Malware Analysis Report

2024-11-16 15:52

Sample ID 240208-ccs7aadfem
Target 9304ea2d54fa282616673ca9b7c76f2c.bin
SHA256 69b58d692ddefa7839fc0d7f19422b21d096e703635ce1dfedf7cb9b528a4850
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69b58d692ddefa7839fc0d7f19422b21d096e703635ce1dfedf7cb9b528a4850

Threat Level: Known bad

The file 9304ea2d54fa282616673ca9b7c76f2c.bin was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 01:56

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 01:56

Reported

2024-02-08 01:58

Platform

win7-20231215-en

Max time kernel

37s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000114d5afe53710baab1eb16f68e9dbca3b9b5a744b40f6187823e3c5833297e04000000000e8000000002000020000000170195098e7a4b94c02ffe618a7c180393249b0c8b3e9b4ced3a77d3eb85d4c990000000edd107afe6e4f3806d05453221f4e1297da5b72f80ed165f9f53d94f74651d267c2774c32c9faec87fcc029013ed3c7ca89103372dcea65c5e27e8239cf499280c595b701e6385291c5a55757e2ce8b40f1a8ddeba2e91c18b38fcf5ed479f562deed77204a30236dfeed11457ab6515b9b407ed5a3c1b0536b0baae7e3f83963bb3abd024283a46be5d62c25e5e016a4000000000b84822c4c5c92800dcd6db6cc702b2def1cde31af1d5b2c25a49616c4460e7424fc4cabe7c26d7346f9dcf391395c1a12207bd6ca5591299c44ed74c0597a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42E3E811-C625-11EE-9159-76B33C18F4CF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42DCC3F1-C625-11EE-9159-76B33C18F4CF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2108 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2012 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2012 wrote to memory of 2608 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2676 wrote to memory of 2724 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1760 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1760 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1760 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1760 wrote to memory of 2796 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2108 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1596 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1596 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1596 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2108 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1216 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2680 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2680 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2680 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1216 wrote to memory of 2672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.0.1343722494\392366452" -parentBuildID 20221007134813 -prefsHandle 1156 -prefMapHandle 1148 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7134a593-da0d-4fd3-bbfa-e9c464f2189d} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1292 f9f9658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.1.1958495616\1361198801" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b38db1-4c36-402f-8866-a19f1818f2ac} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1532 42eb858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1448 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1324,i,2488054068748360782,6107634738381107747,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.2.1117951507\556533626" -childID 1 -isForBrowser -prefsHandle 1936 -prefMapHandle 1920 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f15b5b79-d1a5-45d7-80c2-5e385e0c056f} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2284 f967b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2740 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1324,i,2488054068748360782,6107634738381107747,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1312,i,7881605345719728897,5728999897536183564,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2912 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1312,i,7881605345719728897,5728999897536183564,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=972 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.3.705932152\313314666" -childID 2 -isForBrowser -prefsHandle 2760 -prefMapHandle 2756 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d5415ae-19df-410f-9f76-2024dbfe85c2} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2772 1d08e158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3380 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.4.1948717067\779838488" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3604 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03342946-28a8-4912-9ecd-aac688ccfd99} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3436 1d08f658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.5.1539912643\1412322221" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64be2572-6557-4116-af41-f51f0dc2b5de} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3764 d6e558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2844 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.6.1793106177\449583598" -parentBuildID 20221007134813 -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f08af1-7bee-4532-a561-fd0ed052c39f} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4292 1c4e2a58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.7.149955201\896397676" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {394be273-1a25-409a-ad83-c6cb2d024955} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4448 1993b658 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1276,i,1970159821035235073,3869593053307235391,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.8.1127091577\57842841" -childID 5 -isForBrowser -prefsHandle 1928 -prefMapHandle 2272 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {201eb613-672a-402c-ae6f-9793bbbd8946} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1872 1e7c9b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.9.921534522\1687850905" -childID 6 -isForBrowser -prefsHandle 4676 -prefMapHandle 4684 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {427270e4-086a-4769-a58d-2495e7e4c7c4} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4620 1e7c7458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.10.1561348461\658902355" -childID 7 -isForBrowser -prefsHandle 4748 -prefMapHandle 4752 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {320ba465-e40a-4a30-a875-731f6fc8ab70} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4732 1ee12c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.11.694263757\120149637" -childID 8 -isForBrowser -prefsHandle 4752 -prefMapHandle 4712 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 608 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06ef4706-736a-4875-8a5d-ec5bab3ec5df} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4932 21809858 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 52.24.144.241:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50115 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50127 tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 www.facebook.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 accounts.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

memory/2108-0-0x0000000000710000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{42E186B1-C625-11EE-9159-76B33C18F4CF}.dat

MD5 c1a4a2c7e50745bbc5feb979443a0a14
SHA1 5bb49b2eb97e21a6ef1654d7eec2c358b154f46b
SHA256 719585621400a09ea40f5ee06004bc16c70b3218b9f737a0af747fad0b8fcabc
SHA512 14b6f5fc79594b6d2890376b1d1e8592a34222650c54e77a10a622bf2ff2b554667117bc8e1156c56f6b16ec5b29d6ee94968b792c6e7d72e498647f05993f9f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{42DCC3F1-C625-11EE-9159-76B33C18F4CF}.dat

MD5 81f89af71ed58d79624299f9b45b3907
SHA1 34287f1140179211f5a22c2c0805c5f2af58f7f1
SHA256 2001844cf6c51cd9e06ae53f5377877b61e684fe76cbf9475a27c1328c553d0d
SHA512 4e21848e9af47c2ba0bc63def611e7db5adc8a0beac5a75d802da17ec033432d43f7fb5d39372ac58e19ac6f87250f8abb48d15c370bed350ac742f5ab148f33

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{42E186B1-C625-11EE-9159-76B33C18F4CF}.dat

MD5 ba586c8e09dc0f4a4f2f52218387af17
SHA1 54f7b1aa1a963907c50ab05645fd61cecbb5eafc
SHA256 73174bc0fe8168c914e34c683b40ce0d0a90341d8806dc637ab773cda4d9c870
SHA512 dd847d5eaf5dc8b6da6ea8564e45d3972e66496b949556a2684c567c65a6a6e9c74037c988d76de551db105a36c5230b7bca1e4fe4e88dbaf63d4d69878bff4d

C:\Users\Admin\AppData\Local\Temp\Cab406A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 267f3fbb231876ea1b3de1b8aaea1917
SHA1 df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA256 5157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512 dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 698c6b88cb1a7d9bd6e9f0ca60b7829b
SHA1 b11eefc312f46deddefd18aa8ece1a47f73525c5
SHA256 f51092a6d5f612138f016b504aa41a7c6cb4b697ef962b790ec3b3bc7601b8f2
SHA512 cdd3b73fea1ba29ab0338d89ee7527fa56a72a6e4c9f94fb45e437bf0051dc31d784ef3adabcebaea884ac2f78cb5016e0900614fd37a974b2adac267fe1eeb5

C:\Users\Admin\AppData\Local\Temp\Tar4169.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ab964b1309649bd4dd4f6fbf323a038
SHA1 9ae0da1955e69518fb65d76656754c0bd947c5e8
SHA256 a7e3da4b4f15869f1cb109f6518cfeebcf7cd30f2ad24e4cd0b6c3c35fb9ea3f
SHA512 06e08b629bad8698b418b5f5432ed6e7eeff8ec4dcfc22d2990670df99a4c61fec48927c6d9b25c7acf97e640cc4bd1a96e5bb8592b4c6482cd6b03f20f66129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 15c8ec4df2fd424488ee411bd83a7118
SHA1 f6fecb9d9c900b0f45bcad90f5714421f71c5562
SHA256 7150648c746287c199f31b392dde58460c819fa6e8545cdcae93dadb81c41460
SHA512 12e8aacce85d6251d8d4e33bb9afa86a778187b35d54de2a1d27de970b313f6b023968d754df29eb77423c1f255617e1f2baf2ecd59fec1cd0dac51ffa241101

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d41d752693e8c21ebcda77a795127847
SHA1 de7bedf0887f87bcdefb865d89392439697504c5
SHA256 bd64287fb5d86a2c1ff50e319e25e12007df759bdea479851b5a58ca5907a9c0
SHA512 dfe9fb3f99dad9f3e8cc0560357b472989be8c1d5728d98a8f18bcbe5449a357f7703e83784507e92aea7512f049e99215f3f5dbcb909997bedfaf295b99f975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77ddf4ff79d50a8294ce8e4b75751e43
SHA1 91c1cd59e9db2f67fea9a2ae3f4771ed0dcbba71
SHA256 4cb51f068e8d96dba23500a34035a01c76153ebc55ac1a7a7540ac92c22b1a65
SHA512 ee11f865ec72b5df0e27064ca05c2c61d90678c136ae9797844fc9dcbd4290f85c070d376af19f7913ccf860aeccc7ebbc9da89a34deb8e99380daec744ec570

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1a04284bc78892da940b4b136bb0a2e
SHA1 ecf8293052bd6ca11fa9897c10e467173b9cb38a
SHA256 01c082a2b420d76982c762f4821ec5ffd73d549798a0cd311cf15d84a5fe6508
SHA512 c6ea6e5d33e5e725b65a414fb2eff726f53389bc109268f3926d342aab76093631be03994f30c91df858891c2e94e91fc944cd1a8decef6f54baea22d49d7fd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d25c735827348c9e40c90ec98fb9b72a
SHA1 8ddf42d2eab960ea03bf6e6576a78273b130b476
SHA256 b03d50ed2ee61decf56be2e13ae51cb2a9f5b53090f14ffeb8b12160ee8e588e
SHA512 543e107ec25c1fbc2eed2070bace7b0d3d36ec8b271e408938f8746adcd8d73a771ff999ec4d6a437680ae8dbb85387aa21d71f4127e37eda3a90a4fd48c27f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9e21ecafef6ecb5ee9523d7a7d2d3c3d
SHA1 86cc6c7ec130d7e90b67430883a29d990b97d75b
SHA256 e554e0ad1ac054f87152042604e7976a20ad3644e5c8b927c3e2734c76ea3de9
SHA512 f327e1d19e14101826a98f9fd37c59ada263968eaff8f2c881c1b06379aef6795ae45eda1d663d52ccc7c636000cad1ec144874d53550dbf26dc1bc743a16ea0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 b3544d9569e3406b2c2131f70cf0afd2
SHA1 d3b82422101d32dccb7cac39d6e504afd65c53f0
SHA256 383315e052f413f28f93dbd9ef195a84ee151103a23faa57af57e962b96bdbe1
SHA512 70d7ff7f5ed9f0ce4faa4530c6f73a15f0ccb018a306493a845776557869e77c86b4a9b1933871f1925e36e54712c071f64e8d07f39bab2dac0753d7b5d99169

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 911f190e71e28e07b7b3e722600ba90c
SHA1 d5e99ee94ef360b07ac7f5abac5d0add39bb00c9
SHA256 28b01d0e68c50e39fad13bd07c670f0d4738ba49322f47725ae060e780aeb1e7
SHA512 31c1278d4b43916f46579e35bfab1849053a9dc69aa43b17afe025e1d3da42c6d9e4ead6e9db655fd021bffec2574535eb875db11a8af1e8388143f7cd2381a4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

MD5 d5696a12be5cc72c9b6a1f9ac5adec91
SHA1 0963ce0fb6d221380ae84a40796ff71b22daf9e5
SHA256 7cf8b7dada68561fe256da8c2ac10ed0858db7ba759d0fde5220509ec72ae350
SHA512 96f1922418180d09fa389cf72b353b222439906f68415feb48284b7ff7b42ce47b2e3a9539afd617dff8d698a2e6a4eb36a1f7884a06d996285111a246b4257d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XMUA731R\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VX6CZ4L3.txt

MD5 5b5f3254b73eda81eebdbed7c5f55c24
SHA1 0ef0d9a61670cdd18fa07faaf5cbafd2199d15dd
SHA256 e41b53d01a730f310efbd2ab44f4231b22e17ed7fa69719154a09f03ab3adde5
SHA512 91900a8a0c5fcab1de8832ad0131d5e528d16db1f2147d212126235343e94089ce4272c3daf2a805ba4c293c63c841a534206a0346ff98858ac59ffe37ebdcbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 cccbcbd24c04381bb9e6d803d26b298c
SHA1 f0831748db1b1066fd8e39304a1c1433293d0681
SHA256 982c5ec7b60e8d2716ad5f4cff0bb0ee61e0c1a1e71b37803663cb07515a3050
SHA512 6ef2558699535808d38d0f28cbdc9cab87868932f24f8c57500ccd4c5459f1562deae36f9fd72d7617cdba7f10214bb704e5138bd9fc51fe722c6668bbb3880c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82e08faa03fbd9410021fccf79d8f38c
SHA1 71cad5ec5c2a14942626cfadf43205c9f59612a9
SHA256 3f9707e4a36a6885c05a78058ecdc1ff6d723dda0e628c02567d6ad7dba67bf4
SHA512 673cf9641e4cdb46070486157f95d68ef821c26e7042a10625aabc1f3fd1ebb1c07176aa7345656a17acd458cfe31d009da9c1c45ae5d03eae5cfdeef7f63cd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcecc7c3e37b70ad270f02fe8284852e
SHA1 5843eda9eb553ae3d51f852fe9ea3a7fa2b5a984
SHA256 28d22000d375f79e9ba99ae578d68b4c480cdd567480a3fd769900f22f7d3792
SHA512 fd890d19ee699917049b0621eb90e82fc9535b0c5d48d93ff0127852ef5abeb828a1dc94072b0da22dcddd0ff1fbf8dad9aedb5738c6b15ab6e0822701808442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a6889db8ff684031e0196d9d9957967
SHA1 c6960cf13223a45dd66a35da667a62102f56ce9a
SHA256 ee744c4ee0b20f23327b1b4905b786e63c9e5c4219f5ee7429a0f48b0e9bce86
SHA512 bfb2a1da4cebfd7c06d181c692ce3110b5264b0fba97295f6da9b30134e61cafd9fe1234aec63a0ad2aed813fe927ff20893a34c849c8bd58c0796362786798c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8df55cca60c705c9ac19fac755c34be2
SHA1 eac37d57880955c71437dd126fcb8f3106f2384d
SHA256 6a7c8bf4780b18879c592c36a73078124cdf1915781a2db7967e38fc5351365f
SHA512 e75bf9813dbaf17f925888862f48334558420f38ad9b296ae7f9408a9f48d564aada90e48d28b5dd0a133e657593442a8eba5074f8df0691f83f8813c6eeb974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38efc5ed3613b6b9989629d82b1096e4
SHA1 05efc23bcb89b4098c0097f982f791e480ae51ec
SHA256 8427c2f07c167a211e89aca11091cd7024d88a0e9301c079510918690208adb3
SHA512 79aa1fcc5707628c599626bb00eaf92f87e17dacc74bd8da800d7cb73fe8f8b3c137209a8de3de2f7442ae17736ce9bdb2979f41c12c7bd8f8bff1900bda6a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3231a70ca55960bd4a959027526393de
SHA1 ac541d04356b1f271b66df2e659f624f8ac4b143
SHA256 751207848e24b7ae0f52a56d7b3ae0e6d4cad3a854c8e89cdc130e744cb08892
SHA512 c8e929a9a4d1aa4a4453281d19995096db0e013bdd5944aeb6421d0d39eabb0751eb3c8dc586cfe7dfc8103d16821354da9146561eedb157abd33b648b1c38e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a74b0a785f3b73d93f0b1d81bca8be31
SHA1 61d925a5dd709f7dd8e4f0ced3843507de79109f
SHA256 cb3802083a701e15ede50c4c261e130fc313e269acd9b54650844452953be6cb
SHA512 2d74be080c00287ff9d2208441dc0ed027b1d94471a3b6000d4c66beb579e72736136d50a21c9d45442a96d8ea41d6371707a4776266a1153cfae8ae9110b098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51f4601f5f24faab29c1dac5250dca8d
SHA1 0252914a8b08e612e933225d0b202f005181a914
SHA256 81a660eadd91722258b7145702213177a87b7afbb2fb7c89e09f71339696e126
SHA512 e668b4e561bca190a19cef58a9b2bc7d85248a5ba99a1a8a31c7b04c9658f944511502cac0c145b625e8f25489c8fb96a730e1645300bf1daad18f5f1a85ab4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5497ffbe1e7fd048071366a58f0952ed
SHA1 4da030197472bff7424b9cc14c6df163dd89dbd2
SHA256 5b141e89b73904a11a7dd1b780ce41963da6e1be5f3a0c1828d8306c72fe6b8f
SHA512 c0b9780be4533f9a1dd43bf964ecdaa55a35d9b0d412a77f644ba3205565fff2dea7b3b720b2274832a243aec6597b3d5a89ae1293d4b361b6bcb4dfb2e5a7f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8615c30699256b6649186fac839b303a
SHA1 d0917b34b9d2a7166eafb399059ab478ea0d5906
SHA256 62dbe4f0e0ef4f5856b3ed9c4d1b8d7e957190b9ccd24a0af78d273bb8e115a6
SHA512 70ecc5d79d4c7098961b186fed0e9b2ede632948a9f4f5b439d138ade0f02080fb9218739eabd1149169db6c722a3c5c90fcbce9f81611bcb6c93305b5c2fc31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cced97e49b490e61e0f82bfb0f0bf5ca
SHA1 e18c767eaf20c23e37573cadd63de9e356586359
SHA256 daba0e250656011a5981bab95c44670a5bdbe3e021f24d9c2175d1001f79c1e7
SHA512 eacb400c0c9fe6202779c8cb83542bbcbdb93f8e23720a314f3d92d89bcc7ad0302a167f2634268877e5d91d8883d459a6fd9b33760b80f99af4390de58eb717

memory/2108-860-0x0000000000710000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c6969b129900fb90d31dab364862d870
SHA1 456ceafc86e70382b2070382ef2e42263cbbd927
SHA256 0871a5dcfaa91de843fe3ba6daa4b926de5f84d9072219846df043221439d2d8
SHA512 8ebf456bf06ccf59ea3cb6e508429a7b34e522009a04876288c83985a0046c738fa23786ff6e506d7a8b82ed8a4b61cd741ffd635f793cf4761d789aef57359f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1344_MRGIWNECPJRPLWVH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\295f85c0-e827-4488-8d30-f2d973e7bcf3.tmp

MD5 c89065b43c74c5eecde67eeb81396c1f
SHA1 e582a084d67d5a5f76c31a6f6e091478ada4e8cd
SHA256 5c21fd85113d9ccbcc4208e4e99a256b6dc8281aee6fe7f9d30a15f7f21c363c
SHA512 fb0b2fb2e1799e2aeee04bb9217f1956ce176477aa36b5458c9a2fade66be54e43461529c7263cc9739c018b679494c8d45f6b0f1acedb809e6eb64f0e55391e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bd3f3af2-24bf-4854-89d4-bbe0e213c48b.tmp

MD5 50ab82d938ac0d20170409588eb2c012
SHA1 52cc8bd34dde372ead90e67febee86b599b94beb
SHA256 81e07bac4de2c71b21793a5e9da26e0536c5d7f5facbca5e54d16b1bbd270e72
SHA512 dba8129099608140de5e1919f467897011635190e17a068d4b9c0c1f55139fd2ff28624149f310c900948760901672f356c9336ebf18c95afd3e5d273b400ccb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6adc5f22436ac1e80482b8b3327d4099
SHA1 7978fcb52879ee3ffbd083c0b2668a3342118b5d
SHA256 43f6df58c1e97c5dd083d810972586dddc2b511b35818092fdd4a09d554424b3
SHA512 5063f398d0256dc55e88fda9ab5ee1c3c6bc1808d96506ca6b086120b48e598416565e2506c9558ccf6daff5e39d41aef9c50e30bc6e9723c011d3af1f0ff00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 c81f126ad68ab6db970bdbca037d7337
SHA1 eaf49e6e28eb92334e947536f5a60fca9f3cabff
SHA256 0aa01d8c8cd27e31266949858be16b7780c549acefb9983903184e6ec288a12a
SHA512 144c3c3274a8259cdde2797a2de63d3212d3d65cddeb5ba2ec15058ec5962c3856223d7dd3fee9330e623f725514bf561fbe7f47b8ff533d5556b26feccd6dd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 fc121370576b3f96776788111be0b700
SHA1 e27b18c1c7135bc25353325652fa463f75a6ef1f
SHA256 db9a08abd0a7b3e8334ffd790389efe46e6bde4416941df823deb04a90393401
SHA512 2d0d2209c65e5c37865444e49ba37b67c9f331bee5a6881fc0b0af9ace5e0eb1be3427c0577d802594a7cb45bf7f0676ff5fb78cbaeb698655061db16acd3e56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 1c7f2a879b91fdcef11db42a0a206b73
SHA1 d488514cf6efe810983f606dfaba6d3fcd3c6eef
SHA256 c794d251104dac9cd9855bed0c808138603314b0c18607d069da5a92b4bfd9eb
SHA512 8250a2683a61af71ed293e34cb67e0b982461fd70984128a02d7c12b8dd08d70496f0db35980b2ae44ecfbc31a6296cf97b25363b9eff42eedb313d09e4d243b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 8833ace222b15bd8ee8fa0d859c1c0b0
SHA1 94b53265a53df41029efb5d640f8c3bcd9468329
SHA256 f4af621f1529425ef7f196c3bd180b269b7884290d2c6501f9937890519f5fd6
SHA512 41494718f904b8d0f844d0f6a0b7ce190e3e5d2a9c26f2e4068b530401d996f8c9c30cc59fccc950eb2d8b222a889bbb36bab20583905d83b281aea6d8531c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 9025b3d5c358a1ab05610a3d57dc6d13
SHA1 6cb29dd4d961f65b6a1f020cc2183c4f786d2930
SHA256 151f9125294a16e9610049aa516ffa27a65315ce6fd5aa843d9226ddb059da1e
SHA512 70cc665f0e08b197fed10f141e92dc8891ef32fdcc69474d79a93ea8a178efbfcf1195b4415d637e94c0cb2b745026e2692d86844ceac21c25ba1d62bbd7d9ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin

MD5 2659ed0dcdf14c8ac5bbd084afd5d51e
SHA1 d8e33cd6d59168745877f0d22881ffff0f21d603
SHA256 834bc744b7bc9431db972d06666ad84a1ae67208aeaf9527417dd24662308480
SHA512 59b09fa44302a30709fd4c6bb68a8bfe27f4cbc99b54736a7808858a49d2363a8be56e927d27e3bcc6aff2b69d0652f4f6a8e7e2e05435e150105ee7aefa638d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\01c99238-a8e5-4347-8acb-836816ba2c7c

MD5 910c30abab9133bba6064bae61d5a444
SHA1 08c38fa688e793ca49894ce7ec00d6ecbb03db5d
SHA256 4d59364d62a5be07026e5fd569a0c18793ea6ebe7ddbf41815d78a14f8dec5bd
SHA512 369f324b5b56a421e00cdf7a99d9fb4fdf0398f00151b83161855baaec8d659b7b3f9b13c1b9e828bad7339560f4924d66839f39d66e2513d955a6f30b1f807e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 5cc6f70109e58cb0b74d22eb71d9464b
SHA1 94ca426ce812fb1d25dae9349886f4da69fca1ae
SHA256 e4c0ac602948764f24ce2337707584d2a353215e484211671775290f45ba6208
SHA512 f54fa241bf5b36e2ee484fec8c1486a6e73d399228042997bd2ddb9903d857c1715af6a9cb4a4702d8ffafbecf205740da1ddd5d4e16204e734010fa4943e3b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 be1aadf6c82748bad5d680c324e56135
SHA1 0f1189804221d7a26cfab86d023fe7d75ff78e3b
SHA256 250457a4be807a6d8536e57f4a05449a6219bfef351cd07ab85250097090e884
SHA512 27b10aa37046a7220476a36585a37276d6451c94b8e73a98f2cbd75b1c3c3a2fbc1f5a70a414c60e9f2a19f255e7eb82cb23c7a056f5ff869399024b99418977

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 41f531673fbe4394b1e07de374363a98
SHA1 4b9c4220720cfcaf0ab216a45abdcf944ad1f7d5
SHA256 dfce778035f49ae2d5471d53aaf34c685f9732f18f21f29b504ccbb86c21386e
SHA512 264af76d9ecf4c15fbfe44b064fa2e4299ce29a6a9cdc2c52e83fe73c78f0dee8dd103a231e7311dc21eba8442fc8c27a0e883ba6f10cee95009ba734cb8b1d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 340aa50686bc82e2448131b81c541f1c
SHA1 b7bc10867c03f5426419c7b47e4ac506afdf9f02
SHA256 f84e3b8c8947d35a23723b225ea4a08c2044abf3ee55e6f0c144f329d4a81517
SHA512 68382ab8517ca3d0a800cef6fc3f743455df740ff51e9da81eb78e5a04afb485a58454ef3a179daedbc25917d404b46b8da9eb03649678bfbe6af6f93b0b88e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76ca22.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 a4136259ed7d7479193270874cc319e5
SHA1 d82297966cc91fc951607187940957d70b3dfe63
SHA256 544a8e2c2e85996f851f5580b37d0a1037d6b94794320f5ca7a3774d224bec9c
SHA512 e2698469b1abdd3f139cedc9f38fd19ecf8466e1229d757e0a849ba7ba308cefd36246cfb48e1deb0a7aa379598706204b0a827381887afe0b6d1d65193da035

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\27\{218f4533-ef9b-47f2-8b49-a6bc6ffe0d1b}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\idb\1224016136yCt7-%iCt7-%rdebsfpbo.sqlite

MD5 f680caa553d61d783f09aed3930bcf1b
SHA1 1ac5089289cb2aa7469e1c91131c0f8bc3c7a863
SHA256 c99e7ddbc15de249d0b71a3534464f254554f46ef95d80ecc54114fe69335a92
SHA512 b4ddc871f96cdc91bb970771ee873cb486c5dbdceb0ffc2bb6952f278153d5f09515d74e6075f3448f5f7addb8d7921ae5423d32f24811e116758d31c13b4ff9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 74bf5ad11b50a01c9d99af068b1dd9f7
SHA1 3742a654f43f7c2bedbd399cacf1c8b34bc2a2ca
SHA256 8e689b767ce89d108affbcc14aee97cf7bdb2e2dcb4eb6ef3cb42f4d3a430d42
SHA512 cb89e7d30d4ef01c4092eccbc73a276b8e9486a834c2fb203eedd137998ab6aa06119f9e753c83ae7716734a1c13b1cd2ec86c5b07707121ec58ff615544899d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\cache2\entries\24FCC1FE10B5907E89DD2B7D6CE6B2D40A935AAF

MD5 c580f0e393396835fce285c379f736b7
SHA1 89725726cfcd41deedfb3b621d2a20b9eb446cd4
SHA256 1b728d39b29d641c5e91a12b5e0220cc04654c5b4479aea827da228cf668f61a
SHA512 8578feb8bae5bf52c02dcaf5aac4d6c65072a243468d8c56b491f95d2ad329421fc71df4c8eb15116f95fcc924453cac87d9e8205d651d9fde86e3ddad4055f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3387b440766cb7a668fa94cc70b29dee
SHA1 470efb7bd9e634a4d4972a5d165fff9d60f65acd
SHA256 9a03875e8a589255cf150d6300f6b201991413a3f55e29d0b33267edb726668c
SHA512 bcec0cb2f6c97f4f8dcda6ff7a69766d879e6ea8bb9d00105912a0dce95a4153e18268a550a91db4769befbfdb8f40a5a2e00659c1d661d661f826358ed29684

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6e74b0cc71d7d30036d40cb081aa602
SHA1 867d2ae52baa832f7d6c65edd367e01f376897a4
SHA256 32c72cbe03b7c67c26e2ab422164e45c0bf3796b6f918dbc66dbb50ebe493f33
SHA512 f9ba2b465645018493586f31173a018fc07afd64e49eeceab259244c28e80248e3b8ccf5177552ae0f5649a0d085b97aabb3d729702283ec9a3b130f9e95664c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

MD5 197a827e6016dc26059c2f27f1649e16
SHA1 d4a49112b66fe9621439052dd855a3ea04b57c95
SHA256 25402fd1b385e016a1d1066c29fb1dc3ebe95ac7762b36ba06bf95eb72141611
SHA512 1a4e548dc35645cbf430be738c624b65455885dc47ac093c8ed3b7a1989dc0524af8bdbe1712f0cefcc261e1fe20d3869b8d6d778a3f3ea65b2d9ab631b25e33

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\74\{4b05467d-8f93-43f5-9010-49df15d2714a}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\162\{8f4b5985-c199-4601-b369-a268828a12a2}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\default\https+++www.youtube.com\cache\morgue\251\{0bd7d758-9669-483a-8cb0-c887dc8020fb}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs.js

MD5 e1f289987a27412bc761e1c3c8e67d9a
SHA1 524f9892551f1f7c6bbbd1adcbb7132c73ca0078
SHA256 7b2c782ed53a4f798c82719c723798094e8ea2d20b6b1b48c1d10fd29901d8d4
SHA512 2e9aecdad6ff9a44f384da45a71c7b7d6ef9e7713335e67212e9a23423098d987f35dfd415699edce2faadfc1a7cbabc08d0af97fb7c443225b0a1265da55828

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7bde20a3a1c9f3db8298a05b4765b7cf
SHA1 17abd4e76c72e9ee5a0f184c8147ebd40e8ef798
SHA256 4e2d59657d908f5b4ae58c946f42a262e09f197380625ba0217acb27c32ebc05
SHA512 d0781cd731d4e4950dcee6fdc34579680bf220ddb5f26bdd6853c3f282169067fb5dfbe460251a7b8f6705f23e56a5942ae7a37373584a190703fca33b35a6bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\29ab485a-8b04-4af4-92f8-b82155f19c62.tmp

MD5 f3c2353f8dd433eda33820b91421a667
SHA1 771126f950ca022644849171a0b8d3d9cc5e49c9
SHA256 18b37bc26c14b420d0cb005c16557eda30d14f3db9535e812b087a6ae5023a93
SHA512 9c3f32dee92aa26ad1f1b0fac68fac00a354409558b802cbe27d285c761817707f28f957808245818e800dffe0b6c6f88465f29b32c688af3a0881efe8932653

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab4d6a5aeb2de2e91e97cec8359c914f
SHA1 e8df66f36841ca15b7938e62b81b305a3e5b8371
SHA256 13b4ebb946104778b5caf2cad47a263e498d018dd1e66c1c453ddb48fe5775c9
SHA512 2d78ec5ea17b9f8335d9a274133131df8a9c5c786d6eaa7ecf848a31f70f98c8865c23b9e88b2487cf91d087046ec59f9faffa75c8e7c370412800d8c1080f27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b98ec12e00ded236072f1ff50e6d3f1
SHA1 157f53854574ce4ae3a5d812c55bf1433474bf0b
SHA256 18b58b660f552b0f52c756bbdc9597fadeefbd16e28e62c85e2120f2723deed4
SHA512 77fc4accfb6db758bac05e09a79ec1d71340c80055e01e8e12787184e92ebd88a7d290551a844a181fdda25a5a731b513ca3b09d9286c3fa4f0359943e4a98cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 15245aefcb82e18a6c7c7d4d70f14c6b
SHA1 a34f12de90ea5270d1572f0631742cd0184c7bd8
SHA256 3dd71c99e9f8c2a87267a6ce161c62c378a4fe4e76dfc329dae60dff7b6f4ce5
SHA512 89a38eedafb3957f5587ede4ab70e6b23dbbe96e48b419751f089567d7e0d59509c2bc4f1f33850e61b199e86da2c36b66a9227433f0f12b9191750807638fc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3fbfb16bde780566122f9937d400f3a
SHA1 fb8a9b7d3b6e79ea34301d9a38b09bdc852e3417
SHA256 06293dcf22617e43d1807ba32632ef6f2d8767faf1ae415ca2c3b617bff7c5c7
SHA512 776a34e00a5406b4bb1685b44099639a43b9304200d0588f60bff4cf4aab43a460111630cce1ea4db8e91dce7e1168e214163b3c6d08535ed8efeaff7e6dc1d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e645838e910144352bb10e2aa1258fc5
SHA1 9bf146016b9cf8f4904fdc677e77806de4312d39
SHA256 7cc15933633d1eb0f1957b05e6ed9f6a0814d98466c1988522e3bb4ee8aaa5c3
SHA512 21568c470d1c1f417c50750a505678e5e20b8e30323487962ca02e6b4b569ccebf95d4b949febcc6a405d65e07ce88b566226ad18ed4c58905894648e2973947

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f765f9708d717edd38135a7e4a88181c
SHA1 318392973d56daa0faf3828a977803fe3a0e9138
SHA256 6138ac685c906f171a5ea6f62a554305bbcd21d2ef676f9fe3903738a589a0c7
SHA512 575ec0e5a3cbd91cc58adf6848679a6a17775fd5960557b9f44d536ab90fc359d18d6c70b7bae7a5180ebc254cab856aa2e6d745b6a76f6a5fcc6a2980a8b7d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf45834a1512848a0dfbed50170f5fe5
SHA1 53ec714bcf9e5fd929650c35a2d3cbc1c93c7d90
SHA256 02adbb9d92ebefedc465915ff19b150d6df05f5761c2f205174cde2266a956f0
SHA512 9c5074b608eb432cc5e42cb048dd3e06979af57b5985930f2f45ddc1ecb7c08500a0838c159051a6c52903318e85672a142f4f69b6953eb18d58b46820ede4e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0afb9b6b92c537a13ea7a26a5a26c0e4
SHA1 1cf6f532b3ac133ee45f59d503fe84ac43525970
SHA256 75b85d28702d76c1d7567d3c8b09270ef29317e0212b0c505eb3c6ed58264667
SHA512 e78c81f42a36743fa6e34a09f1919c3958a0cf063e17b1b9db48050709d5902718ad59407a55e61818ceb527cd70f1f3a92be748ba04740323cd84582e741142

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c406b56bc62bb6b3c1d5405082644053
SHA1 9182387a78e30bee30104fe3ba58b839aeb01da4
SHA256 6680e32db55bf0b8d75041c2764967acd5d45ff87ec247eac6ae7ab593cec080
SHA512 1f17d149062c65e9d1011308419b18b3a9bf684b18bd46c2e33aea6d1478ee9f31d68dc4eeefa3e36b6fe781589de906ce3594827b079e5315468756675fdcba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cfb10a87edac0b25e927f7a02293fd9
SHA1 eb415a6cafb52289c58c67c3b73302968fdbe57d
SHA256 e49cb8c20a455b758ffc12c8356d3390cdeda38147e4da13df7c828321ff80b9
SHA512 dbc4f8a6df41a62b84853c54ab43187799bdded6b4e81bb777176d9608a2e94611760c9975de6310a68e000fb323337370200b8424bffe5032c35a4bb0a48a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a00c8028b7c0a79f159a6058e8848495
SHA1 b9f8e2022fa827888296087660acc35b2e2e9e4d
SHA256 2eee7505ba517b4fc27c9658d4a8dcaedbf5cb41cc666a72c61e11ee58478ccb
SHA512 3fda103326a76be3fd6050ca4696a87fc9dd85bace05d8afead2a20ee8633de083bc359aa7db0c6d8b215c896324fcd70993e0ae072b0cc51d5d709b09495d50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b04d70d9e72edf216d7fa0b335a1a074
SHA1 447aa619230a973ce7546ae3c71c90fd0bbe6ebb
SHA256 c5af7798f4197872bcf94db3fc5306bf32f9e1fbacf8d650d23e289574e6ac98
SHA512 6360c2cf205356aac977ee4eaea922fbc69266ee46f4a84e651c1cccecb5b1cc9003d7dbd48ecd922cb29ef51c0344919624d00317f46c28130fd0638e566d1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2f1c2157b39556ac3eb1515fadfae03
SHA1 eb52b23c7e42c6b5b7f8c0ceef20f37775457bb1
SHA256 dda5f93a4f1e4bf3ea2e6fc107d452e50e858ef0f771cb3b78fa7db09a917782
SHA512 97ae4d209c07942cb49215a715253381f0231693981430408db4ac477ad732c67b2cac423b4de1e665e119c3be535c9c19e6b31644ad43c8357edcef17f6bc0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8f10fcb7f180e223acc5054c82f91a63
SHA1 569bb0961de2321a1c0cc6d6098085db1491903c
SHA256 118867f113395656103e106ce43de9fe44d5359d8d821eba9d85c45b5394252c
SHA512 397f79e7684e4d62bded256b6d41ed24d4cc68a7e99a3d0ad2f4d27eddf732747a390c1cd00968ab0127e3b1c22c68a953984d246ed85e95525f8ffd7633ba1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c26eb9667855e4a6c5d1074e7751633e
SHA1 8e748f8929c6576ecfb747109de1f8326c427dab
SHA256 7c6ada543daa19d1c940421ecd2dbdd32752736d879a84a9633cbd8f3ef57866
SHA512 be01245442fff9545d1803dbb4d6a5d4669d06dc778e0752720b79163fa5e29dfed8a2a739fa9fa609388c4116ef325a80ec5abeacbf8c9014ecac717eb62f34

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 01:56

Reported

2024-02-08 01:58

Platform

win10v2004-20231215-en

Max time kernel

152s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{D2F844FE-3E4E-4829-8580-17CB6B352440} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5004 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4796 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4796 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4756 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4756 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 1864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 1864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5004 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5004 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1164 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1164 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 4012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 400 wrote to memory of 4012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5004 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5004 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4432 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4432 wrote to memory of 2168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5004 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5004 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 60 wrote to memory of 5012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 60 wrote to memory of 5012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5004 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5004 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5004 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5004 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1176 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5004 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5004 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4212 wrote to memory of 1616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe

"C:\Users\Admin\AppData\Local\Temp\cf1c6c9cd6fe79284928b6e3fbe50e8382f486fedf5e0f982156c1807a8f341a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd6bd46f8,0x7ffcd6bd4708,0x7ffcd6bd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd6bd46f8,0x7ffcd6bd4708,0x7ffcd6bd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd6bd46f8,0x7ffcd6bd4708,0x7ffcd6bd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd6bd46f8,0x7ffcd6bd4708,0x7ffcd6bd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd6bd46f8,0x7ffcd6bd4708,0x7ffcd6bd4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccbcc9758,0x7ffccbcc9768,0x7ffccbcc9778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd6bd46f8,0x7ffcd6bd4708,0x7ffcd6bd4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccbcc9758,0x7ffccbcc9768,0x7ffccbcc9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffccbcc9758,0x7ffccbcc9768,0x7ffccbcc9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.0.1394636912\1021161888" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dbf6b16-97a0-499e-b91f-8f7613cad414} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 1892 1d84f2db958 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16533419864584725301,3540458426899126945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16533419864584725301,3540458426899126945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9235475479113620054,163549490867890608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15899636780829134684,8704520275974972380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15899636780829134684,8704520275974972380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,9235475479113620054,163549490867890608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5526252487913814890,13835303512019465472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,16978296588718815673,198725451022757588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.1.537271613\360599332" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab78378e-7b5f-4bbd-8593-70ecd7b6f32a} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 2372 1d84f20a258 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.2.2145412766\958065019" -childID 1 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6bef902-05cb-4754-a9f0-e2324ba5c99b} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 3624 1d852c39f58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.3.441359619\756989913" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3652 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04225ef1-9034-448b-bdbf-4b1f9de480e6} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 2992 1d853879558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.5.1353801947\1293412864" -childID 4 -isForBrowser -prefsHandle 3868 -prefMapHandle 3812 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f19c32c6-89b3-461d-98ec-0992e77e23fd} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 3856 1d85387b058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1988,i,481529178487511222,17703123825162402060,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1980,i,8356890715741680323,7563792381169030912,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4892 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1980,i,8356890715741680323,7563792381169030912,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1920 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1988,i,481529178487511222,17703123825162402060,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.4.1530287012\53860646" -childID 3 -isForBrowser -prefsHandle 3608 -prefMapHandle 3612 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e1f2863-82cd-4e72-896f-29ff44927fd3} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 3640 1d853879e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3864 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.6.851726426\697369636" -childID 5 -isForBrowser -prefsHandle 4820 -prefMapHandle 4816 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d593ba8d-7f48-426c-a154-ea3ae69ec585} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 4832 1d85412d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.9.708369227\1430490604" -childID 8 -isForBrowser -prefsHandle 5844 -prefMapHandle 5848 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00867e55-b53a-439d-a953-9b2f3c7231f7} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 5836 1d85626c258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.8.717561504\1659476526" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f698d738-02d0-4c43-9b74-28edc367dea3} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 5632 1d855e2fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.7.1431278468\682005793" -childID 6 -isForBrowser -prefsHandle 1628 -prefMapHandle 5144 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edf6ea29-e004-4583-89a1-06c94a1e0e89} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 4676 1d855e2e958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3488.10.1884368300\1960203721" -childID 9 -isForBrowser -prefsHandle 6064 -prefMapHandle 5848 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {133660ed-3611-4ba3-9b1f-157414e21ca1} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" 5640 1d8512e1058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5600 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6904 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1444,9023524402925342049,13728034994988841136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 --field-trial-handle=1976,i,2709418619633958173,16291422408024395182,131072 /prefetch:2

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
GB 163.70.147.35:443 fbsbx.com tcp
N/A 127.0.0.1:61243 tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 200.130.217.172.in-addr.arpa udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
N/A 127.0.0.1:65465 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4---sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r4.sn-1gieen7e.gvt1.com udp
CH 74.125.173.169:443 r4.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.173.125.74.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
MX 192.178.52.227:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
MX 192.178.52.227:443 beacons2.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 e2c22.gcp.gvt2.com udp
BR 34.95.145.254:443 e2c22.gcp.gvt2.com tcp
US 8.8.8.8:53 227.52.178.192.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 254.145.95.34.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 59a60f67471b83691714b54bb462935c
SHA1 55de88c4d7d52fb2f5c9cb976d34fdc176174d83
SHA256 b2c8e6719dba039dabcd8f27cd15466e7ba5335d2a87066129c7860b124d2ed3
SHA512 04a52ce294c128dc495031e376f3ccb84ccdee6f38e972e3f0d7a10e6db4edbad2381ec1d052759d756ac66761ca42524c83baaf2acfe731e510a022e40e27bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fa070c9c9ab8d902ee4f3342d217275f
SHA1 ac69818312a7eba53586295c5b04eefeb5c73903
SHA256 245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7
SHA512 df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a7b4b3c433cb41cdb5fd3c0bfc5f7c20
SHA1 61116b9a33c9707a61ef0a0be9f185fdfa7f7eb9
SHA256 e9980a3bc2eabd3380ba59ebbd3a320aa5fbb0275d86d3106a72bc4c0052b215
SHA512 504f0d29f2a32217eea53e559b4fd52263455157779b9979e208c8da7ceb3895e608fd55680304b469de5360bbb31b71749df0c36521ae199bd6510c26da4ec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_1464_RMIMSTTRPQYRSNYQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d094491f495b388b99bfaf7e9fa40409
SHA1 eb92b4af045377c02c3e6de2bb1c1be4fc41ae11
SHA256 955db8a8dca08f5d26304bf9138c43657c0c9fc9ab7da8db95723a79030a7215
SHA512 ae2933bd9ee7a7a8e1813c5f991a4466995f9ac4bff6403e3ec18816218afd17f9fccb7cba12f529528cff09a644fbda3bbac9237db0f347ac7deb4d688a7156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b3895788796fc4bafca8416da2c60f79
SHA1 9ce04326ebbe65f6cd9770db179dfb38ad6cbc33
SHA256 7bc8c035a3fc514f3465e8f5692694852287341a147313f4f34a90fc83701efc
SHA512 2f10348577ff9e683e643eb44d4e385a7beaa3a6181b4c17182cde375843642693283660ba552cc16d35cb2ae8ed2bea59ffeb8955ea602157afe75ace4f062d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dfbd8ddc-bacd-405e-aa93-7aeffae9f5c5.tmp

MD5 7132782859ff661eccd18c55cc5a75cf
SHA1 f596302e1a7e7d90efa2773bc558ed484331bcb7
SHA256 bc4d22c7af9ff60fb7c336045d52156263189ff3693ded0e67515621980a6c5b
SHA512 189dfd538d4d1eb192846f4132b133138e4dbc2f5c1a346192555a4fae4ea232632e73f35d70f41ea6cf8e0971ac936627625355574560f9d32a691174e24871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e39de51a2f6680d6ff74cfef31f6c5b
SHA1 73e1059a12725ab8938ed843c5030251e3990378
SHA256 9fa5cb5a35ea397bccbefb348c695b1803dc9a19a2c7228106431213947c0ec4
SHA512 73d815126bfcf88006d4a1bb73a8c1369fd1960639b6e54cb41132bb80f858b950b88310b15c3b89ceb6509a1318812eb061f490367f39c3dee8e7d820066fa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78d6303889b20eb64148632dffe2eeb6
SHA1 5a2d00c9c12841b85e42a7a79e392b72697ae226
SHA256 3b00fbc2f8ad173d93b9b8ed3ea8b6814522c7106512b1395b399e8ff2d3f08b
SHA512 bfb2c2e07074f8a985cb8c236d5593c64640c8c40e22cb7bf3bbc935e65e5b06b0dc08bbdb8bcedc4e103c4fe2a0157a8fd9114245cf60991b7a9233f6aefee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a81806e82da1a43d9f36d607b76f0684
SHA1 3f42980d114da9a405e0dccbb3daa1352d824b36
SHA256 be74e86484ff2966813974d9d4f5de0a8c88ac0413bd5098b9ec114985c0bbe6
SHA512 c77a1324e8c07a640182293989a03281cdc7c9d1cf64fc4e05486af89f36c50aa6aea67a2d9b7cddea11f02a325962ffc58e510b2ba598db8dda8bd9bbc721ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 93f266d757527c2487a5a4ebb2fa2fff
SHA1 daf3b1b81a5319fc4c755c351116d038e4826139
SHA256 31a0b5ccc07f725b1a4fc994886984aa7540837d5d7983e0607e215be830b00f
SHA512 a7c853b088362ffab21c43d73aca56cdef36969b037595aa576e863f9883ca123f5a702b80a30a23b417763215d1f4109e20ef01478dff20c27b93523b318f97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 008e59e26eadaf8d6e3682b5abc19811
SHA1 8afedbea0001e2fc0c04fcbfcff11f13aa695315
SHA256 909335b8a4aad019f4331c5cb3257308682ccaabad81808075f4c9c9703fbf2e
SHA512 33020ffdabc07c38a69501cc42096cfd5785e0c1f54e8423d1dbabc7919eeef65a053b566582e66b77887fb861d738a165143813f86b83053ee95f05c01779ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\ac25980f-4a29-41c9-97bc-b9e101211f5f

MD5 7f97d3663a02b2afdd5b92f101b7ec4a
SHA1 3454a435d905f5b8afb7946428938811555416fa
SHA256 1493d0a5bc5590bfffba068db8c2e6c17d683aabc3c9def0c79f6f819c0419a3
SHA512 c4b7b539240cf9491d096a3dce36bb547fcff82283b4642231b7f6fe9eaf86f89c070a06283fd0d926b1dbc199ab242c8cd417f43920cb01e3c9bf126a34c023

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin

MD5 dc3b6c54e19c56c522821cb864528497
SHA1 0c43da2a530c6934a87621df086763f7b236518e
SHA256 281a4514d5dc82dc03a6660bd523583704bd4f7bcd013281314f5491e09e1ee7
SHA512 8ce225424681b59feb67cf1bdebe1e8ff32a641e1247dbf30f2ad2c3586109abb336a9ddfda6b7de0c71ecc7811a29454f51cddf79cc6a884aa0a36cdceb3beb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a3051446bf5f67d6ac928c1cd60280e8
SHA1 54f270c77a8f0be9744c524f9e98946e1dd0a075
SHA256 e23eb19b47097272bcd797d203327bcda62c3899a9f721095a6f01e77424c5e7
SHA512 c1d641a8ad94c23129750c1b7ca7a972f7964014f381ee69c449dde069c9c34c9a2852e744fe26b49fec303a576ea3b4ed0620431343df8d9b0e243122acbf92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f6f17ea47d7b5a6bde61a237a107f649
SHA1 fd8cfdd4eac3a1e85929722c8371082e275f88ef
SHA256 c3910030e9b6e5170235c5dd90ae9191cf2883b4ee74db5ddb3f13e7369aab4d
SHA512 81086bb9232f2b178d6be16cb738c09df694b0966c76180f826cd75de8147c5664dae22cac1781d68f6ca2639c76ad8e40b96849cb313536da57a5806770834c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b3ed6801a7ff0ca094d2c54f197930f
SHA1 3f24f1d916e349f685e0f7e1c3a5371291544f61
SHA256 7aa43095d5739916817317bb41408e19c2f437ca6ad20df5cc8b27ee9b619454
SHA512 432bcbecb446d7bd3f21cc546ff97aa7598532d3e55b2373426d03132d39bc6e3a07ecd7a8777f6d2fc7d3ed6ddcb06923f963cb87635317d0200b4ea4341dab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e736ce566b0ef5a3f9972f468259d16a
SHA1 a6018f3ff4d0664e7d83add7d707d2b699cc80e9
SHA256 9123b4c6d381f30194086b8d347b7c8fb27e5b01042909230a49b0ba1e1834ea
SHA512 eb18e15f2f4e8cc553f3ecc2ffd2bc553036c60f8a029feeddc64e923abb851d9d003bc8af11ec41ac92dbc35786f4a0e908f92d15d5b59da252ec9294a90fa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e529cd2f416d056549ec3be2e2870ce2
SHA1 597ca34997b0537f0b558bffae9d5acf58249b9e
SHA256 f3b48ede1b51a157d8c1bf0f734571816e018399d29b1c0ab5ab9cee559f30cc
SHA512 bc351fd39520d8228fdaaf1244dbb7ff74a7d0f66d6943e910f527dc69acef8a624c7b77dd6c2a04e05f0fd264dd30cc170a2a3db30d6cba4a6c77b009f5bb24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15652eb4c250bc270b6d14c67b501d1d
SHA1 8c19ae49e907929c8244f92fbcecc717c87f615a
SHA256 ce2bee20045218b22d50d2bfd2716ba1a76a1f049964868eafe340f2b02e0da2
SHA512 3c2135c9748f2877f8aa9c238b42b5cfcfad1aa3d13909c1c402af0cd1d96349421d47ea371429dc889f90f9742aac601efdcc72b9470ff1690888d775fdaef9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 917dedf44ae3675e549e7b7ffc2c8ccd
SHA1 b7604eb16f0366e698943afbcf0c070d197271c0
SHA256 9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37
SHA512 9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 b0b439b7e0fda0d849a30b3e9fe5cdc0
SHA1 186bb36ea6aa4e966e536fff9df9a4c846addd79
SHA256 bad9c84267d924ac86be698bc10af250d433ff1855f8ca7f8f4efca2ef75594d
SHA512 8b5e4b3fabfb27e83c63a9b2c0e8eff431cd597714249fabe1ab6d3286955cba2b04adf48be76b72519fb08ffc36f840d53e53a1916c8cd20f9c618b47af40e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0842c2ff8e2d186f518fe628febc5d2
SHA1 4180437a448acfe4b952f0fe52a1957a05ab9020
SHA256 1b533c8fb99ed99fb8721e19888772d81315730361993fc1472d23e44754df67
SHA512 5b07d4f56bb94605078bdf1ccd7c58933f8b76162d3978fdfc3e4c0429cecc24835a856216bc872bf73f61fbda2629b46955d63b397f0ac4e6ebd96b8c9452e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

MD5 43d55812f70fd7d143d5ee8ed7d6b265
SHA1 ecc5cdaaba62801bea2a3d494470b8c724aaf5fd
SHA256 1bf7d184b04adf38c71981b2dd88ad850729ac0ec54ef79df8a4f8477107ad6e
SHA512 d50bfa010b23428fc5d0b9874e78bbf8ca64ec11aa5586e63aab88961a6222ca2475c5ba7207f51998bf8776a8c3ac045ac7cf3b636495ebdfe4632af107b4ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8a6b52b46cdb5c38d91154b2aabbeef2
SHA1 21a62bd3f0ee79fa682336ddc4f7cc39d10ab84a
SHA256 f9a05fb6be6aac2a018109907f8c10df44913e4fbcc7beffafeab1b65fad598e
SHA512 b9fa55eb07c8247cff2fc1044f7905791e08bf5b8033808a905901a2707a9180bde91bca07e14825b5bb87d3067cf5b82418a57590ec4179d79cef37e459b873

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2d0302a332743501f164a55c15d9d6cf
SHA1 9b49a9e6123f643f3750f483a45e97eeedd175d4
SHA256 380de27402a0d0a46f9b951f95dc2a7d4b22563b2713d0b0161883648bb7975c
SHA512 da00c7ffbe582fde2fc6fb571961e3da98ea1c73ee0bbd7fe366489b640eb5a84a64db4f5fcd49591dc76a1210eb0aa623d1ea95da2fd567db63956a998d5db2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9ba9f375001f1d403a6118982cc47dc7
SHA1 42da557af9334c2372e30480df0382d8295c8b31
SHA256 e162cd85fcb68ebd217f1cc6736af978443dcbe598ad689dfcd9c2f8d0113e79
SHA512 31a9ad71e3f2a37714bd285e41a731f71aab1e1f105e8739fbd65a098a2f36af941900ec57cb8997a33f9f24e6eed7efc039a0d66065e4ee875ed2e84411565c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 988750ed36b4e9657181fbc053f7e6dd
SHA1 87217fe604eb35b4dc8838dd77d0b5a7e73bf521
SHA256 c321d76e8670e78e9ef297559a04e46f97ad65d5e5e43e4f329ac01c6f980550
SHA512 7fa15869743f9974b6e34baf8e10fa47c0cef8ccf78333483417146815bc78cf3256913fc7548166946f0d3a5f15edd20480e16756571b2adbc50a21650cd5b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e659.TMP

MD5 30c219a7136e171a633ed5fae40284a3
SHA1 94da493fed15e78e29e0d8fa6a38e8b2c576fa35
SHA256 82c155c61afac8a8a0695b7c5246c964a4a00a7daddcf2c896860d0beb03b3fc
SHA512 b4af04398e7ae49a40fbecd5a8940cba47abe131af0d367fc0f633677f42e5cd34c654bd8312e152d5b7d4ff3c563281675cef404dff159ff9897a9489a357ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 329e0dd974547e485231cd38b86f60a5
SHA1 331e5b89140d6aedeb960520ef9bdf2219516149
SHA256 f7d7dbddffdcb07e32dcd016ae8cf9b0cebacf166be38cf56d4118d4660191ff
SHA512 1e9af79e8c8c7799b2fb9a154020a000b03840e8c6c23168c126ad37a08f3aca38fb5bf5b0c6875a078d26c59123d79ef07d6caba74c2bd80138a525dcecff36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be965f7f0b2f49882700a796b8870a42
SHA1 6aef142409b8236602bcf20fdf85ef843963f999
SHA256 2613d4b5a4725eb6a991d225e841737132e150ff3802cda5403a4ed3c869d04f
SHA512 d95c1f5f631b405162e20ba3fc763c79863b9ca32ee166cd84b23dd40dcf76553cdb1f96c68b4942031e14d45b59236f62325b5bfd8828d9a1b8ef34392e42d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2b1d82c39b390bc0f0d255e3c20d32a9
SHA1 f22f188789b39a7b5573d465c5c1a966520c5c28
SHA256 01d0e1ea79e4a9d60c8f885e2b6f89cb6ee741e931f094f674d7c0b88ea56fc6
SHA512 6b08ebe3672e23a3bc27fc32d86bdbf0fe2d54c54f07734b6c803afc7830a2fda6ea37632e59cf897dbc593c1bf22e7a74c3b1e6ee8b100d09208d929bc27b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\62b40f92-321d-4b24-9ac2-bddb88204c02\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d113aabbd2a1435c2e028346c31e60e8
SHA1 9c54e0c9b8df984f06a2c390437614132ebf3530
SHA256 26b14454d4c689200f7c438874dad4d2dd6d833a0a2f4af961701050a512cc4f
SHA512 5bd3a73bd5fb011c6a571e938f11b33288d5eec627778c9a67aa8ac5fe9bbd870b34e817c81f2814b0de9b34f5f439c416ae3551d1e1678df63ab74dee57ce98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d3c7d3823545e36872a74da971556013
SHA1 342cb7f489f4632522272a96a222ff70d34e6c74
SHA256 50d25849f63895e0cae781da46b764ab2a25c919b9e9da02c6dc90f2c6574f4e
SHA512 0d083682a18d1684c8adaf8fff7a9024d6a7c03221fb677b1be06300f48cd94092d1c9fbf84ab60a90940e89562475e986bc670a5af3230d5c5bfd4b6e4528e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

MD5 ef035d5ee448c26bf0334bbefa7a2600
SHA1 5b225369f0aa96f0a4cf39a7b0e0fbcde786704f
SHA256 8330722bb6f7924e41606402465916feea2cc49eacda20af0c459115fbf1f2a3
SHA512 c9e49f66d3990ee79d7c34f6b6e4869c1d2932a453820f2e86dee57f0b735d7c5e65f2a857bb84347a843f451c7b11c935f0cd22001653b5fdfb606c337dc03e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc0a2fa12f2589827d4f11733feccbba
SHA1 63561622ce0455825d75e86b7c39115068a0f927
SHA256 c61aa29a783e8196cfdf9b626c5baa0e1d4609f933bb098fc1f1903cf7a120ba
SHA512 a972efb91c75e6816f79b66a50e7cca126c3b956b3adddd1e10bd2fc06900bc632f9a7944bafc608086b8b38cec190abfacaa2bc888cc989a005a2febffaa29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

MD5 467ea381619b5b18db96ec0613de970b
SHA1 ff33c3e614163a03466c9a9cd9721ddeb9ae0cf0
SHA256 0005c50b9c2a4e2e6503fbeb799db74ec1ab62cbf476e7b9cbe28ff03e82ed2b
SHA512 37b8133bda8350ab839ee70696d97a98408f9b5e586da9adc51b591fb33a478807316cca566b00ac7ffa48f97eeb318a625f542d3b41afcbb9e30aae219f7494

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 909cb769f27920fa34bc6c8867fb62ff
SHA1 7d63806ba68b27019a60e27c79931c8595d8105c
SHA256 6a1ccb60bd61fb91ab652d6686194883929af9291dde196e3d0cf68c287e301f
SHA512 5c199f4e880c94d60ec18b3f0caada4ac36f701ac968930defbde1530c6aed83547f59373791ebe574be1e323a635b3ecefd59abcad0df2caf4568ea934ede8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583275.TMP

MD5 eda467f76596e7699ff8a26c1bb57bca
SHA1 66b50d53e984f5f70d6d9bdf9e92545ac9c3f63a
SHA256 20ca0b24d9653200a3f4f106fe8cb310f7a0d720f2629f5c55d2453c16ffd1f9
SHA512 115cfc98c3332beebf09067260885522784a86c57fc0e0025aeaf447a32b3c95e90bb30fc160fa5cfa68b4f8fe8e5d85182640d17f22a68a6fcf3a1d5b4e89eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9baaf0dde84a894ea82a1612f4de8ee3
SHA1 cbc8272f603dc3bff5977f5bbb9bf3c121767263
SHA256 adfa47c2ff828a2c9411cf9ed5bbfa645349c117689c7073e2966e66da0436a6
SHA512 12f27018fe58975a9391eec36c1f5e6549a70e7cdbedfaee9be02a8dc8376bf5baf0a0976939f0c04ed03a8360ca63dfc4ee7972407e4a808caa080795bb12c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e47f543ad5b3f0aef9dfe62ed34d524
SHA1 3fdc9d6b5f054bf2ad8d055ddd2de10c58243be9
SHA256 1132f29d1de9b42d347a4d85c79eb8a6f9ceb6f6d47ac36fbe036882e9dbfe5e
SHA512 9fc5bf953d37a46867acc1829d4bbb5d927da450e91d7083eccddc3ce121aab8016c1594ac791dcebe53c72535a28057535df034423dab6b7b46dde9b6c055d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5175d25581de154f5b0dbd56e39e9b27
SHA1 5b82c491b81d8630020320e2f0945cf7223e7dec
SHA256 9d311239cfae72b2455b1291741ecc1b750ca5e23cd92f086e6c198da0edffe7
SHA512 a5c4d3b127c8d119917f72f211bd57ef6de236c0fc5a066ea8505e44df7c96fa7975ac48409f9980894a10bb25204c8edf16ba92550e9749bafe7f2b04b8a9ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 3b40598a735a304a93194868c712d563
SHA1 6ccfd7117bf97966c78900872119f749873e5347
SHA256 e8b23f654dc1dc41d425a7ba52885933403e1ee55867aa52f18b641e93a8cdd6
SHA512 4e159ca9cfb5ebe7af0e847923f82d4219a467121cb51be9a0f0f6a2345067e234df5ef51206e71c80e5727333a5917e0aa1ca2fbd7ba72f280b69fdb9acb3df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 4e08eee044c91ace0ad7a46cd9542a0a
SHA1 b542dc6b9818c8c1e07563d3656389c67b3ed5f7
SHA256 e5602fcd6ae093bef4648c93d192f79d4d6849d783096aecfdd2f53e3ad85982
SHA512 72851bad9b83bfff6a47141bd5ad47bf1a2fffc7c8c62e611606b06208f5daa3c52ff49f60945ae58884e22476069b99c7a7f44f1ea8d624cf2ad4f4227d3b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 944d83e1148db09aa5513784bf80fffb
SHA1 896de5915f9beb9a77902cb01e94b358cbcd1a60
SHA256 bacbfab142516362e31cbdc6427414ae1dbdf389209e6d55b93283fb190e6281
SHA512 cb60f1fa287604a92ae9bf342f95342072316fc1d9c1207e236516055692ec89e9b9947b32cf4d7b5c30b8749a7f9d4ad5ffa2dddf30e97710dfea4fa8687e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58605b.TMP

MD5 0a5994c70a743cc10adca0f6b021a3c7
SHA1 421ae6adceb54c0b1885c4e7cf4a931b1e1cb28e
SHA256 8ae6b8406135aedff2e41554b7f28f8c02c10dce71856468f21506de19a8f135
SHA512 f0f90d5ff452179a2efcb2dd76e4a3ae16060d94a8b9aa1103510ae088490c815913d80295b3a6f3df9433dd20dced98639311501cd401981013477649aae2fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5bf2bbb46e116f71beaea11092169117
SHA1 14949e6ce8c1b54ba5e61db8aac0e28ceb4fc964
SHA256 d58d27893aaf7cf71eb9f48b1b386d46d6b9cb11288c2ea3bf16d3167e6f364e
SHA512 5793c83b350cb0716985ac50364cf11ab424d302a1a2f46b6ed9b55651c696bdc533d6452147758bc54231216cd163c6f6fb2c0d86dbad3dbff2ab99a99b2349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 aac9daa9fbd0a896f415cb631da7f954
SHA1 94e7321a4d9cb4f42d662f5685a36920807c8c38
SHA256 c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715
SHA512 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 27a05b77e7bba6c2b279f1a67cd6acef
SHA1 3164de3d460475f745bba673aecd9f7d799d7509
SHA256 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83
SHA512 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e299954a57397728df53cda5f0908be2
SHA1 4ca53ed53cbe5fb87301212e7a00fcec878d430e
SHA256 2efbd7d170d61fc099222f6bd5c0570385e79b28ccc3079eb84f3c1740908f91
SHA512 14c5c89046edc043d0e133192629f552acc1416a93ef59daa6aec528b89020b512794fe012c9a3a8db18b0d843599f71eb524c6a5918e58025a23afd246843de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6835b803ae4329092908866d90027fff
SHA1 5e77947c82b4af3e2df2fc7c499de73193dff5d0
SHA256 221bcc7e103826587c00db03fb3e6473ad585981bf50d4df897d158dd4957057
SHA512 b2c1e73ecc440784e2a835a1ec66f17c1db83185958d9dc09faae132b5f126491e7d8e053cf22efd4fe00a4c1e78e5a6b1568b60b8b04e1012b1e0accbbff4c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a49d8c3b69ab20cab8ac0155a26e01d5
SHA1 6fc85722eaa75dd469a9a2c290d1682d8da35c32
SHA256 c708eb27b066fb75310b80073b3f831ddee7f3f352c584f9f72ffe30a3dd7e75
SHA512 9459b292a7f3165d7ac5eede4b5cf8fab9eb544179a6f417d58b512ff89a296fb444024f63cc072e0948b7470d8d7404759cf87ea69c60bdd02ed477937c41b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 efae2f3ffbc97d849dec418049f10e38
SHA1 430b8c0016756e798ffd0646e436a89ffd3dd139
SHA256 357e3d6756412b0445523d37bd814698e1ba0ea99744bd5f5bc329e3699d26c8
SHA512 099237d1d0e721f42945e5aed33dd90d3cf94916243b0d17b4381ba5d9d3a3458844bfa90d39aef62bc49b6c805b9b8241e4d3df12c0089000986276d5aac0cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e69c2c132418e285fe78d0fc4e6e9a3
SHA1 9cdd8573b65dd610a3e124c7e4358829744a0a65
SHA256 ae48848d8d2c0bbc2e78036c4b25f421faf33c55578efd7d42d74bf2e62f3d1e
SHA512 748b7aa525c305aaabd2cc5e2f5871f5d8ecfb6cb186745c029bc8ea3bff66d458e39a423942747424af95d2692038d9bbb83a8af6f4dd27fb5602406bf8fc45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 327b794556a52613b235a285a1243af7
SHA1 54b7efdd1f47aca7d9a407669403a490570d8461
SHA256 0c05b2a5f9ae7da0c53572cfc453e35b8e0fd75685e374142a1762ec991ac805
SHA512 ec2e67c75118f9cb17934a253a9ef9ae15b061de95cc7659e85ecaf97cf444e6f88e9c3659472e3b557ff8e5018041e7317f1f56d4f49764db574d0f53485827

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e337014ceba65092b027bdeddc48b00b
SHA1 98ad97b8adbb411d6d4623fab506924aa6772304
SHA256 c8376c9fa189541da0b65cbac556fea079eba00755803b97808f79b6d2b07c95
SHA512 24dc7ea8954498d7eb926f6ff07d245d82dff98ecbf77093b717351328434306d37c0a95aac208f711c8f3bb901ffa05daa974aa719518eeb14bb844df5e3d6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d96201d01d7f0eab2b95b3b1e25f6479
SHA1 1fdaa9c0ccb2b0d73cd7874f5c03326a6e1a1d8f
SHA256 8aed3e1d6b6c84dd276964874afdb44f5ee0cdfed7bfa78008a8dc3a5fa50777
SHA512 8107aadb00fc2987ea08a42670654250f5fa35f42fb9bb4d5b6d9f1d84049cc2cbb250fdbfcd94a8a98fdd12a79e1a23c5d14c37a6a0da745bdda49500a11e68