65b823dda7
SHA256 89fc9fa3c1c843267069b63e817caed57ef361774ac5e9fdfe596fdd419ab89e
SHA512 7378b5fb19f05b42106356cfa078caf7495065f0173c5620d2b7c27d916cb46650822af34df04ab5ce2506c4db7095c02860c62a8deae37d9b8afa8a39e46b8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c12b405ad03647bd21c9ef8bccb6d573
SHA1 076d003e456659590fab28bace263394873c5aff
SHA256 b540af47c6abc507ac4f9e58449a7f416ebf143a5fb4b02aafbd7bf9041aef40
SHA512 c63f9ff62e901880549d7f5b24d7636b43a2e5f4bb48fdf2cf2835f3b630e3ac81d23bf9682086d4037977e1e8f144f8bdd3eea5975ca28c8b09da5093def055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1612d97b775af5001fdb4fede3825b8c
SHA1 74916bae7bfd47438e34cca0b002e9fc504ce052
SHA256 88c3689b243b3b7b5c2610a265fa5c7a4eea16ea204f7e57dcd4420f0f792a40
SHA512 67f8e9404e45ea9e0fd7405ecf32ca2cb91daebb67ac450ec67d76b9cfe782f1df91e89e3cdb786b77e19f555a60313f4942727c5c78fe0bad2aa19770b0a05e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8da1504ca5bfd2c0a265e504d43cc097
SHA1 6e59bc31c727ee37044540f66501ab2c2d3d74e8
SHA256 1d4bb5a5d24170e8d0218c335817f6cb5ebe788a8829de49b859fb5834a0f9b9
SHA512 ceede6554f4b1f19d1d955884f5331e766a9d5b31d9ef865641367a5a72793bd88ecc36406fe146690de1eb42160a7eaa660521f53f3fef34e56cd68d9699576

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dfc43ce70baa6e54d5c1c895b4f848d9
SHA1 9baf604b59bf0cabec21d4212960cec7a99f37a4
SHA256 2eb6d175a4608de6880a4245dad523af5f6df817ba80eab4bd9b27ceeaffce52
SHA512 7b025ba411d3e80dc86980f5dfa30ce3d8851256f23d3c8cb0d6bfb29ba67a7fc6f09744a77b6ea11ac1c57b6abfdb8a696cd48198a85bd2ea518ec57846dd49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fd1592eb6374d71b0aba3ca7983f0245
SHA1 55268db994baf5200fb363086bcc22f436d749d0
SHA256 1fcb8f031750493b076c423ed7977905a23b86c6a66a5ff2ec8900bf698603d9
SHA512 85e07672ac27fa022ca5e91e82c15ca06a35c0df9b7caa18119c31d161fe96e6b4852105352e63443dfce07719667ef2be64c36980cd33bc73560f6735a0d1bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580b07.TMP

MD5 dae8c4f884569244f7c3f9c6f2ab2396
SHA1 f6b20785ed3ecf96742cacaaabd3c02e33e05ce4
SHA256 8502ae6b57c3c50c6d049d79611ef765ebdd325d1a905f60e7b4f106d7cf696e
SHA512 2eb22e879acba4679bac24a1dca278cba9c30c01eb384518c399d11022e83e1a7f8df115b526eff79f928f2366b9927659877751f636728e52b086cb30c98ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5ae8361b7b0ad01dc0f2662a6c400cac
SHA1 e25a6711cae825db93befe4d065d921b9d06d945
SHA256 9b118426588263d9e03e05ea1d6fe123f9f98a50e88c77572612abc6c9379d3e
SHA512 23e50ed77e0393078e5f0974f0fd2e23f2ba62ae34721d13da6495bacd5c95737fbb33956f8acd641485a721417ebb0e1c92a9a4dc92b800dc9e6eba5f31a358

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 38691affc476c65c757420a29c0750aa
SHA1 b790cb95222e385b32874e821bcc1f0a7ec20990
SHA256 e4847f5fa1872f5afe4786f24ac547fef8277ce15a08a1c7da253ea1e0f39e61
SHA512 f19fe7ecb3684f271975a4db5798f62bd3b164873008e23f15526f876ccf7fc3debd858bfcc02d0ca6d95fbba170ba0dfdc51dc6c1a93a216ae52cc4339486e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9e3e65a1c9b45eddd7f2e37e91c8eb24
SHA1 cdd3dd28c6a9e5ef0eb45becc13a5a0aae9ab90b
SHA256 e00bcabf31bb71c2db5ec391eb2a761af30c229737593ffb302707dfa09467e1
SHA512 5af4bfc2799c95aaa6d18336883203e749ce31305d5a289c025bc36a74f9bf12bcdc326cf20be3a6b0c2a759cf190fc6e7da767d5f8c8e911dee4d35c919743b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

MD5 9ff3c3bf61ed67344da0ee4e6c51bd14
SHA1 09ad111fec42783d4f440e5f2b9cfdcc266cfcf0
SHA256 5c75b250ed492750f9ec7d2cab25526a55d1c1aac2771423448ee6e8dc86e803
SHA512 eddc8a9e805eb46ce18605c38192a3a23d241f61462401164d917c6e031e0bbb7ed3ed5d93f1ded47851f6b890e972dd277cb66683ff1af23ec8ede4dd4e2ecf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\807b778b-e3a1-4592-879c-5f420fa724a5\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ab2fac2127880106077b590403934cde
SHA1 b23b9f4118f35c32ae807d0ccad3a62c8ac957d4
SHA256 e6aa1020d177f39e271ffdf9d81fc194e0a80ae678a17faae57a2b5a01f2308e
SHA512 0f1849abdeb7cb1fbde74265c3a0d454a05cf2025a164c8151405ffdd06f877f4830e3cb5fcc758090b16e058e8afe2874bef88cb6f1a62b2901a8b41ea5f1b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8de73cc4670d98ea50bd0c4bbc13c99b
SHA1 ece4c9e56e4fa280c33b8588e0d290652f814e85
SHA256 ff07a2fd616599ad0d6183c62868e47964f43e0c73370350bb73891f0dda2e0f
SHA512 57a57a95a2c915d8a6f79c3790f56ac4c1a2ee51a22ecb6c9aaf3463137c4ab33ddacb07108c8d38a04381a8ccf70559b7a4c5d7fb924ddc4822dc0da440fcc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd3701b3f8b0023bdf1ec9d3c17f6ba9
SHA1 975374320223350ed596b28d2068056f1047063a
SHA256 2efe7fab452cae1dd894320b3936b14e6872fedee7bbb97c7e5b046feae6eea6
SHA512 9621760fb335c7591932417cee75ec2e70802ce05dc2ed68b10cb10c7f6b42062789f186d90c10e9499b5b34881cecba7a8456d85afaf7b57f96f5f03310d854

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

MD5 536bd2091a7ccf8b926672ac5560ed78
SHA1 e23c077ce3357f26a7e66b4720221083921f3088
SHA256 705ab2736d953d7547c611a5f594b186b7637948c139310e310134b4adc86fc8
SHA512 fb66958594f21129c1d0eb4ad6690809a69e0cc85853444dd33d7eeebaadb05e89cf59d8d9137321fd6b4f0c055c3b2ea45fa4a4a26c83dfedae62374d24f328

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9cf4cc1f3afaebe5351cb908f5a49e7f
SHA1 bcce54733fdcf0e11c9271547f3a8d42b9064236
SHA256 bfdf683502da1e778fc3c62dda5cf8e91db36900a3fe9bb84789150ace4f51fd
SHA512 d66e6b66fe8db8377570ff9124c80d5c70ac15abf8871b8b950a46c9eb6949178ef1f65b404756de270f0fbefdbb70b5a7b155c6a2e65f8e073245227d69ae21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fc6fe83d92456281ac34764ff858df1
SHA1 8ae2c441e3155e667c76fa738145d027dc905944
SHA256 a68109f0924f44948ee5fcdf5c97fa62f2e32f2a88e9cdaaec4a23b17e863a48
SHA512 078a950390aa8a0b13cb64464be2b7482cbc23e74386ab21cf3b3ed60e7ebb336ae27c9a543cdb4d06aeaca7415bcc7c800c4a26e9e8e84914fbb3f2f93fb92d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea2798bb8d773d8aa8f7168a909263ad
SHA1 b917a169c1af3978faa1d7596a38e507ff6e3ef1
SHA256 b5518d6f62a2d41949288fddff3262ed8591cc3a6e28b7f0b2f81aa4f94988c1
SHA512 1493c034e27615928e761f5bc1dcdbab50548236e46de451dc158989964792ad84a47159938b5c1ec8b19b9e193c927abc5a0a4b0294860ea5718d261143ff12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 50b07e9b01a2423a6c97c99fa00a4515
SHA1 7caed0ec2c276deebace4acc13c5f82aa041e656
SHA256 17a993621b23f56536947689a8ebc963abf912f5c4063fce5b126313bf36baa7
SHA512 9b03b0e2168c094e4ad56ba676bdb26beb005962ee90d040ff67264a2b95056ef199c025d8bcb91ff53252108277049ba734572348e213acdc33be5f513ba3da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58652d.TMP

MD5 9cccf1fff8d7d64c3f50799de30ee84b
SHA1 3d1649f9be36aa47e3ad4ea7a29fa08758e04535
SHA256 60da1659994a6ab6d210bd58f5ff12d1e7de701691ea749ebd468c5204a43a1a
SHA512 e4fc8ac93c15a2d8fa6eeec6f0cb8e87bc3d7329a2a69d12267b7917b9bd755ab79317c867c4a3cdfcdea3f40bcd640ab6caf983152478b2413f56f084b5d832

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 3b40598a735a304a93194868c712d563
SHA1 6ccfd7117bf97966c78900872119f749873e5347
SHA256 e8b23f654dc1dc41d425a7ba52885933403e1ee55867aa52f18b641e93a8cdd6
SHA512 4e159ca9cfb5ebe7af0e847923f82d4219a467121cb51be9a0f0f6a2345067e234df5ef51206e71c80e5727333a5917e0aa1ca2fbd7ba72f280b69fdb9acb3df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 4e08eee044c91ace0ad7a46cd9542a0a
SHA1 b542dc6b9818c8c1e07563d3656389c67b3ed5f7
SHA256 e5602fcd6ae093bef4648c93d192f79d4d6849d783096aecfdd2f53e3ad85982
SHA512 72851bad9b83bfff6a47141bd5ad47bf1a2fffc7c8c62e611606b06208f5daa3c52ff49f60945ae58884e22476069b99c7a7f44f1ea8d624cf2ad4f4227d3b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b859908c94ce7bd9f46a7ed6f1207f69
SHA1 7fa9807b910f387c39f6d907a701729cd4fb0723
SHA256 fc4a9d84dbef4cbf18429fa7c7fb5bc9b024535055a14fa00304efb19aa7997c
SHA512 dd44b65d89b762e457d5334002ff936072b4108478ec85e067686bde71d04b7917f3952b03db96438360e8fc3ee78ed08b6a4554b1235e63b89d0160beccea92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586b77.TMP

MD5 90617347a99008b7b711afdf29422e90
SHA1 9b8f009014eb4b6ae3ff4b957869172770d16fe2
SHA256 ff8691a408c8401db587af3f0dfd9f3807ea0928a2dc1890c4f6d27086afba24
SHA512 04afb67cb20c96aeb71ab9ab350fd7c742ffc557f6418388f7233169beaa3c662c8108b867ac6d5fc8f1ae38ebe27b35731c2760be569cd4b7c6b291e4a752a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de0ad8ec9ee184a402c74116823a095e
SHA1 eab77cd683445a65449b661406031071326278f6
SHA256 aabdf92bdd2834cd7209a56adf1a579741aabf1c0c503e7ef48f9428edefb908
SHA512 bbf9f68c82b47d121fa53b5b1a30a2b82bd7ada69bd367a2834c9847bd1b0b70496bfbbfb948fdd3d455acb5c08a5fdd24476e05902d3495166c7ccf93c4622c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c7335b27a396fea830d7758082046926
SHA1 dbf4da7da3404e1ba6f16cf887c14ef24424167a
SHA256 222677ae9000f41b7582c502d3092474c250909e053f5346de420c109afd6762
SHA512 a0afb898a4f7e4241f233bad557a9e0644ec7ddfdfb93f62f4030b6765c92f92e461d04cd6bc85f89709ebd782484a51c0ad2ab8cf7367c95be45680f8c9acfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d8ae44e21121eb55b135bab80a78833
SHA1 3920cdbb07a6e357715c4309a85cdd6f83288014
SHA256 e2957325eec9432a3609208139ab73bb3f3f63f3ebbd4cf638cefe5870ef554a
SHA512 0b3a7a0581f509680ccc625791dc472a81fd9b95b502a91dae6641f7c82fe52cc8c0152abc1664a3f8ce4420b4c0dffc22255d06c7c42573de29aeff9e94f552

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3735cb2744e354706c6a9b8feb205519
SHA1 3415f087e0dba98747e358e9ec88ea73ae940293
SHA256 0b50a94d83e922ce9c5b18fbf1f9f137c3407946d18c308e39df7e14e21d07fd
SHA512 81575305388836aaf4d700f829bb50983581d38d695977e73213dbdb3baca472f629a9a34bb4c1bbac94bf44c0b7a3bf0786f50ec5127f9761094b2f65a937b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c4d7573d97b5ea283916f89fe5f846ac
SHA1 abd16d3f8350a40d9f322a3bbce0cc1ad406708b
SHA256 0c4668a5adbcaab2f8d494aeff4783d50a7bfcfea1aa0a4a4397cf3ab0cc3110
SHA512 500a9a8dc6fee4d1fd0e0cc0bc9317ac68597dd4a8d96be1f95ba99f3de025aa86a6a99d9a438616eb1713f3ec34bd4e4bb45fe4f66a9a7146e19fadca26fd91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 65ca53297ac64257a92cabb320382c89
SHA1 7ef2e1d7b18ec95e95becca4b2a2d42fc4d6ddc2
SHA256 723826ce374a2cb80c39a733dffc0130486c1b663e90c7063bc6c20b1f52e417
SHA512 2bdaf5eaf8354d193c9531e6a7677449500e307629ca244706ed29350919bb64cb5c8fd8c4f2f10cde4e2c2f6773bccb0949c09fa6fec089632b76194809012e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 75d3746c575d09ab38d38ab1974844dd
SHA1 f360d56a66a8bfb7de7017937bb65f29f6baed58
SHA256 0cac52140175e4349adb68efb872fc521fcea496db63176ddfc639f0bdefe1e3
SHA512 d9299c501c8124fff90a4288bc68ff9cdd05201ddabec4570b74451ca0891acb3d35701e9fe970655b3089ed24668594446bcd31dea6d313b7bd6959f3dcccad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f7829567af8aa1e745c27e1bba2a86a
SHA1 30cfc2b1026e142a1547e79da35a477508996e19
SHA256 d994969a778c28850c6b0fe1a77bd0443f1ce68f10dd82491cf97b4d198b5654
SHA512 8091c05d274debe9426a986853276cf55f69d1ee1c778afee03ef2adb5aac562917eee48ad86dc4fe208dfad4bdebb31527277601b8152aae21d33d73c023ed4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 aac9daa9fbd0a896f415cb631da7f954
SHA1 94e7321a4d9cb4f42d662f5685a36920807c8c38
SHA256 c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715
SHA512 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 27a05b77e7bba6c2b279f1a67cd6acef
SHA1 3164de3d460475f745bba673aecd9f7d799d7509
SHA256 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83
SHA512 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 485feabbfd915baa371530e2e5b464aa
SHA1 76557007c11916dad8e35d83cdae8636ac9744c5
SHA256 9962808a4d6e57e5f5138df2a717f08b49da6e7a8339608df26456348eb750d5
SHA512 d46eccb4d835546b52ec1e7a0e1f9798fb2a537135fadf67c263bfd533ba524973fe1a8a6f2d1473ff34f2231f100788d508c4b8ad771e131cb632dc29d9eea5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8c2044e655e6a96ba3939d8ac18c62c
SHA1 bd2a2e1ce8d71a5941382d2a961ee3e04e48073a
SHA256 9bceb1d20cf09aa335524da3d2ff30ffd30c26abbf1bd2671fd87c253328da79
SHA512 9749f3d867b19c901f15e2a1fe1211dbddc891d57b1615790c1c4bba37d3da6d0b4a795b54e4011123b195b787638d9de4aba57049af7ff1c537399a6ac4243d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6364b73a778cd9a13ef592250800da0
SHA1 5bf11efa62f47da0a48211ac5926a04984ca24fd
SHA256 60ac5648ac2430efc34d6cbc6877b564106bb9f78c7f188b0f3812a8fb6615b4
SHA512 85e296db81cfa655acf541fe2a3993acb3ce657eb40619491904fc8dc6ed346b40aa7d4c341652e93fc65d190c61253f1bef10928e68ab996175fa3d73bc88d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 387e2820f2771a58a226a326945bd62d
SHA1 eb6ece12f89f90888a864010cc77192aed1b8a9b
SHA256 d29e65dfe0112506c87195b662bffb7d626d43dbcf003b33b11ec64dac8f4797
SHA512 654c226ec7ceec450657bd071adb57dfffbafc06bc065b2231b2f9d1eba75484a204314ef4dd6b639f4d9fe955a0e2876491497eefed1501ec0f9373dac9c801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7e12cdc698a3d2fd7f58b6bf85ed9cd1
SHA1 9525b465a944804a8c72a7d3cd45baf7532e1eba
SHA256 d3c918a0f480d7bda5413bdb02f8980dc6afed207f53f0c5be09ac1ea4f5752e
SHA512 0ab317478cee8bbad506565a3f7422ecded6f48a75670df5bd12ebafdbb1f386cf11f9d684415eeadf36586b179f1227c892b4bed54f99a1f90d93f9f8985035

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 11eb96d6510a5fa41fcc0dd7fb4c57e6
SHA1 b1b8b13ab4c01e1d5ca4105efa5c495b0b99138e
SHA256 1fb1378893d5c186e54d28344adb36c14331f5f81efc217abe37f3686368c28d
SHA512 1013e85e1646bd9d943b2a29509264890ada6733947da840c7ae116ee2c5f1417576b2f829e8b875b43bbd9551cb00b19b782978198eb3f82ae13f56d1811f87