Malware Analysis Report

2024-11-16 15:51

Sample ID 240208-rhtsbsec7x
Target 6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe
SHA256 6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b

Threat Level: Known bad

The file 6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 14:12

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 14:12

Reported

2024-02-08 14:14

Platform

win7-20231215-en

Max time kernel

49s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09098CF1-C68C-11EE-AFC4-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09072B91-C68C-11EE-AFC4-6E556AB52A45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000081414857abce58348a7b9061579750cf002264d0afbd58ddad3fd3913b0af2be000000000e80000000020000200000005a82f9ca208d82183d373e5bcce152c0f4acda90461a000f352aa6e86331b488200000006edb13ceca6f350ca3981ff36293cd3fdb6a3f47c75245a7f8f88d9b7486a883400000003263a42787dbdf2a06c22ebe3bcc39ff9b10bb692ff462b6216dc15cb3fce985837f00983dc406b4b5f28850f25f5ced30b6c5c8ba5a21f7cf9ca8d4d956dc93 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1948 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2800 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2800 wrote to memory of 2644 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2304 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1948 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 628 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 628 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 628 wrote to memory of 1724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2504 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2504 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2504 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1948 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2040 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2040 wrote to memory of 1532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 2332 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6459758,0x7fef6459768,0x7fef6459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6459758,0x7fef6459768,0x7fef6459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6459758,0x7fef6459768,0x7fef6459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.0.1597410124\2009827352" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1120 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc518dbb-919d-4f59-aa70-f1ef8568b548} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 1280 fff9a58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1272,i,3403491375922456987,15806788608887808340,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1296,i,16522543767096414277,14726768089993919832,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1272,i,3403491375922456987,15806788608887808340,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.1.1230891853\41049714" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf182640-0e34-4daf-aebd-fc09f29a2fe4} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 1508 d6e858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1296,i,16522543767096414277,14726768089993919832,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.2.872448321\1210414146" -childID 1 -isForBrowser -prefsHandle 2028 -prefMapHandle 2024 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00dbd424-80ab-4ea0-8505-a5a94ac5809e} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2040 1984bc58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2504 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2564 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.3.376564751\2139323275" -childID 2 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64225389-6042-4462-ab6f-40ddbdf532d1} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 2812 d61858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.4.405018422\1341066035" -childID 3 -isForBrowser -prefsHandle 3352 -prefMapHandle 3688 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b98c73-f2c1-4740-be1a-18c83e322244} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3704 1ecd6e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.5.1117295995\1661852132" -childID 4 -isForBrowser -prefsHandle 3820 -prefMapHandle 3704 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcf29531-c916-4197-be4b-ca5e15e1700c} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3808 1f5ea258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.6.1435393045\2073170675" -childID 5 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb42995-18d3-485f-9285-73b85bbd39de} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 3964 2071d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.7.1580057007\1334559683" -childID 6 -isForBrowser -prefsHandle 3792 -prefMapHandle 3996 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf65e26d-bb62-4148-8379-80e14f8ed022} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4236 20d0d558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2664 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1368,i,4965488775452565772,12977604799993149357,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.8.1487510164\531369831" -childID 7 -isForBrowser -prefsHandle 4324 -prefMapHandle 4256 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecf4e241-5baf-4a05-8b22-879df761a928} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4460 218dee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.9.1323533193\1156183209" -childID 8 -isForBrowser -prefsHandle 4616 -prefMapHandle 4620 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d551410-5c37-4d3b-814f-260e3b2348f2} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4604 218dc158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.10.1795931401\1142390267" -parentBuildID 20221007134813 -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4599997-b9d7-43dc-8b23-5db775747969} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4888 d60058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.11.1058367449\935046745" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0de44e2a-94b2-4e5f-aadb-c61ede1e419d} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 4956 1ecdd358 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2332.12.383758747\2046246483" -childID 9 -isForBrowser -prefsHandle 5080 -prefMapHandle 5076 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 732 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d87565d-4b6e-4b10-b648-66f604ad70c9} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" 5092 2071ea58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 fbsbx.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
GB 172.217.16.228:443 www.google.com tcp
N/A 127.0.0.1:50130 tcp
US 8.8.8.8:53 rr3---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.200:443 rr3---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.200:443 rr3---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.200:443 rr3---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.200:443 rr3---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.200:443 rr3---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.200:443 rr3---sn-q4fl6nsr.googlevideo.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
N/A 127.0.0.1:50162 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr3.sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
NL 74.125.100.232:443 rr3---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c38.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com udp
AU 35.213.232.93:443 e2c38.gcp.gvt2.com tcp
AU 35.213.232.93:443 e2c38.gcp.gvt2.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 e2c50.gcp.gvt2.com udp
US 35.212.16.125:443 e2c50.gcp.gvt2.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.202.35:443 www.facebook.com udp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
BG 172.217.169.163:443 beacons2.gvt2.com tcp

Files

memory/1948-0-0x0000000000520000-0x0000000000521000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0909B401-C68C-11EE-AFC4-6E556AB52A45}.dat

MD5 90815af4ac354bdbb5bce85bb3ee0ce3
SHA1 bd143ac22ab7584e23f5a0e8e245d746f2218c7b
SHA256 161b48235db3ab369b0d6de1f49fe50621ac953234ce703eefd31bc440c3953e
SHA512 515e891a9e8806e014c21ab725df386b3580a66f5b8131e669f7f4fbfc95a2cb596c75006bc347fbd7aa2737a369ef9b5721f47007e7dbb9ccb16444dd935696

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09098CF1-C68C-11EE-AFC4-6E556AB52A45}.dat

MD5 4bdf1f8931e06d4c7db6a126b85c7387
SHA1 4804a66e374f3dc02f9181d858e2524fa526b282
SHA256 8a072ecc3ad90157ffff33a727e6342a8228071585423490ce7e5cd338b4cf98
SHA512 34d83ed3d2683bf4a97297d1cf333f5b6ee720b2db52fe8ff33f21bc1397024c4efa2e63cd40de0788762d1fd70b14ab96029cb4b03d8a0c92d3f41861cbae1f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09098CF1-C68C-11EE-AFC4-6E556AB52A45}.dat

MD5 e39afc14cd23ae9b85e3927cfc5052a8
SHA1 f0079528178d3af3b297f3c3d100f5bf39a6c4a0
SHA256 56c63b913d486883d7aea0deae588aaf00280967c90e8a98376eb30b7d3a93df
SHA512 6134517fc4d18e5f18c001e8d3af6c90be2387376761771fb69fa5c8ca3909e0eb8482e4a8aafae653575dabddef3500a7e29b7e96b9b03777ad77d516239984

C:\Users\Admin\AppData\Local\Temp\Cab1AA2.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1B72.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 482ea1bd586bfe9f77ed1716d191e694
SHA1 bf48053758d75690adee572b5558c73553937653
SHA256 e870ad212d38ea54dff94933917b520f64dfa62d5133df07e09934ee121a5c21
SHA512 a089a6d3c1f3602422db42446bb28c4aa425fdb90aeb477dcfa251257a9fa825dd5ebb0f118e4e45894572eec090bfa6a7f0ddbb7293c958cfe861792f44ae61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 73842dbd8033c3f38bbf73f0a3e2ea6d
SHA1 1ed88268cdb9c9f44c8d1e11da667adcebd2434f
SHA256 aa7f39120640bebfe3221538dc935a36ff1ea48a4bac8c280fe5af067f3c4d10
SHA512 1e2ad48a3e1a3d784b43ecb9731c6e7061fffaf52b8018ec577291acb44e5974397891351b0415879525acfff578c38f7a8ef73461fb00da4b6d842ce4abded7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 35f6656180ce6e54688a14422e673483
SHA1 12fe050c4196592707b28577c3837a87d20b6f90
SHA256 cb0866e46563ccf119fdd487643e0f0e8e4d3186df05ae2c60dd916aa74aaf1b
SHA512 e3d6a6f57a1f72874a255a01eb20400141c59155b9b9d872efde878c0bf5b225ed976bf24ba6f796c11e76119b958950f0d47fe693309587e5ce7f6f967ef4e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 4112fa489607565e78ee9d8caee3b68a
SHA1 92315a976d8227ce7204ec8ecb1a506690a70fa9
SHA256 706e41bea3f09b2dbcce85a0150da5864d00f4ba5cae1888cc86ae96b55cda93
SHA512 df2b2478d42b2dff2e898fb9751cdf71efb6f575a05ab39df89f94b82c2b60f34f9824d96b8e32e50c9d9e2996daad7cd0111c7a330615a0b3054e82c2fd5330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0eb35d8fc4765960c159bb5165dac936
SHA1 d48100968abcb5b9aeb81a37cd5a5a33258a12b9
SHA256 622413cb2d74712b63b5db7a8f5b1175461f1c758ab35dc57ebde58fb55f9b78
SHA512 7893ff8ab1407739a7f6156e9273097ac268e413acd2afd0fd1886f882d7a9bf5bee187787d3b582c72fbda7ba1494e5dae8e00b191d55a7b9c2c7123b5b1809

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4794a0650b156b76c788c3c1c32bdfe3
SHA1 f0f27fc4720f1efe56a96cdb2b31d68a9c6240a1
SHA256 aa8c6a4ea5f516c0cdf8560d6ecb7bf9a4c727259c39f0c999ebfa95c8fc2143
SHA512 c914ecdb0c2b44c7ed47c8295ff597be8a2486e9386deba6c055a1da067ae6604b60cb1b66fe4ec7f13f22ce2f41615de1a52857adac4ad720a789abd49e3676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62a6f06eee75ed78da99ef7c0ef8f532
SHA1 1f4ef0e23e066cb72ae71a735db34e5d3fe540a5
SHA256 9011e9732d6f65cd0675cd68e6e2c93c71413d83a3c4e837d1a432273f686b72
SHA512 73bc4746aa5077d480ccc4bbad5a6ce529840dda393a494b93ab77cbc9c58a40fa9e7da5c5e9b8bb4fe06c960a42081bdb9a79f68bbc7f3e042bbbd652838e6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0dc93d2d26a139553332bc1cf6bf825
SHA1 cfca10a58e7aac081271a17ca50ec9e58fc53077
SHA256 a930473b782313b204a303fa376360ae4427bad6688bb8949a9ee91cf9842d41
SHA512 948706cb9315c65794c35589787dfc303a5d5e7e5277952d22b22f7ece3b323d7909116fcf478fbac93b102fed86f44284324b91da954ca70adfb25d71925d24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 1416bce7a9107e2c7b75084f3c25749b
SHA1 e80c3b3e4d6b49852e0ae893e25e7128f1145e25
SHA256 32c847a01f39730884916b28e43bd3592f655c3a089911924d2d86518c54f818
SHA512 b184f1b4d509dacde536ea2ca77c4b728b6cc9aef55986af9292cdbf2777d737e92e053accc4f75bc996a81148aa9fd3fb26bb1e494bf7a3f9d8a0a026f7446e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 2140278c2ed27b0bf8d95fbeb3f21034
SHA1 9d64169faba0fd351bfb6812d9765acd309add79
SHA256 88667c8d68d7cb6789f95c1791280b7a3dbfe4dd57f03550309c0f65f529d6d9
SHA512 2dbf24f843f8eb60a352af24286a3f93d76a52c680aefbe60a5b6532877928a294c9bb8517bad86c78a3f84af5e5ca3f7cab323801ced8f377c002d9f34838d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ea5e60c4fc21b9e661de4557c7a9a564
SHA1 161e0e5595d35402bf0138ed8f3a5e2254810ca6
SHA256 8006eb610dcb9abe38859c2a559ef7f9ac4bd73a681fa9209be98b61a21a145a
SHA512 96024209d43c83cc18f8556ffd4debf1b794836a91dc939cbc926e992250ca32511068a3a66fabc9298d8fa58cc7e5ac41ea2509bca4fcc6ebbdbbfafe3f6efa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 e3ef3b490b41485d44d1c2a23c603e58
SHA1 9a080616ed233f364519420b3ef10cd70e31dbd0
SHA256 41b458ba5bedc77e82749290ca25f6b4048395ba53dba149b8d7216e4483a9cb
SHA512 4992347deaab24443b4341625b3bb50f1462b0d9b2b8b95ffce9813066cb4a1390eb4324a606829790ef7afdf67da8f16f3a8ac491f30ed6b1923d2800c9eab9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 de0b03e3cf7e793d8b91424cfbd3b92e
SHA1 d0980fcb1d2818b2072be6a87cd0c8cef4b8955b
SHA256 6215e30b2cb48ef9ab4ba782e0013185c24d7b4aad2863ba15193e3e5c9b5968
SHA512 19e57bd1b6f3221466706f17248f325007c47190a21b94fc3168330bb7f1ccdd627b3d75237febf1b0528cbe38334cdaeb393ede3b88d07d3f1241e757aa4363

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FTGKY0XP.txt

MD5 3714ee475cfb4af67e1bc76c0f1c3451
SHA1 7f03313ce01a991c35bc702526c9f9bab4eb1333
SHA256 01cdfcbc795e08686137dbe7a24143a36bce02c865831d27a2793e722f2298f1
SHA512 d6c3efa564afbaf2be4f18d33605c59da50b6a1619c7058e5b36471f86d7f423cd580d5d1ae79fec807502a24842db2032a9d3e44c5d8dd2c2e328ac8f379d0b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XZ1GSQJQ\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 217f8e4b2d3f1535dadcd2d5e01c7077
SHA1 d60b130796ae72d19d7843ce39b5bd3d17817d26
SHA256 0e96291632db03c9a195b7ae6f3e639ea2bac6a63ca79ea0fde42791bf4d58e5
SHA512 5b27d98f0e37b31335caf59bcb6ebfffbf5ed382525561d7a1d2c9b8f84f2f62cde3944a46dff21a4f5401f387f889646af92e255cc5d5b10487ecd42efa60cd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 f825b56adb41a5e333ab30ddbf97c65e
SHA1 190d126651b27f6352533d71c9da081d87e9635f
SHA256 8791317ec92f8803051627bed7230991a8cc6593426e6aca4be46b34345a4e3b
SHA512 e445e878450bbbdd435629ce68f7b8f5d229f53c9cb9fe3e7d2c72a096c115374e54c32ed978da513f9b585087d0272099962e76d368a0f15c85f68fbf32fbf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 5e93356e094c7c4ec5efa1b815cb3754
SHA1 78222c4c4692065bfbe34484d783838870ea6d9d
SHA256 666a8fb410b836e0ad252a882fe51a06c4cec75dde69915d9356d4695479c5f2
SHA512 c4848ecc7533aef12b2d56efde7fd0508721885186fa838a326df6db720647d505c5f4ef8e242aac77e776ff0ae701fc788d37ad3bc2eef4a5d97182a4adff52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a86ed2d77dceda091bc087e579a77a1f
SHA1 2a495d716f1c4570afdb2a99422ecfbe081459ee
SHA256 96cc5f4cb43c6ae91c6f7b5cd3bdd1fa0ab902a60a66963ff0e8e180dae48775
SHA512 7f7c6ce9d4ba6eb1775caed4578f085fa8b4baa47990bfa0e42a0e42fcb1584b2d9abeb566379098f365a378ce50eb8e3b21f680441be52687369026ed6ea84a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eec5c506721fbf9ae68bd30508957a7c
SHA1 9f1110c9ebf69c7b9ab4b7a33cc34ccee1315fc4
SHA256 755720fa0ec7b2f7ae98f901d85140295bcf3b8a5d078e31bd44c4c149da2b4f
SHA512 5fcac31b18451b4adae158987cb3d67a8e813e31e4bb5303f0ea60376d11f834bc81c3f58bd26d6e5f3d3e8784b5304168e2115a3c4e226ab728cca980ff4dcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd339b6d2dabc63feacd67b53a4648c2
SHA1 8b165f6a377912b671fd7fd19abd644ccd137d83
SHA256 96e7e8aa1834902c71593fd74e3924de25617a6610f1b77641d0b55d4310b380
SHA512 3324095f7a3d41eeea9b93635befc30fc2f14cebf5220cce036a39bffbc91062d862b9530bf1ee2054e95dc2cbc321cf66e42f5f13d1faccd3a00344b4ea0e2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd08762958746000888c797daead7dff
SHA1 4ce31c8939b033c9d37fec0dac7455b2720806c6
SHA256 eb554a8f29c69855d3d72caafbc7a2c5c4ab366698159853185e402006014068
SHA512 f560bdd255a90ff65a2f50671589fa0f8382f53a79ef954fe42ce3ca8217e0bc059073c0793efa4d0e214fd93f15abf249fe0d1e7bd4a61b419a06463ab8e3ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49d8a5f34b774637c6e3b6bc651af6ea
SHA1 df1cce6091033b383b688012ddfd3d21158e1ff2
SHA256 bc1119b18a4790cfd4288ebf9e48b6d4e87ad9e1277ee1f0d44924d31554ab66
SHA512 1582246782239893cb990e6fad90fa066e356b3fe434f87370bfed496d7c21edde08e65c5885b9319a122a40a6b2e3c05220c2fae9f19664ba4e6bbaccd47da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ea781d900f5d46a534348d9cf4d1e48
SHA1 e10b6cfc201f896fdb1ca938fa6201697ae8fe9b
SHA256 70fe868fa00abaf83f34026ab91921629d0b1ec1a877d596ce139f5839f39c24
SHA512 ee3b0a3c262f930ad32b40a035a815b9b82811b275f52e7d535890196d28315f2b97f92e6ac4cd5fbf0cc496e070e5f90388e7fe4db0ebd659fab9e067614b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 854e401031422fbba4ff88282c38b462
SHA1 bd39ab5e17c1c0d2d5d13a4753630462be0f07ea
SHA256 70741328bdb94a57671d92209a826496df2e561c8d2f7956c4c79858c9f391f5
SHA512 ea94f8cc84cbf7ce36510725a0e99e3802c2fb383c9d507aff020c410f099004c3174733eabe5d657c8ba1c98f0636fb5dfc9b91e4b95e00bbe74096748f209e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e41931f5b0abe0043f10ce8877647157
SHA1 bb2ee03855d29775467ec1432c7e8842e1143900
SHA256 a8e310ce5739bea75ffb4c6dd7fd7fcf9b8ec763714623feb79475583720be4d
SHA512 786f57f1394c608649b35fb46a2c065e4f33a506c3f6cbd30604835a5dae6448a93b7d815f90d64fd261b6e23292ed11d648ddd8bbcaae2d7eb47bca8443d6ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 054445d3fcb8f169d349bf430fb3332f
SHA1 2f29836c9de8586cfc09dda1ad7776176d84f5ed
SHA256 2ca3111abac581c59f0b4bd4c1174391b4696cf25bed21c669afa4d6b5176566
SHA512 c2fe7ab1c7319f6330a527694532f5ae334600ffd2db8aa12d9a1ae83835c41ebd50457853eaef7e99d087e4b5ee6646ad52915536af8601842a1edaca2a6627

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4802ade8066282e767360dfaccb0430b
SHA1 0833a26c3227c110e237bebc361cd65f65bd92a4
SHA256 61d42dba6cd170d8f9aff51e0f0d8d64873ce4fa9f182a54b23a60c0fe8409bf
SHA512 c24d0fc8e7c414cbe6d1e9456bc8cd2b59be203e291c617c14c04175faa44196cc060be45826074fae302013a97570ad51a24957459394e431ef5cb5f10a389d

memory/1948-869-0x0000000000520000-0x0000000000521000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f47e890b4447a4ffaef3ea52bdcd0bd7
SHA1 9ee3172de76a6579b4392c1d8e2162ce1f6d12b0
SHA256 993cb26ddcb4f560d0192a962cd11edc0298dbc861b5944961acfc587a991565
SHA512 b827ea7d27d114112ea927bafd81f2c2b5b35c17ba1872091c1f0d8f5e46d245dcb45e436b9bcea42a7f8e8ebc5dcdaa56a2620ee51b36d189cbe028a85da9ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_2504_OAPDAUBMFGZOKRHF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ff4b448027a60526ea3d97c2153fc340
SHA1 d933dd25d220e7ec92bb74cdfac2ef393192a110
SHA256 6ba637402d9b40884b33d14eba64fb4bd7df7bd6054b12531640832ac740521a
SHA512 df54807e0d4ba70e10035141962a172580cf56493542b8e924682242d24b5505c0cf02df3b57d1e2d36576110d79b91386a725abc8a3b74c0c8b2feaea98368d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2470b4c5-ac9f-4ad1-8a36-d3594d5e04d9.tmp

MD5 296e37af5492ef3ec4e1ed0b04b3f99e
SHA1 784348fd3e83bbbc747ee7e48cf57feef4eb3fad
SHA256 ec8e5733397a03719481dbe3ea27a43b5a850757a5ef69a2cfc691eabe178595
SHA512 996e82d766bf8b884d5098a09e87bbf4acd913d8f3c4c5fa5fc0486361d1e2b5b31d07cca907e10662f3f059a7df740d2cd9436f50496f80ec9d6a4e45e36605

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 58c834f969824cddb0a64bd49e7ab129
SHA1 7c9eaba6e6e1962706108922ddb6a5b585229303
SHA256 cc618af14006bd30c999da106bddaed537feaedfe8a3f5d1355ed2fa40230156
SHA512 f8977c7ff426b2fdec27fdafc1c8857415cbf915209adeab83f18888be895adc44f836fb0bcb4710921410f4a814c0238a6ed236169760d6c2d6edc8b6d818f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\ef9d97d4-ea70-46b4-ba31-667c818c14bb

MD5 ad88d83f13a30ae85f5133a72840c8b3
SHA1 26618e1f523dbcd21655e17576fd40332282baa6
SHA256 5a64aed6b10ce2167e1ed38d7799aee25ac877cb69a19c47a1095d761b801d39
SHA512 6518dba51079f830260df8f1523c28de653c3bfcf13e8645222dadf066fdf0d8e0f907561b59c03999f313fc12b8172adea67ec5d5c119c8c65e83d8d80d2f8a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\063f40e1-998f-4a59-ab62-ac11bf645ff7

MD5 d9c444eadeb03ef655b08e4e1cbccf00
SHA1 525a7159ccc7b59c9a27f57ec5d1026cf5813e3e
SHA256 61cf6156d2e4f7b3d584c0aa5681251aa5554fe572b60f57273037fe475625b8
SHA512 7d6522858431d4cac61901223b636a7117db071fdc2d7e40055b6b6c60da3ab29b59d87d30e93fcd8563dbe8cea3c926b464546d4aaa3f024bd61ae3ff2a4abb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin

MD5 fa71fae93ca833e328d87b32d33a707d
SHA1 555a87f7509444ea3ee8b18fe4c7c94e962ab2da
SHA256 728cf5eaee23ebf4b30606f99dff96d832c164330cba9d58e80e154f4cc03800
SHA512 e1dc1eb8c9693114119ad44a9eb71ead59c1cb8f9ca04e5354966c1787023beefc41f76ef8a7eb701f7c369947fb91252b0cd320d3df54caaafee16f3ffe9cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6adc5f22436ac1e80482b8b3327d4099
SHA1 7978fcb52879ee3ffbd083c0b2668a3342118b5d
SHA256 43f6df58c1e97c5dd083d810972586dddc2b511b35818092fdd4a09d554424b3
SHA512 5063f398d0256dc55e88fda9ab5ee1c3c6bc1808d96506ca6b086120b48e598416565e2506c9558ccf6daff5e39d41aef9c50e30bc6e9723c011d3af1f0ff00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 e0d98428092d3cf13ce51cc3d56e399a
SHA1 14519da76ef4c9dbddfe5b0ecb497c6a678b7fe9
SHA256 fbd114a1afbc35b714d0adb416781ba5e2436cbdc66c9e7de9a28644bd98c64b
SHA512 235eef5403406bbf352c5e495402bb3a53eb228f8c140f69fe3b9391c0da2302ba7efd7028827107afd267f1286c87879bc4c570ff82e713d6cea51a44fd0c7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 e03cc1cb3a1427661fd624eb76a758ef
SHA1 b498ddd85910c896f443b5bb1a0a02e48f7a7b1a
SHA256 c93297da04d1438770b0e8fd99788088b4fdb1ea7860104047eac6611a31d4b2
SHA512 e4aa259e37460a208f2d6c9a810fb2bec2de6075b296edfb17030ae31909aecac00d36facc3112749a20b824906125ceee41cb4befa5e5de5573d5c9fbab2690

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 74940a414f56bac96d3205c2f8873ab8
SHA1 9de2c1b8bc8ce7d61f87e1c2749a92269386e843
SHA256 e42525d4d52b5589c0f62b0130bc369f4305bd721f5d9ea15497453f2d561582
SHA512 aade142066f09a5e9e29388838bce49c574855e34583d86836af231b1320aeb2b3f789f8a280df50c8553b796a0c4edcbd8678dd9debdd2b69160693de6d9fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 e847480ba83c61a19d93e5cb905d04a1
SHA1 ff5882659d00571e076aa35ef087612e0fa4dff8
SHA256 bea3afbf762af71ff486e4336c871eb9116baf5ae712e95d8cf811a5538f859c
SHA512 a4484e9f3fbcac46c9573d778cc2125679c46f6fe841c52a57b5c865b31223b64e3d7b3322036155eeaefab7e1a4576f5e2c9720c18b3e532a6f7766d776939c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 830182a1d1f31138df0870f94d5658fd
SHA1 6ac5574e71672a8c5e13600d8b669e8d61674047
SHA256 89f2518b214c0fdfd7612ca69fed0244705ea6e71669ab8657b69e101a17d739
SHA512 1ad0e6566de996f732e09948d622d76f52ec6bcb3163c6f66912b8f9ccb25a8ec94b940b20a54df46d8204fa274d045bb8cf72f6abe5acbd9ba894870e4fdefa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs.js

MD5 7b1bac245a2ea0a78d6447ca9fda6c47
SHA1 cbe77865378e68782f23459b4243b6c1f4545287
SHA256 d655dd5d32ad53129065af1d09c743dd006198bfc7d1c784f09c5a6a408a899d
SHA512 b1a24ff442a49c322432a1487b8c476bee0f054dc58bf37cf101042be31fc21f9908a8170caeb92a50cf93760b9477eddc33f206ffa0a94b32dc841ab5fdf231

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 3ccbdc132bd6510fc2f82c88979a3b2e
SHA1 06f675908f0bda68f54a4164a5bfa692afb0990b
SHA256 0ab33701c7b1057fd56dc2276860fb6f467d274a76f1e95fa32d1f58f8008599
SHA512 fc7e31cf024ac7820d4830f4f94b73e096257c1b07381917252f5ce0bc5402a72c12426ad95915f2ff6368cac748c6c69fb7bbaaad8f9c7c6fbf72e24972c1c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7695ab.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a3880025a701a5ef99a2da343e4d75dc
SHA1 dc7713859f6b455f7ae642606de72b0fe5f83739
SHA256 2feb07d68f8fc46577d48641da83714096a2a7a8ad3f1a3df8acdc71f81eabd1
SHA512 4a33b4cc20ec364027e089f5c8414d878fd7f216cf3d6a5b1af6540b0711ded1ca1e0943110816a567d588ddc2e8fd9224ad26d869413759032edaf11737b4ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2040_782035509\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 49ff00bfc6e24addf4d8801edc03f36a
SHA1 6e33ae99807de0cfbaa364f69dcb0294adf6f78d
SHA256 f3ff49070a0639e29a5badc61c9666e885424731fe0d2f70332d07b058f7c69e
SHA512 a852249dae7b678c0a563d76432c2bb1590d039a88bf8506fb42ed610f84307f3f05e9ae077218b69599b74d78963b816f1ebe278a25c2bf588c406b376a20df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{37c460da-b6ab-4feb-8146-1c9ff23bd57d}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\idb\1570276583yCt7-%iCt7-%r8ebsdp2o.sqlite

MD5 18f611fb3f36929a83f7bba0ab18055f
SHA1 866709916642f63a4af551107e82def03af5dcf2
SHA256 f5088ef9cbf76b952c349fe39009d9fecc1c45c023ac96e4ecb8349f6190c822
SHA512 b1dff5cb81a9f65876f29114c649d3d531bd526ecd3588eba77e56f28c1a091bca3e255281506c0b4c2c0525f4d0e5ed19908b26e0e48f5f656faccd9875dc6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80f0485e7b9115e29cc05d33b8ca7859
SHA1 bab061b67a57b5989a21a07ec4b884fe75e4d070
SHA256 714755f63014b7c296d9ce5baf01b35d39187b2d8090abe91f40091fe5de6163
SHA512 1312fa67b2afbafaea0937765ae02c5691bb965031a86d0afdcbaf5e96b480a7b5bdfdf4da149a874d066d03728846eca5d6cb8b576455d93ddd9ad61bf2c708

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9e6c3d1084d2ca17caded46550ac017b
SHA1 b4acbaea938d22d02ccf51ad8eea55a7ee7207c0
SHA256 012ddaa22f61d62a81901b29b548f506e9d3bd25c572b3537b79e778be41f27b
SHA512 502076b9299017fd4a6053582d9f3f3cc17674a9f31178ff30341c10347af8bf69d8bd28bc52008a257471b8b2e3a55ae969f1c93148a207d244581f8fc7aa74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 f22afe94365719418e9fc32aa7340464
SHA1 ef638c8bd823eb94044b7c1a0ee316b9587888ca
SHA256 df38d8f88417e7744763b5bd8ef30b22ac62fb976b25fe99d7c0fdbaceea051d
SHA512 c9137f4452b0091b3a0eadbcc88db839f806f6e96aca4a4ffb96048567561d57c30987046073093f76fba0f74150c8090b6261e3bd89b90aaf280c1fa1d4eb0b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\71\{4805c2f0-72db-41b3-b883-d7375a5ebe47}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\114\{84b9d847-e09d-4195-9957-044eaedf5972}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\116\{bef159c5-76a7-4970-b677-cc874c70c974}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 cdcd7aec343c2fd1db37c43fe471f6e1
SHA1 23682cbd0e785e15bb2cd0e33eb55089b54c6c7a
SHA256 d186dece7e46e2705e7fdb729b0f35917caedb7ee3a5a1fa627ed1e54f1cc749
SHA512 8e390ac987643a1932306f6864b1c7df080b364b6dcb84f6f8f88ac4acfdf5f8e2b32ac0dd74113e6640f0c282e817077a08b2ce5ca7ee97257e011b697e004f

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc8a9d5c352eafb0810837298820c46d
SHA1 99b9649d6af89844574e3f0e199a2fb53e73eabd
SHA256 ba2881426abda4529bd4908f8611b7ac7e1f0bcd2afc740c78cf1139d63b8c14
SHA512 25ecfb813d17e25b5dd5f1a7c604722247119ec1c765b2fee351412509b0c3193d0bbcdd2dbe4bc1886a41585ae6ca52414d3fe6f9e1d1fc13f0d5b46fc609d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8f26edf49b1643b05a9945cdcc2888b4
SHA1 9e304a8ba477af22d450d4e12da3432a9d7229c8
SHA256 e59b2c0c342dc88a6e497150f68d10d737d6047fb5493ff93de10ba483c066e0
SHA512 d08cd47edb2e559966f4e10a51ea7279743316e6410ba1ef3a8946fff0e2fea92537659783f4d01f8a2688bea47dee6d6bed4c66c39d82d58f4ee9cd14ff382d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07f86bc8fa207225dcf4d5767206e7b8
SHA1 d552a50d3e1faec6e2e83780425b076e850c14ef
SHA256 abbb830d2d4d15998b2a521f779927ee61c096c59603967c61189895b361ea20
SHA512 d6cc3cfde250a1c4bbfecc3fcc47022e6689e98a1ae312819f2a17fa67c73da8539d5f2da97ef0989a6f923779bdada7a3ed9d429f4175b9eee27f9e72134cea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ab7dc4463ab07819cea1f36a21cf584
SHA1 370bb27b7ffca5f8dbd89d8f924eb1aaa3099c0a
SHA256 0a8047131c132f71805c096c2d3485441ff8bef89678b41ffa1fa8e2e8158293
SHA512 b3a0685cc2236e0e9cf9ed40d99a8d4856be942517664f8e1a0b36b4ee8080cd821e651d4a63acf350d23c70f39d771f43a85774feb6a8e6d321e0d463a3cdce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f092faefae6c5cdb9a64d6d4107027b0
SHA1 86040d8b65aec87310f00c23683d04ddd1ba5349
SHA256 ab6bb3359490a4c5025cc181f98c207c65f66b198a79c927faf1a449205b9493
SHA512 d9ea040d6eb6d200f5f2615849ad593c332e3b7df2a3a146dff70aab510aeac6adbbac993b5a9df826381215e5ba1e04df94914195d0c4e7fd939548c8c31c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d673b8d0fb9cc45293a6c54406656bae
SHA1 96b393e81fdfef98dfb75181a94ea0833cd3b0e4
SHA256 260f319b498bef6f7acdcbd41c692c78558b7b1bb178451a89ae89c0fa4235b8
SHA512 6bd87ebb55c4f0bf1dcc134042a863be9f0703add116e38d205784a597822896886c18cab09f32cde1ef39cc03a5d4c4f422c1a074c6b67a4dcedaf9b4470040

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f232c69971ba0d122314290376d5d7aa
SHA1 7e6bd1ede82ab74cf8f61159d3b65c36ac2b4c85
SHA256 55f602f1e80462b8b7252b88479eb51004df860aeb730d4912b78d1f6ceb0145
SHA512 d7c4a2777d5c66e9081f2cb7731f184339eb23b1141565f6e8980b934e274a40358cd5eaad8ab36f2aa732266ca44bedc914d371956b2c1aab25cd66efe90a2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e190fa79-5b68-4094-a2d7-818f61930f4b.tmp

MD5 ff7aa97415cffcda1fb5888676116b3a
SHA1 eb080ea1af6a6a0a4764e8b5c1844314c58ae1d8
SHA256 28e91450f23c80b176cb61cb556660f2e54ad7ae0afddf0cbe74c0b20570b15b
SHA512 679f67fdde24498f66d89e91e46c7a3a1d5e77063ebd1e87a442a486fb94113d210f0de6925baaf72ee1567ca8cd58b2d9e9885b6be1c1de94e045e6602ef3e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 84b05e69aaef2a3b5135deefa26a466d
SHA1 1961c4990d51e1db1ae88408137eb5047bae6351
SHA256 17fb035998b071c7c811c21c0d6fff0ba4c86c12452e3e720c2b68e63a54f1b7
SHA512 a0a186deb5a9e94e3d75e163857d2045bee1dd637a89b0bf1bdefa22790f9fff2445b51727632a8555872180c2ac335636beb56769ae18b219f7a0cfbce4c6c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4922a64f1f45eb5f4cf6a3fa88177c4
SHA1 27217bc072d814767891d36202acfb2a5e4cd4c7
SHA256 404eba5c70eeb3c2227e36d18b07f91ee519ca3167d63156b9c509464af8ce3d
SHA512 06f8b875691fee11670ece4a485853ede012659d836b0377b1ceb44677eff198ab6380dbf59bc7aff803fa5e689a8d88fb0c4eceb7a383986daec9e72d85cd41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aea67fe956d7f155449afe375441e84f
SHA1 cf212514f6a3066f55a3f7885f8dd8cd573d5ce0
SHA256 361af06af95ebf9c640761afab9e3357f817d528a4854232fe441347cdff90c4
SHA512 9e059be2703f8abd678cd73a70b32e09f723d2fc3f5d89b4bfde3bdafe40b7273474e1deacbf3673c5c8a0c044f94790704766f315032def4ff74b5e201c2437

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc3922ab6f76acfd9e93d04a43da0909
SHA1 bca8fcd56e5ebd3fe442721ef78b71a762f9c1a7
SHA256 5af1dbad63feca3624d16b6ed748a9d04da307d7ba3d9711090120f00e7e8ddc
SHA512 31f1ec70104ea7a1905f6a7bb4999d6a44c9838e1ba82ec9a19cd220c6257561f499e8012de6b8be156f223f7eb6a6803b264624885e69c70a54441ffff5d933

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abe0b813995b6818658894e85df19a5f
SHA1 de5fb4534148aa0f29e58b30cb5ca68b4481a5ea
SHA256 8c13e2e58e129c95bc63e29c7a543404f5e4523b413537a6479b26a076cd5a74
SHA512 c63cf796074a06f8736b34329711e5eebe8ae6c4c64da4c4082c147238317e1ab06836ba395197c5548b97245f878fa21e460a874261b3d3bff66896eacd7abd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11c286b7049c27029a85ede57e9ffd3c
SHA1 379beac6f8b8ddf934f67eec1bd874329979c4e8
SHA256 05bb4646663ff331e50d4303c14f7505c385d4de760ec13aeb8a0d61a3d2f1da
SHA512 3d9dcb8b187efcfe3e55cc5027515f4ba8549e1dff00e978161d9765e9a6e2481668ce5c78b81feecdf9a894002e1c2a6562e1784919d8d916a912bc8e526384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d9770686c4d8336ebe4c7844595aed9
SHA1 444c7f500aa47998c2f26b43100719db9102af97
SHA256 48ef0d0d3c1e3b150792f85ea83023397e2fa80e5fb85e64cee64c99d6585f6b
SHA512 bc13b0f9ddfe2f1ee437d8c2d14b7045b5d96fe3d4dd67c3c7e4339ff1cbcf9a5b335954b56791fee4f68b9919a18aa26134c4f9772370e875ed3208c2f2f884

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 14:12

Reported

2024-02-08 14:14

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{7D7D0716-DEB7-4AA9-9254-0A7F49DA583C} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1784 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1612 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1612 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5012 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3108 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4276 wrote to memory of 704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4164 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1784 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3508 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1276 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1276 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1076 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1076 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3816 wrote to memory of 3488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3816 wrote to memory of 3488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1784 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1784 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1784 wrote to memory of 4356 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 3540 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1612 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1612 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29aa46f8,0x7ffa29aa4708,0x7ffa29aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29aa46f8,0x7ffa29aa4708,0x7ffa29aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29aa46f8,0x7ffa29aa4708,0x7ffa29aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29aa46f8,0x7ffa29aa4708,0x7ffa29aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa29aa46f8,0x7ffa29aa4708,0x7ffa29aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29949758,0x7ffa29949768,0x7ffa29949778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa29aa46f8,0x7ffa29aa4708,0x7ffa29aa4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa29949758,0x7ffa29949768,0x7ffa29949778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29949758,0x7ffa29949768,0x7ffa29949778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15438105197972564231,9817386333041030616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15438105197972564231,9817386333041030616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,4518180322366957682,3626085339204500292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,4518180322366957682,3626085339204500292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.0.1700382303\62432739" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53a01630-5645-430b-a09b-fd67c54da00b} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 1968 1cff67d8f58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,5891273456024638642,7452312639111119755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,3747962224010856442,1764115729276643330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1171338192747133560,17416685473709123613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.1.2003805829\1018666383" -parentBuildID 20221007134813 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beec3e00-12be-4e2b-965e-f8a1ccf9c35c} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2448 1cff5f42958 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.2.705976282\1357739585" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3068 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b918381-03dd-4a49-8963-176e3da3efaa} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2972 1cffaa4bc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.3.2060733350\1583863003" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3164 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3aea3f-d800-4b98-92db-49bb168e38ef} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3200 1cffaca1e58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.4.856604084\1771751036" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc7b4197-bcc8-4a55-ae4e-54cae55b2627} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3800 1cffc6cbb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1992,i,7385591244680408020,11265401234452514444,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3952 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3816 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1992,i,7385591244680408020,11265401234452514444,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1956,i,12965774064626268630,14854967254590134756,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1956,i,12965774064626268630,14854967254590134756,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4864 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.5.1138589039\864754130" -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5204 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16a59ec1-5a2b-4a99-9d9d-6aeb6c4eae24} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 5276 1cfe9c30e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.7.1986004951\959634688" -childID 6 -isForBrowser -prefsHandle 4588 -prefMapHandle 4428 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8d31293-13cc-4b1f-99d4-fff9dd853659} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2896 1cffaca1258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.6.1632786331\827725115" -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 4592 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ea0ad7-3da1-4e0f-a3dd-3629b54130df} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2880 1cffac32758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.8.1981977360\1877467508" -childID 7 -isForBrowser -prefsHandle 6052 -prefMapHandle 6048 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bc59742-2a25-458e-9ab2-eb3708249bf0} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 6060 1cffc694a58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5508 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6900 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.9.1428566771\1389741132" -parentBuildID 20221007134813 -prefsHandle 6320 -prefMapHandle 6312 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b480392-528e-4107-8ea5-90bbc90e0782} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 6328 1cff8895158 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.10.746310855\598684207" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45767c59-7d4d-4a74-9f65-15bde14933c9} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2584 1cffe6f0b58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.11.553461378\914521843" -childID 8 -isForBrowser -prefsHandle 10828 -prefMapHandle 10824 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa9fdbe7-4e3d-432b-a1a4-7c535ce2c19e} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 10896 1cfffc4b558 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8241180569352382547,7439612379859955425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 --field-trial-handle=2060,i,872812605874261342,1156682300411814568,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 20.231.121.79:80 tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.246:443 i.ytimg.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 246.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
N/A 127.0.0.1:51188 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 rr2---sn-q4fl6ndz.googlevideo.com udp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
GB 172.217.16.228:443 www.google.com udp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 8.8.8.8:53 135.141.194.173.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
N/A 127.0.0.1:60365 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 rr4---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 rr4.sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 rr4---sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 201.57.194.173.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.195.240.157.in-addr.arpa udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 142.250.183.99:443 beacons2.gvt2.com tcp
IN 142.250.183.99:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 99.183.250.142.in-addr.arpa udp
IN 142.250.183.99:443 beacons2.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 adaec72374ea25fc32520580ed8ba4bf
SHA1 1dfcff26826847706b81cdacc3d24ca8948c6064
SHA256 8dce1df4993505de28410317038a871653fdc84afe39e23e0209aba573c4dc92
SHA512 aa391f6dc2d98bb6f00cd2bd3acfc35b72549452e2bace02d3e9891bf519ee277948627abf34b59f3df061eb1cb03495f5a0a89df49f7372304e46a4031b5dd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f246cc2c0e84109806d24fcf52bd0672
SHA1 8725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA256 0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512 dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d953520eef04a7f704dfe97db53f6a7f
SHA1 55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39
SHA256 7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47
SHA512 630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55e42aecf4168a000c2c664372f43635
SHA1 d3c4d896aa9662edaabba446054fe6207967672b
SHA256 405479fd4ecd16afebf44220c9bdc18b9ba30d4e055aa06e8835cc5b4738d697
SHA512 9269cb06d70e9c85ac886f8dde7d8c3e694ff801fdca552cb340116d809d63d7318a3031a07f8c433ae5e2f0eb2842dadd812430bf009156f54a77555439af78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 075c5bc20355f0718baffda9c9ea3624
SHA1 7690af8af113cd7d62eeae70d88f18370c205a15
SHA256 99d38a89defe0086a84e0d676777ba9612c31a98d9961d2447347909c73a855b
SHA512 1557dece9200140d4c0ffe1e0c78d62dcaa32da357f291b6a3d8de991ca3565c099cccf8d5e77f84638b562f35d7ef0e9024423362966caf3c6ee91c6a0e237b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a08d50369d38bb6f81002cba07edff2
SHA1 43713ba72e8a99d3bccf714629f9e238b2512e8d
SHA256 1104adc13f8f4688276fa110bfcddd26348ec90484441597775e5ae1030031af
SHA512 f7f25ed26c65ce77e4388bf525c25a8cde4611030b4ed3f578578a54ce8bf7a61457ff67aba360797ac3e19e7a8e7b2d3bd8fe2edbd94d143116ae0af5589599

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0acdb3889ee412756cca313b7469284
SHA1 1e277224070cfa3b5c368563f426f008287ae3c0
SHA256 06195d97fa58806970165b2e4e3d14f133e5b021d2e0367237c136d1c7a4cc4c
SHA512 d15e874afe4ec6f0b0ffd68d3a44dfb1beadab4161e741f1ff9ea9abb8acf52ae05a413887627a77f5ec029754d20a6e9eeb9dd49c1340f4314eca2349a4e670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2881141feb04fa1fdbb62ccc3f0a4227
SHA1 3f6f476894c3c13e1af4e25948302fb55d3eadcb
SHA256 28eea17932175326308fc003deb81337e7225b0f09432fdf156ea5aac10e7927
SHA512 22ee4a64024b0c5b011665ca43f2988657cc198abea954c59a653b66fecfb5ee75771f2991430309d45aee9f4610fb3168aa371b6442a360399d1db25fc0ef31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5825c43816169adc1cee7fa40ef9e1e
SHA1 6d6be6f26b72fd1690c372204e75bed9f0e08b7e
SHA256 9f171de29462da08b21f90f46d1c7e875d4ce993047f6c4bbfb7cd4179ba075b
SHA512 ff15d3f23a383884d4ec4565d0625fdc072907d741cdab0ca0dda0cc642976f3cfa3b7ee4c4f71bf1f2065a6ad5851998e236b0903d32bb53b7bfa136d2ab642

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\ee3c216d-3437-455a-9912-3eccbc4d4898

MD5 1039c9e92f6a6f3b79d12e4d6f1a8cdf
SHA1 5fe3b960241da320e9942667e66b695adfe23771
SHA256 b337c27efc2482cd55608da26abd402c7ef607170d88dca667f0ac334b501938
SHA512 214a697e75b28925e7c4c4fd07b198f332abfeecc312f5ad479889fad695b30509d52687b4ff3aa9ec92ec3ecd9d1b6ecc3d0bb938db8de1bd5aa2859184e89a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\418629f7-3120-47cd-a8ca-43c207605660

MD5 1f5d579ff9febf09fed5db67ed9fee47
SHA1 95b83d79df00d54eb69ee0651c710dfd12b22fb0
SHA256 7dd32c6df4c054e83659153a8c5f4b71747782134c7ed7c55993cc57dc33a84d
SHA512 59f0a8d8cf03017bb8e236e1a9638805c7861b1067a1b9be7495d9e4b5f61b01ed9e2d88e042a0608ad52e8355e691ab3eed368700313434cc3570f696b8228c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin

MD5 e4035d3823b97bb037657e15d114ae86
SHA1 0e93383f3a315f0ac6fc7456b4ef2116a32df4d7
SHA256 1a4282658049c98ba91275e9c3dc21030b4ea4b587da6a9dc0b00112d84e542e
SHA512 89909147a86436d3b971fe3ef7442a780d1e4262f0f31aedbc6f76619bf63921f81d95fad6bcba68d2649090a3824d7e26f39dfd51bc1ae6e3f91571458185b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c9f2dcf730535b1abf0ee0ea1c282fc
SHA1 27aec6db4fe8c996ac053f2b9266eddd8b392046
SHA256 be7f320438ec465efae3653c2a02377076b9e27fac3b39d2d4db97c6c9b4159c
SHA512 513f52ae347d29bec2c9ed9267373d4802ed659db4b80e022d974068313bd1d8e4a25b9d39e08f43fc0043e38fdeb4a26235cc198b0d48ca1ac221bcdf75c730

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 10cde60f9278120e3fba1b60b34eb16a
SHA1 38ec42a0d8664238f399fa2126db1768b2549970
SHA256 9a0d85dab682f28ccee2dc5c304962d0905ada6758b1e0a875bd651b5b831483
SHA512 0773e480d699baf1a57d1279bb0deae9593cc6d4aa36333931f4044a5ccbadd917342280ab63d33234fcafdfbd4ed3f0b905e3cc968ab5ed7da87eb12a8f8221

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs.js

MD5 855518c1eac64bedb7fd10c0283d305c
SHA1 598425f27eaafd426a7a39351a119db97b4c4c9b
SHA256 b12741a85265813e2c0171480c67fc6959af2fd447c621b459fea774f090fdc5
SHA512 e661f14a17b9134ac19a3ddff2ab6c2d41e660b6cf03eea94c3e486266b2bdba0d27bc2ed8fffa86f57d466516f449a6846a5f8493cd2a5b4f7d4b5a991601f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9d3ae693c5705417954d29dff633e870
SHA1 087c0881babcf994ff10de56bec9706cb9efd108
SHA256 24c82c9a1ed44a6a2302c4f4bb785514d784119ea6ad846c041de1b12de1944a
SHA512 f98d9df4424ed14799b8afd4b9c65e1a43a4ab9cdfe56fc9356a6e3cf8c609bd80edeaaff3e2fac99192fc404d8576a2756f710e35c0d52a5f34690b704d7eb3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 222ea86191ba49308499563c875d0e1d
SHA1 b0e73ea20948a60db67794e199ee19ab35acd63a
SHA256 02eeb74c3bf171d9735f4d359ca81fbfa0118c749b0df1f599c3da2812a63162
SHA512 7aada941d7eec66090a1241a4ac72b2967ad394874345355ecf3c48bbf85280a4c9b3059b3448930727fca229219e4c239120ce14123803af8a59f96e4d5b185

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ccee570942139354a1cd90b7126530e6
SHA1 8308a5152a76ce51342124619a51f2fd18f0a371
SHA256 607de8ed84754949764a982b752d5495234ae4ee7c504d669eaf0bfb1dcf95ac
SHA512 1bc8157d1e20bcb02dc1e434ad51d563a1ae26ffb8c1fcd68ce4ea5c43921e1e3dc1aff3e03a622203a9509f81d4f2a4ebf3f9993f1c109accea491935bf4208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 b0b439b7e0fda0d849a30b3e9fe5cdc0
SHA1 186bb36ea6aa4e966e536fff9df9a4c846addd79
SHA256 bad9c84267d924ac86be698bc10af250d433ff1855f8ca7f8f4efca2ef75594d
SHA512 8b5e4b3fabfb27e83c63a9b2c0e8eff431cd597714249fabe1ab6d3286955cba2b04adf48be76b72519fb08ffc36f840d53e53a1916c8cd20f9c618b47af40e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 beafc7738da2d4d503d2b7bdb5b5ee9b
SHA1 a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0
SHA256 bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4
SHA512 a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06bac6f08571f645155e5c77bce858c6
SHA1 6d11cf17600a8b4e7180aaf47c5e47bc958909ce
SHA256 2c2611ba4eb6c04bf2da81ac59ab3f839e02f44963794412bb0d60c434d7018b
SHA512 abd7f352d6f7882bfa13ac2b72f172585a935bb65a06394a33af860d4e007e252beb9061e8489fddb23b92c684b3bfdd5a8a49bd0a91db11b53fbb5677eede09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 db66514db1298f353e9fd1f9795294db
SHA1 011b1e6e8056eeab8b80ba948c476362f1ba40f2
SHA256 8c14f19b6e0ceb01ffd9a2d4a47024e379eba4120f94dcc8e7dc68606046307b
SHA512 cb63f9afd250463538be36649e04ae92e55b63d2569ce06194593f81aa545e4b812f00f36da24d3aad192ca6af6ba62d29dbbe7c09c49fa3c6def2d88a0aba17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c827b246409d4664dfd9453dc306542
SHA1 003ad573d50a16a62b283a160bc323d39e979409
SHA256 9c5b115d9f1e63497bcad393f1dcd54c2eb07b0fe8a33e148a48333d72e03aa4
SHA512 dc1c9c76ff8f40ccb04da34a3b6e1bc1fd68435f3676b3adfb2d42b5f6fd5a91ecf46e5c81c63b0654a27106febd5a430c73402e96aac7c829d87c07e30cc74c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5e62a6848f50c5ca5f19380c1ea38156
SHA1 1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a
SHA256 23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488
SHA512 ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 621714e5257f6d356c5926b13b8c2018
SHA1 95fbe9dcf1ae01e969d3178e2efd6df377f5f455
SHA256 b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800
SHA512 b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 01ef159c14690afd71c42942a75d5b2d
SHA1 a38b58196f3e8c111065deb17420a06b8ff8e70f
SHA256 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b
SHA512 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f070daa62c116349d8bd287f7d1ce4e2
SHA1 d9afcf40166a8b2b4948a64adf89314759eeda2b
SHA256 b1eb5f6282053c3392d9af944aa33bede3536f0f3e88de4e5c2e20f62644b56a
SHA512 9d029f30af2dc38ea86fbddebffe091bc2a8f9d61bc03aa958e26f7fcd81688df6a6b470adb339f0204825e6e70d2214ce894549ff83aa408eb0cde24d10fd7b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\007E769A3DD5DA78A4096C894CDE895E093E7A64

MD5 a08ad78462dbe269efefd62572c7a29d
SHA1 6f07cc7488e369c93eda5aec9c4f7d498988a04f
SHA256 d096158416a732aec1a30d769d9b46a6e8ab119c7072684cc17a68f9cd1387b9
SHA512 e22caeb125c6bd0a0c2e07900a98eeec9f7b4f7c9177b533395737cab3c2f4daedbf1aab561723ba49a8b89cb1ca5067c1caeeb9821bb9a0834769971f0065de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8a064d62e72d5b510081699f1a1ce1f
SHA1 a0f38336f1d904c207f2e4100edb0c846cb98857
SHA256 c9c55c7e026b17cafa4e527fbe557c0a8918df01c89f5ff66dd416b84c3e8fb6
SHA512 8f1b9ad71cd0a2dfea63f9dc6c6d92d7aeee9125d3d3c2c4d0ad3b8dd722be2d8d41d6067efffecfa07232f1a8796fbbaa4e9711c951f8acfe694231f717c932

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 46f142e67520a5d85e9e35459211a46d
SHA1 35e2f736216cca983b3f52c84217d041cce55860
SHA256 5ce498b437b99d3380211cceb192d422ab6de982b6e21d7e91a5e2ec164b799d
SHA512 a8e7ed170fa6db1c285214c8dc1ce0aaa724ad57df0d4e54f55a5b41c274ff7c5be7abfee8f5b65c0b79c84df611185284b928e1ef87a26225c7d25a49ee87ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 72f0a008c06838b565136be8a4c73197
SHA1 fe2fc33cff48ca30fc3468b10e4ac04a0b73275b
SHA256 5b1122bfdae3b4bbad24311f83dfdbf97a2d7754f63dd720e685719461eb4828
SHA512 edd53d71d073045d21b8f8d2c81efae052409bc4fd7e4d6c7f9ff273bae52d7eab6ef8fadeff58cab2ccd113f7f210a8da14bdd947c536910aa5929ba2798e88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5799cf.TMP

MD5 b0bb7b1669f40fcc739417eb0c65ec1c
SHA1 3e9275cd1f7949c7ece970043ecbc6b7689ce1f1
SHA256 aa1d0600385f9196c05ca14d43eae957d0384fd5534f993d2a51d5d6635bf996
SHA512 35b348e6eb5b5ec4c51615ea57b851714efc92533e60da7645685af1efeecd81227c438dd27fc496d3d895c2abe132e6480b765d60e1017b79bde727c22ee7bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a6549fcf40f713c45d3e9afe04d4cb55
SHA1 227d4abbb4237fd15a8d5ef8e1203369e19ffed6
SHA256 7f4f40464846063662224af23db53d87916c4a2eceefcbcdbaadd8854d3e9f26
SHA512 04239597ca58c49832b8691ddb9f1d6b7a9e673f6894f34bb6ec4694c87382e2cc4e4e04518ac236da9e8d03421dc3cc2476d9d1d08f721053b7532dbb82e66e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7fe07afa2e518f9d34cb8924ae475e5d
SHA1 83cd5f5d2229f0f644f94194d0db6cae8fd7bf95
SHA256 43c4f432772cc2fbc9a6ee06cbe0a34c3999d697ba6d71ba1ac50246b5ff3dd7
SHA512 8cc46935f6083d80ca083d0414d5cb16340ae0b15b8a6d97884bd90fb9803f32be92ac29f2e1969075945f12572a7da795a5ccefe06e1a99add1d9d25767db6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ac9b.TMP

MD5 39497a03cc20648677d8112bae60a899
SHA1 dbf19f57f56acdd1996b98d2416deb84bff2aae1
SHA256 725cdd703e43960b7b0e5355bdbd0c1875b8aa44e69df0169c11ef35c5aeff38
SHA512 61957aaac4997d6552983f3b96a40e19c3d18e9c83f6be63aaa1335f73e750f041fdd3c9e1742cebe836b2d20d732629080fe36fdc9d85c6133848c3513a19b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fbc0746c83c04bf0f3dd34bf753645ec
SHA1 d89c7dcd002cc7515c0a7eb761d973ee40d649e8
SHA256 10b64223edf13155afebb48615d60ee8274f1d2bb69142fb3bc62386e8867ed8
SHA512 62f5693eef9e9869b8a7e58eb0da83a880a4bf437c5649edbe0c539c46025569d74b6caa0b3d3e5db9efe6cef1e33733cbb94f69680166c3f9147ff106f9f25d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3f1b19fee42fadfe024fe2d2a09af01c
SHA1 e2a356565fe48f7e10ec1ca5c9eb4308c1e16b30
SHA256 4874640ebbb226fc6ff02fc14d4a45b5d5d7f097f10aa1fc116c47e2560395c1
SHA512 74f1722b8e16d8b608b46c70833b94d66e7b1baff4ad8cfe970f1bac28f9ad0b6a0b4d7763a0f42f1eb7e60b8be856fc71744e3684a0b43d0f5bcf0ecd4efcbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa26d88b40f4fcd8ccf268cd5ff75004
SHA1 4ee37d9597b9d48ea4f55f6be232dc522b941e1d
SHA256 ff87f6d4dfd7c537c2246bbf6279ab16c7e710c46e03bc79240c9f636f83bac1
SHA512 ecc771aa7f219c2b4670ba189466dc65d704b3336b074d66e96f923b97f1cde657356632c5473d4f9e6c4881978863f05ce0b66352a0e3934016737db6f4d280

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b587c6d17cefc1eda6e7244471fbf794
SHA1 75efbd9bdaeeff2f5773e89cb6b10c7099884997
SHA256 eb70981c6d57a32f4ec5ea56806de381de432d60c206ff5ae3133346303682e8
SHA512 d9da1b48b1b5b349266c9108ca542e0daf1378ea684181f89adf74c9a96135126fe7698f9447a1297460c772eeb66ffad59f04ff733bdc89b4199d486afe6ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a99f68b1-d467-4ff5-b473-fa878e57d2be\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b5e27cd36e6a16c555befa28b1143700
SHA1 915317ed50e0af19ebb2e6eb4d56c7726ec8dff0
SHA256 961369cd20c1e752c59ccf2fb697851d6bd02f6cdb7243ceb66dbf6c7a82b243
SHA512 03e84ebb4fcd9b7275da8faf96cf7a91be50b5c5d771ba8955c891e80d80fbafff6995fd3d537173a7b35c7f7bc7cd552e2f8ea26668e2aaa8fd06cce3bd3fb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 29618d2ab5f4048f834252e6afccb6db
SHA1 2ed91d6d588c04fda74a0a73de1b4cf75c494f6a
SHA256 5d83df0fab032768dd4b26c8d9079fba5af096cad9d1bb687426b1cc61579e77
SHA512 3714e808db34b644b92c1b07b5f904a0ffe29ff61a3675a4492e8b8cde63e55fa6d356924459d0ccf46c05d9e38523de59fb9f221092587d0cc9680df129fb1a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 bb26c0a3d5d88329d9140903299953b1
SHA1 fccb7cac3ed9a68cd72d79e54db57eb573bf1f35
SHA256 657d8ab0c35a99e93c47be477b3bcf026718c934b90b00dd39fe6704a0d063c5
SHA512 5b44f5bcd90aa74b85c024d0496f385c4774f4a95607e25905edc23a0ca4e2fcfaa7792728c6e386bb376f958a90fdd424a19eaf7b97c4c38561b32d401f65c1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\41\{ccd0437c-3327-4c2c-b098-3059c1936c29}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\idb\3694224168yCt7-%iCt7-%r9e6s1pao.sqlite

MD5 da3f81fb8a2bb449dcac2ae093a1747a
SHA1 4810b8bd1dd915595a52deda5b4a713fd515e9c0
SHA256 d57f413f77ddf27a006d433accdda18dfd534810cf086739268d7d67546b1de0
SHA512 5065b05df7d3b0992ca1ab4ddc75b3cd2d02ab838d435bf64bfd7194ccd505e0778246c826fd320b09db306564f5f9af6266c67658866d2971cdb7e3bfb4c161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 7ffddd7cdea803bd2c7017ad78397413
SHA1 54567297a680f9aba0171423769887082d66ed1b
SHA256 8e5134a4f0e2b08cff2474bd801df18f50790f9240d56d30ce8110030a75397c
SHA512 63d5086d97ba2c918440e496f027b57d63e52c6ad4126e7c11b525172a4ef64ee39c76149efa12160b9a418433f0f1c78784c277b3327f8e198cd185814ab6d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 22228d98825c9952f9487c6d655ad799
SHA1 4226f79ec85a2f3bd7c3e1097104fb0339392373
SHA256 ecf2228a120d0c6d0d1d00968a7cfe617f7a30df379657e73568453671283e97
SHA512 a784b648a862f6869f373c949f97d83217a8abbbc85f224ca0d777d48702a86ec396e926ea507dae72fc2d9f92e36e074bff9047d0a12bd51c55e35faa9164b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 3b40598a735a304a93194868c712d563
SHA1 6ccfd7117bf97966c78900872119f749873e5347
SHA256 e8b23f654dc1dc41d425a7ba52885933403e1ee55867aa52f18b641e93a8cdd6
SHA512 4e159ca9cfb5ebe7af0e847923f82d4219a467121cb51be9a0f0f6a2345067e234df5ef51206e71c80e5727333a5917e0aa1ca2fbd7ba72f280b69fdb9acb3df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 4e08eee044c91ace0ad7a46cd9542a0a
SHA1 b542dc6b9818c8c1e07563d3656389c67b3ed5f7
SHA256 e5602fcd6ae093bef4648c93d192f79d4d6849d783096aecfdd2f53e3ad85982
SHA512 72851bad9b83bfff6a47141bd5ad47bf1a2fffc7c8c62e611606b06208f5daa3c52ff49f60945ae58884e22476069b99c7a7f44f1ea8d624cf2ad4f4227d3b59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\120\{a1d1669a-b99b-43a7-ae14-e6b59726c178}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\8\{83167386-e672-43f6-9383-78b29c43d408}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e85c.TMP

MD5 ceedba489a651e76d4dcb07efd039386
SHA1 6f286d7f3a8f7c7e71c63cd7436bd34b896aa0d4
SHA256 4d0b09da09ea3e030c3de355060e604ca0c4307a1f4cb51438912aad1faa42ed
SHA512 ed0d353084ac37932204d495be53b2a477dd75dc40d209ec672698da1c1d247809530004eeced13d6ca5f79b98ed2b65abb41639c150059c0ed3bba115398828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 816ba4b6baba77462b8117ba676abe4e
SHA1 879924b8b2711828d171b702020df026b768c798
SHA256 418964f948250dede2ff02a7bd60dc37854c653994891f8abc3bfbfb4c6bd392
SHA512 de5ecd1ef513ebf3a07e245a8784c1322e263d7dfba5ab5f2ddadf0609c4c1bd6212bc2a39bc21f369b4b8e45a0fcc3f1d24c5442efe917c425169a6e462e26d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d213c32e85b52ea49cca6d72a18a75c
SHA1 f9dbebbbe86f4e4cf8ca9aec4a701832b50631fd
SHA256 0f45785fe9c1ae3082503fb43ccccc6c69718ffe705dbdaf8b67fe62bed773f7
SHA512 e62ba5daac32d60a505bfeba563d9b9a322e484ef69df07fb810f428c34b92fb6717d69f983b957ca202aa493d8b6d1eaf893e2ca5915b0ae82873c0c623063a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\160\{6ce53736-64ef-4fc6-a446-500dd383c6a0}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 aac9daa9fbd0a896f415cb631da7f954
SHA1 94e7321a4d9cb4f42d662f5685a36920807c8c38
SHA256 c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715
SHA512 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 27a05b77e7bba6c2b279f1a67cd6acef
SHA1 3164de3d460475f745bba673aecd9f7d799d7509
SHA256 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83
SHA512 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21e0bdfacae5b82f77f57a259fbf7366
SHA1 d007fc29050f2a6eff8966b22dd5a708ed5b171c
SHA256 9c288ca358f89f71911d1005d6efe49f38d0aae9e0530d422b7e6c2fce893b60
SHA512 e8a3b43008cc4d9ac94f96b1de1a7594b5c755fe2410e9d6d7e94578b06a73f3c66f63101074d069e43a0e9c1d9727cb20e80b1f5e1b6c557a8d637e891fe475

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 34654b94e36b8241971fc68a6678e4f3
SHA1 b2db146ee64352187e1794f13d91ad5c79ab91f9
SHA256 e1002432147d9a76b990d2f7aae73c9750e3afe8087df7b88f41e86361546a92
SHA512 4b5d6a7d42d6b24218a32e7647a20027f2dcb1243881c45bcb6d01bd78a73660f88d38dce65fada4c5b22098f6b43995605e0e2c53b53ad0f8b00dc3883d6896

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b2aba021409f8792c6f0ec497f1f04b3
SHA1 3a4a9b5e3a60a75b7b10b2b7cfd8766d6e485bbb
SHA256 7990d0280b2aa87cb756038c33f0ecf3517d65a17950da889bbd2bf124713e7b
SHA512 c8fa2fbc7866e233e9d174677999f2406fe2f0006055779c25ec8a14fe44af816915fa4def9807bf1d33db86b389b6059e240d71f43fbe12c342776dbf2221e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1321306bce76538ecd4f0cc6513c52c4
SHA1 895c7923ec8d0cedac581d42a6e73c558f1489ae
SHA256 0bee8b630f949f12ad24ac2fa7fcab9221b0ed7599664dba64e32748732f3c62
SHA512 61dd2c1fc91a14c9154603c13c70b2ae7d9888aa248824003e1191ee38cca16f3efeb3a771bf7cb0746e1d7081c1642e9287aab6a3899c3f0f94fe30bcff8aca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582ae3.TMP

MD5 f994bb7e088ae9002a56e9caec5b3435
SHA1 11881e9f44a26a8e4e91798802a01603703c6b1b
SHA256 471357514c495334469c58a4b4abc4f182c7c9c02cf9edb0e18f639b6b938016
SHA512 38f4c073918719528f25be2a6755b11015b33d8321bdf2d57020ab05c5f687728305c327c890cd65e173672e63193714d15146f87ab2a607e8b0545bea7961bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 8c8ea6f958bf23e2e70623b94a967a16
SHA1 ffab71601d5f43410d4499790dc119f2b3818019
SHA256 3445e16b3972c8080b7daa1ed3be37fef34c90146a195dbfe722d0a7c1e932e3
SHA512 b8c6590e6a4b52190244d3b30466cddd8c1527940f69bd1a48529c55341811c30e03fe5e03559d99ed3258ea448d320623c888c7415c994915f713a9b3649264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c971cc5ac9a3c9e81409f571ad6a394f
SHA1 b52cf1554c5fe93c479a0549bae16e0ccc703e74
SHA256 6c0ba5903ea813ca2633531675b3b49bb443a6055ee209a9218b7962fd438e38
SHA512 1895b0c7268af4bf2bc8e0894036df6c486e37930c62113cc53bff7236bd0db3cec2b83c75d9c17dfc10b3a4735dd16956a316d3f1159d68ca80598022e4c85e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e1fa4a917fe92a3a20bc9d028e042a3
SHA1 95494a38e22ab9b4e54d8a26de37b0746d2690e3
SHA256 6f12f7215d56bda23ccff6e16bdd82a2e31b4e056facff377b5d322eba5a747b
SHA512 228007eb5938514e7c0a2d3e4c6ea6be2b4fce163ca1dbf16e7e195e8a76a2767a65f212c410da3af18daf2b887c5e91569629d84b5b17cc03c557a3f6a82157

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2f16db350ea476cd4f271eb479f63b4b
SHA1 d154b5be6a8db31a6e0c18b8c7b2cd8f994105f5
SHA256 f50f0fa4f50b1230e3cf15b86e24fddba9ffbc89dcdb8b004693c6f28b044179
SHA512 08a91fbdb3f92e12acbdef0514e020f9ee100214a801ee48b691d69a23c29d094e0027eeea563f01b60b2f36f386774d63eaf644e515a5ea54a98f0b1260fd63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 445a63acd03d7e4fcbd3bdd7964ddb0a
SHA1 28dad6614ab54cf81742501d92b474cdffa37829
SHA256 0866d21309f88c7635523fed5e999367f9b2ccb0b142967a44283329d1fa7d19
SHA512 ca501a04be0102de80e77811035d035ab80e426b29ac3745d50f1f80ac2570d57541358fcf7530578bf1e053c5a61c1b2a6a85d4732517c2fee0138b5b0e820c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1c1d556cd3ec5c4702e043e7a04e0e5a
SHA1 888cff9ab959f78264940b5ac6d768a8fceaffef
SHA256 dedcef066b4f5dbe5d9cdbe512a0c391e93a5d5a81755eb4539393690512a61d
SHA512 192c1f43e93ff52b1b2324cdb42ccd183079867f0a0437f28f11eadb3118a63d7cfd5ad0e968dda99d064d5864e0caf21d5c85765bfcb3e6601801f70052501d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cc37615dc3166276ed15c03ae1c01c15
SHA1 edaf4364f3c09f6dd870b33db037d4ac016d8145
SHA256 df68c2da5a05d10d9e94970c5a1b0bc59fb118df1b40592e81bda9576a16d0a8
SHA512 08497582420115d3cb650f813b02382942b089a4dcaadadbedd2a5c4cf08695d31fd8aa91e0658cff56213fc80c09dfdd1524c5e56395c188e41fe43ae32c7f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 970bd0cb7d160ec3e3a2a60e4e99f539
SHA1 4f1742aef22c35f1455b73d57070c9f28f548e61
SHA256 2ce20a4173f0ad0910c04e0e62d506e3e94d5e7fa9a8afee964e27695f8bd2a2
SHA512 5fad02b96698cf0e31f8a3e52461cdaa9d81c93e1a4337c94dfa96bc55a005b7efac8fb5e22d3e3d5c4c637d7ecf98084154974361f40799794d8a7d99933221

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6878d50037b5d53830533a5cb98ab099
SHA1 87216e67e28b37551544ad4f52369db56f922dae
SHA256 e7dd7ad820d4d978934c1930bfbeebf423c970cc8d7f80101015710f71cc54bb
SHA512 ae21d572c1b7183c587b8b19d623aad5194c455e9d44c1f6a02cb4458b2ac166c25468db616f6c7102a3c6f59f0caec62147cfeaf46ed04bf725a43a0198b1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89e6c8a9fbc1084a1b80763775e9a343
SHA1 8c543a9ae0c8664688e2cbf41500de5df47caf7e
SHA256 45465ec092b9fd79072eaa726ebdb147bb345f52ae4240e2e2929e2e2d4d8fdc
SHA512 ff3946d01b56d511a5b10fa15f8da4af3209fc38783da94485866ea7a46b0173c38ff71fe56caf3563fd463610634526cc665224fbc34f0b06d3f5c6ec3df10b