Malware Analysis Report

2024-11-16 15:52

Sample ID 240208-rjhfpaec8v
Target 6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b
SHA256 6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b

Threat Level: Known bad

The file 6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-08 14:13

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-08 14:13

Reported

2024-02-08 14:15

Platform

win7-20231215-en

Max time kernel

46s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000af29832b54263addf9451420a0f0abc5d6b2c19bc6e27262bfe715069fe73389000000000e800000000200002000000020c90a06ffcdae69532799d7cc3ccbe4eef9585ce462f364eb6ca629bbd10a4e90000000ee5451d29e2949f271c9b212de75f152939c035f61bf8f168428544f9842d8b79a7748acc9f348eb75d77e1820c4d1d50777315881cc530107ce673a6a71b11cb48a60e002f24d541edebfb269a0c50107a7d9a16741b12fd7424a544bf85cb6e9b0ad9ae8ce40ef43920eae8d5fb34fe0c7ede6a992aa21b4fb5f1d85c1493f37689d980d913dbab89bc9dc90a93957400000003b77a93c0cab7169d97fc732128bd985f6e9590a50346d5db16acc5ddbe1c32e963690fbcb9b7ddc24049349683ddbd4f9b04ecc887be20b0c2880d65f7dbdc0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{348AD191-C68C-11EE-9439-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000068aaed018b268613222ae8fe46349b8c389e71b4915356c10c1bc43ff1f56986000000000e80000000020000200000000ad4081ae3c9af54e8efb691c064b48212aabfa55a95f549191078146b2272b62000000034dbd8e9813b5fa448fb402a610149207235fa8431e97673837651be2610a4e44000000073708f2ea4f79393cff0652b4e6f8d4d4ecd5aa66c70e21adf67a40378ec739fd9fc2bb12b80aeb10245353162d9c0fd2d1ead469a4b14426f3eae74f6a39445 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34860ED1-C68C-11EE-9439-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1900 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1900 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2776 wrote to memory of 2924 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2776 wrote to memory of 2924 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2776 wrote to memory of 2924 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2776 wrote to memory of 2924 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2408 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2464 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2464 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2464 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2464 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1900 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 2072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 2072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 2072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1900 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1900 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1900 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1232 wrote to memory of 1220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2044 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1900 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6649758,0x7fef6649768,0x7fef6649778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.0.559636123\1897912370" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1244 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e47d6e7d-7181-45dd-b052-48b510a17371} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 1320 10ad7958 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.1.1822260220\356325788" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef9fc843-ca24-4b13-8f48-18910ee10324} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 1520 d72e58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1380,i,18084858595772558130,15749981699723902755,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1296,i,4086686655950444240,17813200533030071553,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.2.485406292\625751205" -childID 1 -isForBrowser -prefsHandle 1996 -prefMapHandle 1992 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68f7498b-bf99-41a7-a361-28c45a512494} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 2208 190bf458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1532 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1296,i,4086686655950444240,17813200533030071553,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1380,i,18084858595772558130,15749981699723902755,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2540 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2592 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.3.2067828459\387721596" -childID 2 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b936ed-a6aa-43c9-bf47-6150579963b4} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 2920 d2d558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3360 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3528 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.6.26934834\1406938339" -childID 5 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a5e564-6077-4466-82bb-4fd05612c7fc} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 3836 1f3c2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.5.62486599\416784354" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3684 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {201a9414-fd83-4cee-8ed0-3188c5044c72} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 3672 1f3c0a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.4.1989428925\1562236790" -childID 3 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0d6bab5-617e-4bf5-a6d3-7835118a984b} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 3568 1f3c0d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.7.782373260\1022708812" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4092 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89184a4b-e25c-4c1c-ad8a-8d9f7482f35a} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 4188 22acce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.8.822080471\699831155" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a86b039-b3d6-45c5-a351-147cc14eaf88} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 4300 22ace358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.9.1669031271\758913755" -parentBuildID 20221007134813 -prefsHandle 4716 -prefMapHandle 4720 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3d2f63-4b32-46c2-91c3-b9f15db04b72} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 4724 d71658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.10.1156233220\1436777332" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3e26988-276e-4665-a391-de8bc762ffca} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 4868 180b1b58 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4404 --field-trial-handle=1272,i,10010110440131733889,17938553798194528202,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1220.11.301779824\1719291153" -childID 8 -isForBrowser -prefsHandle 5028 -prefMapHandle 2476 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 776 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6564639a-8c00-4c8e-806b-8b0faab4197f} 1220 "\\.\pipe\gecko-crash-server-pipe.1220" 5016 d65f58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com udp
N/A 127.0.0.1:50112 tcp
FR 157.240.195.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
FR 157.240.195.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 facebook.com udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6ndz.googlevideo.com udp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-q4fl6n6d.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-q4fl6n6d.googlevideo.com udp
GB 172.217.16.228:443 www.google.com tcp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6n6d.googlevideo.com udp
US 173.194.141.135:443 rr2---sn-q4fl6ndz.googlevideo.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6n6d.googlevideo.com udp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 173.194.57.201:443 rr4---sn-q4fl6n6d.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:50125 tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp

Files

memory/1900-0-0x0000000000E10000-0x0000000000E11000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34887031-C68C-11EE-9439-EAAD54D9E991}.dat

MD5 bc71650713fc1cf621885cd684240b0c
SHA1 13222c1c8499b61d0c616cc54b773ec45c606f6d
SHA256 2fe7f1b0143fb0c555c07d8fe500da5d699992e1de91c04f4ef9bba458902bbb
SHA512 ef71492765495802f941fed3fc65483d52fa3b03c9c4b4947412344baf4123c829013bf9f7792aa632bb53960f826097bdf67b2e98e36cb5e740a1249182ff5b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{348AD191-C68C-11EE-9439-EAAD54D9E991}.dat

MD5 f9c34145db89ea6831ffb80c20a93030
SHA1 8855a545aa8275327391694ed6f5d2284f466ee8
SHA256 7c17cc83ee4ba64a94b7a95ac76939393869d89d388ea7325ba2910b5ba8ae17
SHA512 eab7c8ce23cae50e438ea175428356590f3d262e8956935fc7fddc282ee438790193118cc1d02f4133a4187a366e517f45360f1fb6a822e400424776c86cbc5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34860ED1-C68C-11EE-9439-EAAD54D9E991}.dat

MD5 55adcb8abf8d56d86ac3d3497e356a43
SHA1 53b8a772408321855c8429a9f0d6c4d448c2c7cc
SHA256 6ffd6fdab7ea73a78794f9f356b1f1418742b9865c04af73b937f319739f7baa
SHA512 e46a328e14e26f02778502b5bf4dd2dbf2b2effd089b9b5bb2f2f9a9f7cbfcbb3090f7234f6930be92134f5070fa275b22f6ce2617dd2b0d0bb0601077dc5c7b

C:\Users\Admin\AppData\Local\Temp\CabD3A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 99ccb3c52e082692c4e1f9586fea63c9
SHA1 3439cbe761371a2efe9aa24f0f165ed4b473fa8d
SHA256 1e12db4be8901c4fabdae23daf47f11bfa249bffd1ef9bc10139f72efcff6bfc
SHA512 f70536301ef24a19463412bbe0ba3b52283efccc52d219b13c28e19164d8e3125ffd0e30018b9bb912e38af57ba929bc31d96a3301a0b36f1aa97da7c25332ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 73842dbd8033c3f38bbf73f0a3e2ea6d
SHA1 1ed88268cdb9c9f44c8d1e11da667adcebd2434f
SHA256 aa7f39120640bebfe3221538dc935a36ff1ea48a4bac8c280fe5af067f3c4d10
SHA512 1e2ad48a3e1a3d784b43ecb9731c6e7061fffaf52b8018ec577291acb44e5974397891351b0415879525acfff578c38f7a8ef73461fb00da4b6d842ce4abded7

C:\Users\Admin\AppData\Local\Temp\TarDEB.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b18558fbe82f592748797536a44ab106
SHA1 4c670bf83844ec3e5cb35363c4d2b59c39ecf5a9
SHA256 4d24ef3c8876e2a039c63823ccf0e1346e50bc7d1c0525f730cb39e8d155a1f3
SHA512 4704f31dbc6a2cd6b2d1c25aa26365c4c83362ea9ca75e99600890a63ac7ddbf0e88cd2245abe8decd2a4c3656c3478db0eee2e4f0abb93dcb50b4177e5b315f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 975bbcbd0c96b973d1efb640fe09aec4
SHA1 b9b1a4863e891ee494f91a81b458e25a4ed38d6e
SHA256 52d6f80855d408e9b5af670085910efc9c34a6333a596e6d72a95c9cd2067941
SHA512 b71b40102cc99cd5a770f646005c009dae6aaca8ca1da6c4eed2ffed794062a12fcf6f6e71abe75acbc80a94993ecbdc4d69e296fa89bb1cbbd864d73e934139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 97541cb2355e58d3becb9cab56e594c8
SHA1 c72f75e878fc09f9e8616a6230ed73338f47ff7d
SHA256 52830e6f3f3002ca4d12dde196161424b8e49a18f4b33942382baac9ecdba2cb
SHA512 cf30863b5530d10b73dd237ea688a1ff47f05763a5d6afdc38f70f9293c6174be7193af2d272e8f48b731b0f4117ce14df89aeaef4585e232fce6fe3fdd9d620

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70c36faf2a15192786828cc687de17ae
SHA1 334b491a96ccf8557d623281316c77f90c51fec3
SHA256 5ff1a9a85856e04da84f26b417593ec5ccb9fb6a9afb4c228d78295b1ed6240a
SHA512 6724b6869f15104874b1754333340639d460d44d541c82d9922cc1e8f3bcea4c7fd7338a76fbbe1746a08dd42e6a5bbe0cafd5b18ec39712e686d4b29532d238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 05ac7c46306f211e90aa1accb13d876e
SHA1 71389c45647ec419ffbf2bb29df70a64434213a1
SHA256 59c53a05f674fa704954e010f1a1c2bf08713c6da9b91ae21c72c4445c0fc0b2
SHA512 490dc3d13e1b71c0e516db93a265da21ac2b0ecc5ca286e9d2705eaa76a13088e87774770ffe3768e212d235950665f5caa208d6228d64d67f3d8ceb5520bbdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 cad81fad2ab96418942ccf7a83132c26
SHA1 c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256 343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512 a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 802f2689fd981dcfa295b3e13ed526d4
SHA1 931f001811b4d7c1a857f274d5d01b433395d100
SHA256 55e98d58c7766b9f5cdfd93dd387af4d302635f283b34221a756cc9438303248
SHA512 969bbfe6f5f2cad37d8121fd7067dd4ab5df44970c94e03a9df8fe13c00c9d50f26b23447114175e1fd4b89a8ea8961dced33a17b10fa43b0c800bab513377e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 177525f109e132728e768699279532ce
SHA1 d03e298c08352696abebccaecc201052896eacc9
SHA256 98774bb31997c820f9a407db486103a4d91eeccbd1979eb5113182cc8ae5206a
SHA512 c40fa82e80df87d7340d374701c5a287208244c779e98cbcab79ccd33f4d463d631702aedc1e9d3442bbdad697e379cd8ebe24768c9ad0ff3ac2d25a243642c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d35febaa5404f7872e90b710a68e2f8a
SHA1 53de7f9b3d5026ae04acf08c6cec7d185ef83219
SHA256 ca0e394b83fa91de945715a3126c77dd6c6b6ea08657f127dba4cc0d69d236a1
SHA512 9f100bf8609f2a0164651136c5aa23fb79c750794515571cf3a4191221cd17af32fea0fb2e89b1957d17a8782a318760b61efd0f11bf8dbd33549b5ced115091

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 1acf8fa846c7070866a86308303fc72a
SHA1 728913ad3a40bfe9db8d9673589f35ce07017b5e
SHA256 c6bebb97550f5ffe41a989e024dbe131b088757664f23d65836a455505ed7d1a
SHA512 5235a9b7fa2055d3c3263a9820304e5b1bca40aec5f64433027ac8085a26f74f19145b42567a5eaaff66a156068a9c0116c49d12388f590e86454a4675169464

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0MZF4MVG.txt

MD5 f1bb50fee9522b78487c82524cb41a80
SHA1 3ff1f97c95f4ccfec8c22f11f945dc4684bc3b15
SHA256 1712d05fea6b0fa89ac0fd8ef72cab9a8d03f63ce15c3dcd07c12d877ce5ece5
SHA512 95d37f403ef2699f6e2ba7d70ede6133b548a483ff882acaf268a85d25862e18ff81dabbc49e0b7be8183ac9c7bf770ffd883710ce9efc19eaa41f08140f8e37

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LMQ7Y4GD\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\hLRJ1GG_y0J[1].ico

MD5 8cddca427dae9b925e73432f8733e05a
SHA1 1999a6f624a25cfd938eef6492d34fdc4f55dedc
SHA256 89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62
SHA512 20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 a6b940462f26c2189d1f3db9191af3cd
SHA1 14195a51ce7cbce9d0af1b403d03a9a8dcdd8951
SHA256 01b15dc176377a6cdbb4f8228bde5bb883b20541913d8f33288aada703f57220
SHA512 ae2632a815caf55ffb3d5848aeccdc4330e1888ad9383ad09dffdb52422886de61e5a16e9e3406e0d3e1efb51dbd85e9ad35057098b3a377ddfba65c9986ef83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 bc0cd685752afe0c38084fbb5292ee98
SHA1 35194d4343252fe2c6947d62fd67457efb79d7ac
SHA256 7fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA512 34cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 ec7e9801c255ee11b5509c8a4a793041
SHA1 681929a599cbf132b3ef07c8299654b651fc73aa
SHA256 e49d976bb72a73a30adb5b9e4c50b16ae5c7e7d0af87c277ffd755fde78ebf72
SHA512 a7a60971af3326164975f64529f207127fd08d37df858600d19a40aa6f23e90aeb5f2ac383419151ba28931443121bb761ab8e5a7ca5adfe580b8e928ab83016

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 dbece240d7712a5fc82e2aea55c93670
SHA1 2a9b53f6cb42c9dd8da7f8547c6925d485c06939
SHA256 d9864f8e7573d10a96eeccea3830b27595c8e26406336b38496427ef7155c7d2
SHA512 ab69f913c2a822b95b69d4a1654432c1f0c35e2447ab110eebe65a9dab20908892228b44baacbac8ab90e5ab40e1f5869ea415381128fde787d5511832c13e8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2121b3187dace6302e72f19c24d2b54
SHA1 134c1023669c7c776661fa75190709078b460afa
SHA256 d6fcdaf1d662751cc6dd340b454a89a6adeb631e087e68b63c404e3027c14698
SHA512 b712962dcc8009d6ec2fa519513e7f4b523253a8a414177613b9b531132a1a399a7b82e866c901332e2cb4b9eac0a7323a8c8f799813e1c0845239ce1f6f9d03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97b0edac3fa6277d01436d07b91f1ce4
SHA1 3189f71dbf83ab0e783128531834f5746e5956f8
SHA256 9bf365ece088a2ec8d4d84e011688df22bb2cbf4d9691117e1ec48baac19a41f
SHA512 6eca9d6c7a8690cd3638cc6c8daa5298a9368aaec2cda13fe72f42518b52b5460291d4ae5001605437e6cbbb896df2a6e9b9d943a4ab05268ba737455eb73f42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9564f674c755df4cfee81808c82baa50
SHA1 c4c2b892dc2594958c04f6f16db1dff0ec5ca1b4
SHA256 f9adff7712393f782c5f7f368f8a18d826ac29dd585f01aa8c2f4d59ad2ef937
SHA512 055c6ed64f0240e73d27931bbf57a31cef7347cbb1d03f94d24915b6f992b6489a78c15841976644ab69915dc4869e904b9b409f16d8bab9e02550244fbb6197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c29c4741f6eda74dba44aeb90718aba
SHA1 aa9823437ec5e7fe642e645c419a07bacd46c541
SHA256 9d1ed57bcb49c66de3e5abee6392c480432288488595ba736c1b806fb950352d
SHA512 0c3cb85b44b658c88df74844c1315c9ea7b2d6d8ad4085ed4c780be0cfac801fec3c2da235a9cba671f35768654e7e5705595ce7a5ff619eccff4594af71d235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50ad74b302792cd681db3497c8010840
SHA1 b155af9f25b372fc323530c57a3b8e98590da951
SHA256 0d8251f9d78955152a10457ebfe2bc44dfe9493b392ea5c7525e2b916959d077
SHA512 13af0921e83cf0b75a7b29e6f5944aa487c79ca461f872d1b65162c37efcff0466bc822d3d452060d84c0def1a89b4e72cfb0457ba4d78aba894c8c51fcc44c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c00b4fa5028948927bea50c2f3a1f0f0
SHA1 0aa2b9e7aa98413bb1c090d1134f527dab9eebde
SHA256 9d43ccdc8cf2cc18a0d9e37a5f3ebdfa596e3a4182d71eeddc38fdeb729e1d43
SHA512 c32eba04e1290b3e0210919c0d33220f7b1700e74c84192e923bb57a3e97cb6545efa33990f5575a67bd1a22596cf53e8e6e973fa7702aab7948db3756605b2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f44a505a3bdec781de4a26e4de2a3306
SHA1 afb20ce7107fb7149d8c952a5a709669c107f05d
SHA256 7d8b38e3b50a4307f9afe37a99120c6a54ed588a7bd3e1c074d034db382f7602
SHA512 3d8ef36f7a5ef88dcfe98911647275b9bf7f62a4a24316eb756e8b6c6414c25c99e047d9e98b6ead4df9032014c2da2e6cd3471bb76149f8b0b5b310a6401f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87a208659e96b031d4a135a852bba97a
SHA1 2ff9acfe51fe742c3f42796858c28aeb348fb4f6
SHA256 d5ca45b66cb507c1246d2f79d05ed3d20da24563bc7e7f9f4fb581eda20b972a
SHA512 4956a2757980e41bfe5a7db7c7450a1cd914ae10be91d2e7d4e4fbfdb581eace90c24a0487d2fe35b37054f40f338fc2cbcd12da6f89df1791e571fa13a7363a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba117d717ac8736e98d75012a33b1c2e
SHA1 5963bfb174afcee821c312103c60d8ceda2fd33a
SHA256 1164a938b36983e3b8328180a80333171c0989a7790826880a4a08d5367c13e4
SHA512 46f4340b8fbd84c661e102fd68f6d08c1fcd35c6a38443ca87ac1beeaec8f9962fced322e30964a5e722e83716eed7c3d3c2160baeb79ecc8a8fab68a221495b

memory/1900-856-0x0000000000E10000-0x0000000000E11000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f47e890b4447a4ffaef3ea52bdcd0bd7
SHA1 9ee3172de76a6579b4392c1d8e2162ce1f6d12b0
SHA256 993cb26ddcb4f560d0192a962cd11edc0298dbc861b5944961acfc587a991565
SHA512 b827ea7d27d114112ea927bafd81f2c2b5b35c17ba1872091c1f0d8f5e46d245dcb45e436b9bcea42a7f8e8ebc5dcdaa56a2620ee51b36d189cbe028a85da9ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_2084_OPCOVMCFWOFHJRKH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\11ada070-9552-4185-9a69-645435dedabe.tmp

MD5 7329e7520874ce67a3357ad17085a8be
SHA1 a43a41b1b7e03498af269ebf7b13c6ee3fff6fb8
SHA256 c7fa5b15301887571b753f7ed4b2ea215a220516f7db476eb8a72b338027584c
SHA512 7680df01b3aa0f925c7a2e8daf87601ec3450e5d67f4ba524c0b385aed79f5ccb595c847b0c510678096b9b034cc3d38a5a9d941957ea2c457c125908435e46a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\60224e87-d49d-463a-8634-782f316281a8.tmp

MD5 b04493e4542056d22fa46b90961491d1
SHA1 d3661b683bf07ea9af05761104bae3b724d98bb7
SHA256 412ae1392e8c42c36ff6a82a2972d3fd8525576efcf5e8dabd048be7dc0e0e42
SHA512 146220d79b195f41027b4eb86b5df9bcc2dd89463e7fb134e9e5bf69ba89bf27d9e7811bb2f696ae96967a8e5a02f775cfd203089b2a7523685aecd03642a117

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b079bb55d22cefcee13770880c1432cb
SHA1 8507ef101cc4471652dd88512990a9c1360559c3
SHA256 f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512 ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 b9565d5a0304ce8a3fb0b59f06c060f8
SHA1 43abf31e3d44259e855572060839089cf6e7ff8f
SHA256 86a831054d4b485ab7bc4235b9d98c46289538a29a73fedc4e3f9f3e8d437c50
SHA512 80b558b2fafa258417cf00ac29ba824325af30cdcfaf08fb041855b20b7e9cd6bd0aa18bee28c4d88b976e40dd22a4c026adecf46ae70277240ca1243133c069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 74940a414f56bac96d3205c2f8873ab8
SHA1 9de2c1b8bc8ce7d61f87e1c2749a92269386e843
SHA256 e42525d4d52b5589c0f62b0130bc369f4305bd721f5d9ea15497453f2d561582
SHA512 aade142066f09a5e9e29388838bce49c574855e34583d86836af231b1320aeb2b3f789f8a280df50c8553b796a0c4edcbd8678dd9debdd2b69160693de6d9fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_5DF872FD70B73DFE5D4C6BC4C26F7C22

MD5 c5dfb5d4aa9a3a18b2bca1e28f99b773
SHA1 2320a2374e2303132c579a239c10c60d1186f66f
SHA256 bd6d8b901c6bab5ec83e8e8fa27d26980620320604f4267e51491f6dd149e836
SHA512 87f1e4141b0e4670014122bd590b74321bbc585565e41f56722651f39cc8ecba0fb81e4f61a8c67510dc18334d4d4da9f0199505677e56c75c28c93c40de16d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 fb908a10ac0c109f344b7c11dedc2ffd
SHA1 8af77beee499f2b26dbcbaa5ccbe49b33fbe1adc
SHA256 e66c3986512a7e8988bda191e407e2fb395603bc88d64c626b34b0fdae398642
SHA512 dbba53551eb1d128f6e754481221cd6085885211f566a75d4081087864d5b6213bfa8b062f80b10f8f788e0e82d3553dbe1bea055ade03214851cf575dbb4b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 11e24aecbf057ab1e5ab561f62f81d12
SHA1 76aca34b98f32dca6e1de81bdd13bbf46f42030a
SHA256 0214100e7dafe675691b6e4502d58325eba05d51e50c346420b15d0fd6aed8ad
SHA512 8733bd8d7882133e0401743da98cc02d9e0a7df614329795c0cc813ce95908072cc53807075dca3f20c2f8e9ac6b522fe92c4a62b7a41307a6b4bb1f5de6b26b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 6adc5f22436ac1e80482b8b3327d4099
SHA1 7978fcb52879ee3ffbd083c0b2668a3342118b5d
SHA256 43f6df58c1e97c5dd083d810972586dddc2b511b35818092fdd4a09d554424b3
SHA512 5063f398d0256dc55e88fda9ab5ee1c3c6bc1808d96506ca6b086120b48e598416565e2506c9558ccf6daff5e39d41aef9c50e30bc6e9723c011d3af1f0ff00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 a672a3e47aa3f6742218d0f600060d40
SHA1 234fa2cabbcafe99af1d0e71bf8e637371e61fbe
SHA256 96fa93df8e60b69dd9e5ca7589b17932d14c7526ef8cbbd7dadcc2e02ab9323a
SHA512 045b04f7cdde13d3f6bc91193ef128da556146bf68bc03a25a77a95b0a08bb4d95359c0ffdef980a63096fed58ea496fdf1727223f0df3f6dee02ea764863590

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin

MD5 65cbce12f53f5921ab5d8588bf7551b4
SHA1 9e3eccf9242941407bed7900c2992f8a05ff9b3b
SHA256 f5f906dba1eaa1c8a25ec40399e634f9b2f85d6cdda5a5f343a4df97f621e0f7
SHA512 1db505926c78c4e3cf1e21aa22dcda3558e8a0704230453db3b5b033ec7a4a287aa73988a1d30060b3075afb41c626e6ef0c7866ba4107f52d23d63a3bfb54fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\9064fec7-2e4b-49f3-bd71-d552a41673f8

MD5 6b17783de65727e4575489600aae0181
SHA1 fcd6bb23ab1af2759f86a5d2090b4b65473e59dc
SHA256 0c6c09fc6702524a037b31785d499416a01f28137a77c81c5f4c7fe37d3a5587
SHA512 9ed22672438d68d83368b526539b29ed06bb00bd91f93d38fd2347438e6c8e625d2629501c58e7dfc21ad8f4dd3e9fc66a92b30e4c36ef8de39e69440e609050

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\580eadea-22ca-4808-b1bc-7736b71b8f03

MD5 11c2fba1c07a1ebfd4f50ce49298cb66
SHA1 88730a3971065f65627c1a32bff4ebfe4f7b4c1c
SHA256 ca70b509b08f3236f509cd0a43db187409033c44cc8fc41b75da2eb22768ec86
SHA512 f8836ccf46f65f92e5c20be3dc97a0c0a5fc2408d52ea601f00a2e78c174a336016a89485953d1a469df3f9f9a20f84916f5001d30e358541557100137137c3c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 830182a1d1f31138df0870f94d5658fd
SHA1 6ac5574e71672a8c5e13600d8b669e8d61674047
SHA256 89f2518b214c0fdfd7612ca69fed0244705ea6e71669ab8657b69e101a17d739
SHA512 1ad0e6566de996f732e09948d622d76f52ec6bcb3163c6f66912b8f9ccb25a8ec94b940b20a54df46d8204fa274d045bb8cf72f6abe5acbd9ba894870e4fdefa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2f7e11e24cdeb87e3b0c93737d5401ab
SHA1 fa31faed8d842ec5d0d4c8d920980060b9b17f37
SHA256 65c0076e232af1cbe0cc331e322142fd4f34b81aa36563a40f92cd1d772a70b4
SHA512 b59cfce866a14bb5c58d6a7d98d82fc25d990329634d6b66216a83eaaac8ac906ec3b68429aa20819bcaf96bc2087b1d3ba97a68d0c0df9b4de580f9bf2ffae2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7692ed.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 381c68efa0e0217aa9271e88f78944cf
SHA1 853fb5f05c5dbb5b821ec92bc28be9d9f9ddec2f
SHA256 8808fef04bb05c477c075a03558c95209124f6e3b3d5c7538689955a6a2a8a4c
SHA512 7428d565ba93fcc051cba8abe819b7d8f2912924d944a0e9d69092800f6c9b9e0c18f0d13c5970b7b412b57a109543d4bdbe628be6ae35334682a4c6b768c07a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\entries\DFF427F3036CB4FD84301A0F4A7459DEC961B2C3

MD5 070459e1f0e946872aa4dc9923d1347b
SHA1 ba825bf360e44f6659eba55494001097ebd23352
SHA256 7596795cb97b89735050d2484532f5dfe269ca83c0c764b28bb5eccf92dceb7a
SHA512 35053a468c6c146ae9be5e07f40fde013cebbb08b3af5642eca50904dfd808a4de9a0f7730efa9ec6e6ec34a4a69e11ee1639163f9dde30af0ba6d5542ff1978

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1e4d764c89fd2152b010a44cf2c6c9a1
SHA1 d50656d7be5449edfbe2ce1f44abe4adb5240089
SHA256 c1129637899fd37f9ec0d45bd90d89ceacef4b5323a8c1bd8581e1a7f0564934
SHA512 4d80816c59499676c57b9379995812a6422c0027bc8ad585b9ac7c5d4a870e88fdb888fc5e83209860037ee04a7d22fac67d1a8b5a69fd163a8ff73386dcbc9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\78\{de5b9e29-6886-4a7a-9767-20be3df8e54e}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\idb\2625842845yCt7-%iCt7-%r8e5s8p5o.sqlite

MD5 2612c246037f2ca16516d92c907bb1b5
SHA1 0c83e544ca879cb5f5869a1e53184784b3f79a7e
SHA256 46f13121c917309cc165f55d4e3976b62fe65303885b82736c3755f34dbd763c
SHA512 cfea8ec0568b5b1e86019574b78d607f5d7fddcd0ada670113987ba035ee5552280a9181b0d576c061cbf9569deeef34393640abedcc3f834824a5477bea6ef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 50081c8a04530d0a59660969efeace40
SHA1 16e787d1b9758aec095e197a7e50f92454adf571
SHA256 f311ef5454d95eb99c07dd385e78367cdcbcec3d0e6dd58b626d2bd0220ba2ed
SHA512 ef43883651db331dcf011b2e21f1dfba032de735ceb630e71f42945018f7dbbada723e1aa5b640b53ad631fbbd56b48bc726f2a3c62bcbc03929795df1bdf012

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a17a9f0e037706160439f26758741cf2
SHA1 f5740c3a37f90518a01a076c2784efbe9db9486b
SHA256 a68fa9b25564f7b3543e257c8c703e3664cf06cf0fec108688e46c3b3265ea49
SHA512 ea07ec557ec20f3b680610d307e1b8ed510c7279e5f8250b97a87538e1d967ce480172320596f122faa9122517157be8ee46c0263205031968ce11ee83d01be5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\219\{889c1ba5-00e0-4d1f-bfa5-6ba839b65ddb}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\199\{a14b5d3c-9d04-4371-994c-9b5944c20dc7}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\248\{3ec77c69-3809-4643-8d46-a46056dd62f8}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{6b1a6e2c-b44f-4e21-b288-4061973d7959}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\storage\default\https+++www.youtube.com\cache\morgue\64\{c907e135-a8e7-40bf-81e4-60808b185c40}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 d3aa8bb6cb2c2d846cabdc89af209001
SHA1 d613761d3ffb03ee87251795bb59497a74342e70
SHA256 2f9eeb98e8f83cd99992828ea085c63b50e08161c0b2c233dc8f566183ab98cb
SHA512 871ee4b828ae7a9b9dadcce35a3e9e36ac953c5773bbdf0485ec9a0a17404ec3381ab489375d410d83c761e78ec958ac2e381c6cdd4d189be0c76c72d77b2acb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

MD5 c534e0895b16ad59e96877bcf5c908ea
SHA1 e1826df34ee25ae78f82db7d0aaf3dc59c0b032f
SHA256 2cc9a09dbc2800612e5ea0baa57c6f7c730bebdfedba460cc5ffd6a19d6e1f2a
SHA512 e5d0a8d18a134e3dcdbb122f12bd0a10548eba19f7521ec8fd46eaf79acd82f66d3c2f597c42ecafd7611fcaf87c1a28e2cf7681d783cca4b26b12a3b0917600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e3c103d8cc31c62279bfefc29ce6580
SHA1 6cf104b6bb2114d7ddbfe6851de5fecc7a2d9b8e
SHA256 63925e67864bde731e8fa7406155db41b0dc219836052af6d3e849081e93aa12
SHA512 8db66ed577ffa0ff4962c32caa7f9d0fca24826915dcd06d94d20e3b50640e97e83f0c38275ec16eb43349423acc24ab4f29258f0753916793c72a8d1a418b79

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 d9d8a87563d95752cef161af33de4d5c
SHA1 daccbc5a703ad170365148bea6c7ddc80ac5fb52
SHA256 a3b8af63f04ae6f38f2091f6854ea4e9e3e3727c7e9044ee07c392b65e6d02c6
SHA512 19ffb60c66dd22477719f1fce8f1d425c984f45ac3ffaed0994d5dd59ec756fa0b685860a83c97530b231f5797cf1c2bb89439ce440d6c4a55a6ccb1781de8cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 0f3bc77ba2af2c4729e90445981545c4
SHA1 62477d1951e173c7abfe169485b0472d1883fba3
SHA256 86b04c9c44f6d5f0cfd863fcfae6dc58c2c60b682323277c25cb97899d559e52
SHA512 450b8508dd7c7caf9af23bee5538dc4e20bec256ed98e7f5bef4b0a78be8d3e6d9f38c0215f24487e0ed266f821029dcd672f3fe4fe540ad055872cf64f1f0b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 071cd2a658485a7c9919d113176e9334
SHA1 05f8c8af8bc1adbd5502df0c2df24090dcee4127
SHA256 c636585710b9d78587b24ae6165fd1fc817400fe312844eb81c6cc47aae62079
SHA512 6ace0e0914be669acd7ef5f09e6cebde586d9623e261ea1a652d85b39e134959060b74456ec4543185129117f692646634579080b9f7319db30b05747e2fc60a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 24dad37dc0d7c6887ba7e0c4a3e65778
SHA1 a96e7e90e53410c0e04f7e97e1c0c673b2e45ab5
SHA256 a3a055c82e227b4fc18d53e585b916c056651c3338ea05234fcaa8c8e059563a
SHA512 202ea9a7feb3eb298d543a4ffaafefdc53db27d81ba60b281fda0a8ebdf64b5bdc337b202c7a787f3752e71aa1ab84a5f9ecb04286859597dfcd481635e62e77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bf27a091121530bc134ccfb36374f11
SHA1 51043c66c16aa9633d6b5f33c943fe5e51769100
SHA256 d13adf6e7cee2f7875103c203c6531987f04b6b3c1d835a75d858d81abc39973
SHA512 2c4fb5858cebe4d3c860ff5e43dc06cd33e7e55c1d7485203f57b65253a23edcbb106c7348875ff26e9be88f278661e2de4fc58ae3eaae974a53e2aef2fe0224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5947198d4be8c7a726e0bf463703df5
SHA1 73700fd070e79ca0392b2fff4c44516fa91f8fcb
SHA256 8108f196930158b06b2e60f90f41bea70ea0f7548cfecc1e2556d91210cd261b
SHA512 2aa167d155895d535d7ab3d622f093ccc468eb6f57dea01bfd64cb3f52e545be18f212fc11bd4b298959970c7864b5a93cb34a76ebe96a387f7056c0a2a3817c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9117eae47ff935f83b657424e91ef5cd
SHA1 f051eb60f6e69c67d84164b66bd9c2cc35b23f65
SHA256 e0fd3251b258fd4d42fc72802cbb39031d195132d41f10529c78c15c5ca498eb
SHA512 770ab1b2ef1db88573eaeef10ee9e752be9e9e0a7a9be061731eb9deb4d93599fcfb9225abcd0fc98f414c97ee455999e1bb8d15a7bdc2809cecccbf5f604d1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 666e512936eb592e12c543d006eac3af
SHA1 d9e6cb5f8c098e5509468cef28c279a731d5a350
SHA256 a306564e16b66f875809affbfca1918cefc04d20fab81c2aed394b5e071833a4
SHA512 d055c0846be5f4839a074d48e54ea1995859a05a55b5df4b641352f71d44ba1081e2659760adcd1294fb1f420e85dc35c758828d70f346bb3c799f038d0dd468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23fc659400d43c404c2743641ac5416a
SHA1 935096a71855d26b9e296149eee96a3d57b4859e
SHA256 ff752f35f545c1b4a0d94baefc560b502e24d72943d4680e8de038a21ece1391
SHA512 0277aeae731793cae8a983b12584245b65828f191ae923e308001c2b742c853dc16308c33aa8e0c22cc8a4f22d6207c9892a62d53237c42172db5b5c009960ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2c401d2ef7c012c769fa5545afb37a28
SHA1 51660d2754c8739f30ebac14866b5408bb9c21fb
SHA256 39fd040f013234e7c3d98ccd8d22d1f8db810ffb692d17c2ce9b5b2e1d3b1f47
SHA512 58e0333c87c56d9c3243f8bf7ad1556304f23a77b5b0331f2455000b34ae07dab85917f8a9b1679a96c71eb001b2dd051d807c5b15faf27df52ea5a3247010df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f69ddef3a6f0aaab82d27a65d55c03
SHA1 ba5df203fb8c6b8acbf7fc53fd06a40c28c7ba07
SHA256 2ae11e9b805e4d716126aafe00038761be3a92baa017d8f9ddde1744d9230f50
SHA512 7d114d652094e3ee54b72459f99bb133a5a4062366efe6d34b02649d6beae75c18d0f5e3b0d288807fb35bf0259b9882d9a258820617befce360fce6976a9b7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cce19360c47e3e5050bfec83289c390b
SHA1 de46b32386e54ede92cfcd4238fdee33436e6f06
SHA256 1af657ed720e6e6b4f65309a4344e94e42fc5ab051fb7bd4f983d40b6fa215c4
SHA512 41ac16068b3cca9313fb966649a7ef3fca316d986d3aca1c7f5f2d0668f536902bb291ca8a4174d29aaac16886f5a6dadb92a97bbc1ad2b5b5638cf183b26623

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc3a7f967ccd3c5507dd8a405fc0c5dc
SHA1 9cb9efe3036e34c35f46861bd71d7f510a036399
SHA256 d63133ca0f2e7ceaa2c3fb07f9703b75732adb223315d3b7646ae1e52cfa392b
SHA512 1b7d71cd09be2b4a1da6d35dd2bf823f062d202c5caafff6600bcb11539832a1a3003360a983726a0ace8029a8bda3b100f2d453ea560586ff5bbc518e3ce414

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8c6e23fe-c159-4deb-b066-d2ecb50e6e22.tmp

MD5 19c693a62c3dd314565ee692573684ea
SHA1 ae594aab5f947babcf1ba8aa63a51a2cd9a4d71c
SHA256 bd646d4fafc43bf8f6615e63cb86c9ae3274d34560bda7d676fdf8f49148aa0b
SHA512 900b34380246596667d8701907ea6c10529cc73f430b4b16d145dbc0e14cb8e52b6c9b5a99933776be9b0b0ff2713ed2c7c8822f023b0fb2db32e93badda3b8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abf451889715b46b487ef818a8af968b
SHA1 4a7c0c830fa240ddf7a209de3af844061f484ce0
SHA256 9cf8477d0977f0d63b6cd9e7795d1119c521910210e591ccdb2b354d6bae810d
SHA512 e81498217b5e6e5b29b5504dc3128c9b8c51f30ea31c34b01e1c29b979b0904459c313736fe028e1b644c943525b5f2da4ede7aec1cb75746d16285c15a90a7e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

MD5 779999ffdd218709b788ca30f569f942
SHA1 c85fd2b0a0325af2ef81cc727840c47592d381b2
SHA256 95019bc9d96186d4f4b396e1027e6025d2dd93859fd8931378046819b8544c3c
SHA512 707e240915bb0f1b8bf7453d5cb679b428dcf419b80d4129dc02f32c96c413f3b56f96c64886a07b2b5fd803eb3a7892df7895e88a67fc28a28618f0758269aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 529be1c622305db329e44df7d187cb55
SHA1 f05df4054a37f7eec809db1fe0ad6275f1b26dea
SHA256 9e8766fe99923e6a5f6c60c860cef6059d5268b4a60f1ce3ee7530d30a5d7971
SHA512 3ab6b920932d08fef17064971c57e5fc97fdddd29dd3135027a5994d18d3a47c127cdaf7459d7299dfc1cab48d015b8b693b105622d41ce6ba83ae36dda2effb

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-08 14:13

Reported

2024-02-08 14:15

Platform

win10v2004-20231222-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{0FD8F040-6784-4AB8-AA4E-4FA685533048} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4936 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1892 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1892 wrote to memory of 2316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4624 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4624 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 396 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 396 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5036 wrote to memory of 672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5080 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5080 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4936 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2536 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4936 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4936 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4936 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4936 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 632 wrote to memory of 3200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe

"C:\Users\Admin\AppData\Local\Temp\6f03f3ff682552680db7f41ee435798515d912f835bfd2414497f7c4696b4d0b.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872cb46f8,0x7ff872cb4708,0x7ff872cb4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872b59758,0x7ff872b59768,0x7ff872b59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff872b59758,0x7ff872b59768,0x7ff872b59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff872b59758,0x7ff872b59768,0x7ff872b59778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17254663473362198746,12864599545253221583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17254663473362198746,12864599545253221583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.0.314661441\1633284641" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28347de5-6862-4f52-a068-ac6aac28f403} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 1948 2471fad3458 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14367356817865792912,5112505091830390210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1381002622769039385,14607132708839179953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,4670473151218875384,3202919622405704573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7767544447826531879,8787749976462419712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.1.1488755937\300892264" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2368 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61985949-aba9-478e-a0b1-b9872c35a43d} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 2412 2471f9fa258 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.2.1886975951\1740955923" -childID 1 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {628aa123-ebd1-4a07-a46a-2c235bf29858} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 3676 2471fa5d058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1964,i,17543997026678859942,16642858509399112125,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4108 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=2016,i,15204940516550218081,6113586085116396287,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2016,i,15204940516550218081,6113586085116396287,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1964,i,17543997026678859942,16642858509399112125,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4844 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.4.1000277387\1772031950" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3388 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77cb88d5-d832-4369-adfa-a026a1daf422} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 3796 24723d57a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.5.1234897093\323082234" -childID 4 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e37914e-4c4f-43be-8b58-4a1579772794} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 3908 24723d58f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.3.1362413824\1177523921" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3628 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de163ca6-bcbf-4be6-ab0c-4340f75c10d2} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 3348 24723d58c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.6.837655081\1512474189" -childID 5 -isForBrowser -prefsHandle 4776 -prefMapHandle 4784 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73854526-36a4-4ebb-a342-48d44abfbf4c} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 4796 24713062258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.7.1825309760\946299823" -childID 6 -isForBrowser -prefsHandle 5552 -prefMapHandle 5544 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26f97db-b3a9-4cad-9d9d-86fc6de8857a} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 5564 247267ad358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.9.1218105558\350584163" -childID 8 -isForBrowser -prefsHandle 5792 -prefMapHandle 5900 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca28da08-7ccc-4018-8b90-865630d80634} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 5684 24726885e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.8.1578165290\1865632026" -childID 7 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa20acea-97fb-43f7-91c5-f4a2e5671063} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 5784 24726885858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.10.2055356301\1659167652" -parentBuildID 20221007134813 -prefsHandle 6220 -prefMapHandle 6216 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d947331-fa6c-4524-82c0-e33e833fe707} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 6228 247272a0058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.11.952063665\156441223" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6380 -prefMapHandle 6376 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdeb1791-c10c-4ad4-87f2-b6c9edfc093f} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 6384 247272a0358 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3748.12.998830622\448371220" -childID 9 -isForBrowser -prefsHandle 6704 -prefMapHandle 6664 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {730142a5-89f4-420f-bcfc-f7704d26bdf4} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" 6716 247268c2d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3872 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x304

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6348 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18433712724531100610,9002131392392182834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 --field-trial-handle=2008,i,12362640298833000522,636950441209547162,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 52.10.159.154:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com udp
US 8.8.8.8:53 154.159.10.52.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.238:443 www3.l.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 172.217.16.246:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
N/A 127.0.0.1:57579 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:57276 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ned.gvt1.com udp
GB 173.194.183.73:443 r4.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 73.183.194.173.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
GB 172.217.16.228:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12f5ea17522d20f57cfc7ed287507d1c
SHA1 683a34647d67a7f0db4b48c8e5ab2bd96b1ae58b
SHA256 25fe9a74a26f05364d78e4fef7962b5509f562c825da977bf6ee46a31e2392cb
SHA512 6ba3e8a3b7eb2fbd8edf13571a7a430b334dc86527eb4368ba3b8c2e7bcd24073cca99677ddffa633643046536bf7c7516076a9018f7b3c7c63a9f2a26de67c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e71d66ce903fcba6050e4b99b624fa7
SHA1 139d274762405b422eab698da8cc85f405922de5
SHA256 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA512 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bb2cdf82802bf69b297c9fae3fa48e85
SHA1 f26dbf7984929197238377b2b3e37f974447448d
SHA256 29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7
SHA512 00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\LOCAL\crashpad_4364_TGENESGRPRIONQRH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53a8ac9482ae8ba274bc0e0d5fe99d9a
SHA1 a05dccefedad3a5fbd163fe8c81e08dd53979005
SHA256 1e91db4cdd328614ffa2010ff8dc7e6480b735e10da3cd6d70e3c0432db314f8
SHA512 541925df61f149df06cbe274bf83817c266685891016e61eb5e561079bb1d5c19eb8494bc792aedb258d4b862b4f1d15f0c77b74f6861638d41559f62ead8409

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4982275b989e659b7393ff491063a6ba
SHA1 0db41579c881068be05eb00a6a3d4051335e57b7
SHA256 9a69c904d24643e111b0301363251d89ebd81e4e238240756ea3935c96a7be47
SHA512 ed0a221835dade61a447c646354fbe1893185d51739489d168626274263a6c34f0fc70ac0b85f67e05b1b94ff002a2c66708dcc2fb2b32c0150425c7e5e19910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d6991576cc5211afd6bc6dfc7ef7722
SHA1 ac178e8ed292a8c5e7cbec2e4e72d59c35832a93
SHA256 1a04d419e845b167ca7d42bca38efd4343101374fecd40b85448fc5a6234b70f
SHA512 d3839cae358388dc06251baef331c0e74737df6aa0d1a2882e4632873b9ccdbbbeec685ee38ee02276eef2066a12b12515a5bc084735d7246ddc6d465c682d10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 074d47f53433c170f71468a590146f77
SHA1 84db02d266e97a94e7320403f23d7dabdb97eed2
SHA256 d85b1ebd581a49ceff54d88204553ab6ae2f709af1dd2af01c97b7449744f876
SHA512 f3fc2b0c4a75bda08385f50805193abeee4986809d4aa8c80cb9c1191cc98714009d3e1c50549b9220fef75b20acb2a88a826e6f12bbb11d8ce79616a4fe0d38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b8570693cdcb9dadfd860daa63bcae4
SHA1 34441875ff98eca5c94d5c26c304caf7b6d3d7ac
SHA256 c69d61fbabd3f7dd50c2260708ec481eca2977fe3b5b2a8c9a246e58c2448954
SHA512 1afdb8cc7bd82ddb3cf06e38d9e2f34f7f35b013a1f7cb022c67567b027cb13beea665a0ccf71f86d96835953cbe813f528be2ac1ef4f6418ab564218e5a849d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ac1c1ad80b6549d461f231c330c7f33
SHA1 5aedbaa33ca90fd23c8e087c6932e210000dd502
SHA256 f3a2ece9488b51a3d9b706ca3224060679a6eb470db4acfc165b6f79b2f76ee3
SHA512 1ba31c2fd52e75e763774204f95b84c6e32c959c1ac55e24d5f7ba44e55f3840bbab656c673041b162653dece95930741d9ebf7514edac3dc4724d9acf965807

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c46faca8acb2fcc6eaf83a0fe4e18c8
SHA1 7fd6c8a02333cfd55936bcd25f89ab9590f571d9
SHA256 3fd7c94fce9bc7e654856dabeed3df98b9b663720e8dba72b3a1b526bddfcd4a
SHA512 4a47d3a8e8fec3d8381e1975f93c1f5e58d0edf7e1e5b55ef84a9afb0430363af5225b7447537f6f5c300d6018d385894c050bf7177049bf39e946deff6d8d15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b6404e5fa9e67ec2c4b74651f0eed5dd
SHA1 8869ab3e3e8ec2ca478a0bb7292f0c0083ad8d06
SHA256 9b8d38c445b8ff3550d60df75bbc6affca9ebb66295b837ec68e08e39c84cc14
SHA512 706183d04f028b17bbdc26a1736f390dd6cddf53051905e020b5a9be7dee260ae09fdf6a213a673a863504f831d07e0b9b80f4ea95fe450bd6f7aabf9b9e8a40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\cb442c8f-1f17-46b5-bc66-ef53b5e0d1a6

MD5 1f5bc352ba9a90ef1fbf31e0ae7fd03c
SHA1 aeeb2cb10488b70da9d2df6f1d8651feec327526
SHA256 5daf0d92fb05358172597120e114d2bc386c3c9028a26648e2e902fa7724319f
SHA512 7651b114a39a8a719cfa80f3f21ef3c213b69d1321500b3ba6f55eaad0703c9f5aff82ef0020c5e2ba5871c2194540d6a41535a4e81c18d3d29a94b58b91b9a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\541dbc33-e8be-4c4d-8467-50df94d4e589

MD5 47d535d96ea1710ef35fff8af46366f2
SHA1 7544e58ebfe477d18c7cfc571797be1cd5514398
SHA256 a2d5884a64dbde6742c62f460b8775489493a2c5e5f39a15b1b1734d0ad8f7a0
SHA512 34231899627e109c85c2d540e04fb2d008c0986a8374d503f50e773e36a55ab08f7d531a141b4eb45032a8f0d7c0bef9ef7afceff7636c279445dc5286d3465c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin

MD5 66b46155d594ca35b1a67df871985008
SHA1 add9971e2a61b1eb1aed7a398e622338acd553c8
SHA256 6a237cff2b8bf0832eb11a5970fc8ee6d1800c7b1013db7c01ff2b825426e083
SHA512 ecf9c0ac4df863cadea57c4c4ac7e5edba9165dd8e322d45512c9f2af7fe8bcc44577a06532478b2318df34cd00c78e9435feeb88c25b3bbdd6630b1b4cd41b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 12073af823007ae20c7b3a14b70da94e
SHA1 6f38b90eb5ecd0ce2f3ecdbe9f18d7412e5298ce
SHA256 d00f5c773ce637e3514f0c74ef1d1ff11a371cc5be323fbef17acd3835e3c6e6
SHA512 91df4bf86a99a79e9e60f2db6a1107af73fafa273c9910adca1e804f63ee81970f5683b460e85c56fbab8230cd8d44e55c294b2cdd17f5ec61a31e900c3b9c38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

MD5 6cb8b0855f610c1c27f38e45453a4639
SHA1 16475cdb53c39d9d156e17185335031e3f2d96a6
SHA256 55952e6896b5bd5d15c54a8a1fb33311394b015def823927019298facfcb5fb7
SHA512 14f41fb8a3d463308a94347ac18c3d1be5c90a20799de97b8aaa003ff2c8286904364a600a063315760e4374a911eedd8407488b3078680dd952d835bec47328

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b9aefd9d7e49084d36e2f6e988e163be
SHA1 12231518be91ba65f940fe1a1ae8cf6d2d02dbd8
SHA256 7b00fcd1e3d513695fc538e3bb528882caed6121c424277fbf467e020783d332
SHA512 3e8cea191c6b259d144208d9844848f14f25d7dd209f913c99fcaaee8f14c8069a4b9a0959357edc3fff43eb298077afa92e03b78106a39fa2793ac242a69168

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 1f4e0b068463a82178ecb9462abe0d36
SHA1 a1c3f70daa1812e6f12f2677c8c1f2f0c35427f9
SHA256 cc0100930d1d6cabf566415bfac049c409933742b9bc5a9cc6797dc9f73bd950
SHA512 33659e4533025e6bc010d5383fdb9c4c93cecc1f15972f627e5fc6d1be5460a24e5e07412824d772b45290a400725f7fb6b6e9be192603001423a0414b3a1cd4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{ef9e59b8-562b-4708-a95b-7c067448d859}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71a266af3639ff4f59f195c98339637f
SHA1 5b1e898432f3c47ae79e68adcadacc71f89b059b
SHA256 1d8c25ce43df496f2d8c2025b2334a2aa4370fb7756889e594d1c07f72b37bd4
SHA512 dbbbc2ca00a54a50cf3648b7f9357e7ba8f37dfb77a98b5db28ccb2794ddb538ca6d7bc092fab71eac7d5f6b0cb02c6cee82598ed3b5393e246c577cb15f3af8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\idb\2358388971yCt7-%iCt7-%rae5sbp9o.sqlite

MD5 f150de8769eaca60af1963f786814703
SHA1 544c35bbd2d551b4099c0c09ccc6730ee04461e6
SHA256 c686f36a142e5e73da39880fbd4b966aab5d93eb1d3c0ac80bab6fe56b5af82f
SHA512 b2e29c8dd04b7f911113a43b92db5ed955bd9104f5b6d7ab8ebf2d207cb8e333340b8fa658a0a40cd7e80a8cb6376e2fd0594e9e4316160cb189e101bc904d68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c8ef232352dc1bee29b674a56d52d280
SHA1 390411ee39e5f0acc02953c3e60e9ae873f46f16
SHA256 d5d009861007669124c5cd6805c64de1c78b3c35edadf0b2cbcf5d70d81807ec
SHA512 26aa833487080b24f3b09926ca39a35b2e4e634875c5a277d376e397eb5ca01e67cbcc4cc80435e77a34100afcf39a5875f3d54e8b7fa25e7e7c0e457eb892bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f638a7bf33d9fd0285ce98e29566fe3d
SHA1 b3cbc1f42587f97199c7f197a446dd6af2926e7c
SHA256 77acbe36c97e721adcd12c164a4e7066ccf7f462c86786ebef24c84d382fc9d1
SHA512 daf5a23364623eac914c6648dbbba5ced25ff62a69ff2a927d2b5e7d9f3fae727cec842d8ba47b4245a8a758e5c68eaac9a911ccddd9a41d6746b08299a8199f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1b1b142e24215f033793d1311e24f6e6
SHA1 74e23cffbf03f3f0c430e6f4481e740c55a48587
SHA256 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512 a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 85b2f70f7cca6ac183b1c48cb0198d98
SHA1 b9c226a60c83280f96ac76c3fcbfcb7547fbacf8
SHA256 c8cdeeebc42c8dd3140e12b64b94f1606d9960af22b6feaf834f4eadf8e1ea33
SHA512 79cb317cad7739b3f23988e3f430f8f9ebb4fb42a1fbb3c8672a835fd343c5588e6f912c2831909a1bf0729ddb2c820deed51d7dca050c303975230664570b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0eebcfd31d93c6618d3864ed614320ea
SHA1 982468b84e80e733a061b38fc3d248346396b466
SHA256 5e08caa01eb581970e849c9e02fcc851052184598ec29d7243a8ef95b73fe56c
SHA512 aa1a816fae7d34a80a95b738b5a73b908137d54ca718b944442fbe10cae336261101166277f509ee3358d8d70ff60c82006403a4120544ec3aac27e09bdd205c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a634ec79457404155372db1864e78526
SHA1 07240ec5cd6db5d870c7537d411214f9b9616436
SHA256 b5bb5e5603239e0e1889d205de2c5474609efa1a0a24a854b73dc3a4ab1a787c
SHA512 2a0bbc5cef93bb37e74ddb76b517befba5323cc8c4211db677d0b197b3833eb02a759fcf1201ec898dce5d68dfed3651d124d473ae8fce885f3198838c81004e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e404d7406b6b25ff193fc7269b92fd52
SHA1 6a02136cb3de07b970e1ba64df0b148f0df31dd6
SHA256 b40c483b6cdc7f83f646ebbf9ac45699285f8b68096f6451b99a9ea0a51ae59b
SHA512 046c1b06607619a7354391d9152d8a9b5ce990ee0b5e0587c088ea611856836d187ead6ff1289bbe663df191702e34bd7954194ce5950a6126b6f808bfd42bdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 2ba277bbbcc8715291613160a997cebd
SHA1 e64ee67165bbadd3b8bde989c3e5b1d2540cf09b
SHA256 00ffe000f78ae3c8c8d5557e3ab0089e29730ed10b2a190bd2b7a569812afd96
SHA512 c0f7840f181ad991c45ed1be0fcc0d90be100f8bbf36c54418ebe66f46d776652447eb5b7eaffbd2eb07c04455841d8e5d74f404eddf3c22daa34269d842435e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 46f142e67520a5d85e9e35459211a46d
SHA1 35e2f736216cca983b3f52c84217d041cce55860
SHA256 5ce498b437b99d3380211cceb192d422ab6de982b6e21d7e91a5e2ec164b799d
SHA512 a8e7ed170fa6db1c285214c8dc1ce0aaa724ad57df0d4e54f55a5b41c274ff7c5be7abfee8f5b65c0b79c84df611185284b928e1ef87a26225c7d25a49ee87ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 b0b439b7e0fda0d849a30b3e9fe5cdc0
SHA1 186bb36ea6aa4e966e536fff9df9a4c846addd79
SHA256 bad9c84267d924ac86be698bc10af250d433ff1855f8ca7f8f4efca2ef75594d
SHA512 8b5e4b3fabfb27e83c63a9b2c0e8eff431cd597714249fabe1ab6d3286955cba2b04adf48be76b72519fb08ffc36f840d53e53a1916c8cd20f9c618b47af40e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 d8e56edd91e6a8e254c9df3c3619f493
SHA1 e5bb299b458c95e5575da0a42ff7b49969b880b4
SHA256 8b598d7196aef8cb9eacf393e5b2520f5387f125552e1fefb6f373be30f64e97
SHA512 46d3bb6eeba235ed9e2621cf6bf89c10c78fbbee1bec31d59347532d9d242de4bb533911d0981d3c1af85a1d51226ca694ccbcef178adda1fb71e9634820027b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 57ae6558fd495a4c05692113c7315b1e
SHA1 edcf35929545ae68664779e0254b67e720e1a0b3
SHA256 fc01d1f63650df9b53e5ed7f8ad20f8ca46a194533f72ab431ce862d1f310b63
SHA512 51fe9f8eee096ecaec21a1b1ccc72ddefa178627cf8809daf12713c70edc075bd1b03f277a505b2357076a278afd11a4f853132d8fbae53361a36438fd8951f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b00186f3737eb9542d9650f9bbe92201
SHA1 4ca8eb728eaff8dd40e3180607b749931ca03b05
SHA256 a87de9c74c295b84c1bec6e87b88d2686d6523e54c71ecf04b5cb0f189a5c8bd
SHA512 76e9f710f658793216813da23d68b65c1fd6e909d1c38b8b3d9dfe96b1b6794c9b64b3adc06c7b4e910bc2630bea7f4a81b1da09fe2d48e29f520ca5e71ac256

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578c04.TMP

MD5 0a097c136a1ec59e526a4b7e397110e7
SHA1 4a5ae630baeed4ff114908695c79a61ec2e4cc5a
SHA256 a39af75f8450ddf7e12c58f3d7fb4b15a72ce447041e0581bb48dcb28145def4
SHA512 00e6d061eb38026adf1c715f56c88fd15cb54e9d9b8a38a2f6acfe80ede2e2f7e5c89fc0f7f99968597c694db43fa39f923e517972605fada42ea10d01b77dac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ff3b0b2f38e18095b011719b13285371
SHA1 4eb5077734d8caacba3a353c396b53a13182bc7d
SHA256 d6bccaed6a4cdec938175df3a580f14747d0ddbe80c34f673595480ffe7ca161
SHA512 c3d76044c0583f36e6ff3c9d8922a5e113164077c5b9c2a55aa778558e4c33596ffa4246f43fe49c09c0034ba51fe45244136d248a4c4f8c7c4d0a04a32ce128

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5080_317959157\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 55abcc758ea44e30cc6bf29a8e961169
SHA1 3b3717aeebb58d07f553c1813635eadb11fda264
SHA256 dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6
SHA512 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8b5073f29826829b64ddf4588d67660b
SHA1 99c67d4b2fc10c63b143efdbeed2a7fa2e5893a3
SHA256 a0d4b70af0aef948fa3b7d5170cf5c7189c65874a196b04bbcd294a8d6379a39
SHA512 3ca92392c2ea85383123ecf681779accdcaaf337652e9c57fbaebc2a896e84d2e9a41ccbaa67bfd659a0f716e072d49a39e888659445eadea7c5fa66413006bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d99c17a55cc84c90e36e7cdb22525606
SHA1 211eab7343fb8d994584a2c407fae7cdb4d52f02
SHA256 db969dab477629a4dcdd3b6ef8010ad8e2c5422d5e94823c5c4c727cb534069d
SHA512 10ba54c80150653135e46d2ef92842ab386a34fe91b0cfd823d2043718f0f757e1ef59a142d9d9cd6cdf90a04ae35b6ebad56d6caf2324075f8770d602f0ecd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f6fa0113991c965f624a6a3d24803902
SHA1 02b154251e3ee85aad608362aa1b2cb3c77181da
SHA256 1387add1106cc7350436f3a0718b6c8ed8d9eddaed982782d8f0452e1bcd9fea
SHA512 2ce535485607b84bd3b05010f41ec3735d87105e6e292b44040873416475f2d5cf7d5b2b3762e71e9e34aed9242e0f08c84642968204f2cb51321c53c6604ab0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a086.TMP

MD5 3f38aa9d46927759b734c0c6468a5c42
SHA1 b4cfca25358e773a914a8df6c2a60324e70dadcc
SHA256 db3b67dffa66510fd475d172697acd6bcb82a7f4e443a4cfc19c3fc934efb73f
SHA512 29317ac62de461ef38a23c2768d8d4c487ed3363a3c683afb0ace441aa9e14f879bfd871eba5b38b7422a3b09a93a335abf58771583bf7537d6547d08ad80992

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55dcd9896f03adbfcb5526b00bd85429
SHA1 d00214ddcc0607084238ba4d515f62b595772d91
SHA256 494293515f58353bb1401c837deb594b8b0e9f8d2890ad620d73a14335c66b75
SHA512 3ce662b7413c632005e7d64ab4755367f6785403fa8869f6a3db1a39e5fc388cc9e0c0b2220f890082df4454127eaf7319ab8542d200ea7c9057982039c8b7ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 df9105a2b9e9563f895dc35e9d2a97d6
SHA1 2e626af11b4ae2d05a9689fe41ced73aeb752303
SHA256 54f6b5b710d4b7c04410eaaeb5d449619edb3c270923cd5d63c9f0dc7a4bc581
SHA512 a68f4b0f3ca7a50356214aba64e64cea4c6b206b697588a9de5514c0e51e69d7b41c663997e5b724b076042b69e9f4d7a4d9fea9bc131c01eaaab9da4b78f561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dbbe560e-01c2-44c8-9553-8ee92ad10237\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e91b7bbbdd7a54f191976957bed7b2aa
SHA1 8b43522637cc4b0de55c783d83b0dcaefcf23e0f
SHA256 adc0f7469caf3be0e7f44a16143c097408d9fc6a2878c639b131c38c96330768
SHA512 3f7a602add89df5ccada7a2607cb94881f7b8abe6e4be840a9a4f4b8057ff126da5007a2e2cbacd46c24528657111063e41bc8038f70c0833530b1c17cec925f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 696e9d196e968c25d520a303cfc17fdc
SHA1 83c93d7cae3a387b5c80ee6b92a5adf5adf41ec6
SHA256 7900e59ce1e88e8ea312fc02672eed76675ec50ea143b49e1782ff80f80ef39f
SHA512 6fe34f7f12a7a8e0693f3791de7938a5babdf7c1afb53430eb5123595640ea50cf6837e88b92d12e3b3abbd14458611dd0ed562164e2ffd6fb652a3459b5c8c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 3b40598a735a304a93194868c712d563
SHA1 6ccfd7117bf97966c78900872119f749873e5347
SHA256 e8b23f654dc1dc41d425a7ba52885933403e1ee55867aa52f18b641e93a8cdd6
SHA512 4e159ca9cfb5ebe7af0e847923f82d4219a467121cb51be9a0f0f6a2345067e234df5ef51206e71c80e5727333a5917e0aa1ca2fbd7ba72f280b69fdb9acb3df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 4e08eee044c91ace0ad7a46cd9542a0a
SHA1 b542dc6b9818c8c1e07563d3656389c67b3ed5f7
SHA256 e5602fcd6ae093bef4648c93d192f79d4d6849d783096aecfdd2f53e3ad85982
SHA512 72851bad9b83bfff6a47141bd5ad47bf1a2fffc7c8c62e611606b06208f5daa3c52ff49f60945ae58884e22476069b99c7a7f44f1ea8d624cf2ad4f4227d3b59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 a11f43235511d2268358f55913f09b3b
SHA1 c64a6e8bad4549632f87f75ad7e7d0b5e2110a87
SHA256 61f6d19094d92151b137e28d88c2197281df956fefc419de23c70b6789ecf0ac
SHA512 76fd7e9a636be26124aaeff88abe5517abb0c37432b7d026daa788fea86fb6e6f8d12e4a66dc87374f150ca526eb2092ae62c74b9e48185abbe3335f2f3ea596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f2161aa5c8acb94153fc43fe24a3c8a7
SHA1 98c51bb6fb013624409bf583241bb0bf417a115a
SHA256 5da97860713e9dddfaa168abe6411eacfb122a2ebca0abe9d4862c1edf9e695d
SHA512 c551812d42747e0c9dfad3c8823f357eb8b991f2d9d3ccb653fc89e192b6f65512848086b43cb2ee23d577c44f5edf7c635d80a3f9c5f1e3a32d43e27b0a193b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c6b64ca3b1a1cb287d10bf7a50f51e92
SHA1 f8e750f0a52fa46643680ddde3718cb55a38e7d7
SHA256 d18cfd7249d92f04a437a5206c7c4be06adb69ce8d0768ee6756036d2d181256
SHA512 1cd9c7a86f698881135d7e041ef01ef1a033e51d385ce850174a346a5d40491bd62211aa7670bbaaabd7782595876c60751d4202be76d5641d722bf6bf5de23a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57db0e.TMP

MD5 0c9674b9be7ad2722e0ef627adda9f65
SHA1 e12c2da8f47bb429d5288dbed8cfa1905aeb26c4
SHA256 7eef70fad4a29f77cd8ad8a940eb1dbcc2c41ad74a336279a08a413f1c96d425
SHA512 e969b7dda82f61f42cfa413cd40a052bf1812ce8e0fc397cc82132bccd8f732af6e4caf09ccc56f65a378cbd515383ad5e3304ad211b96d23032deebd51ef363

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c81313bc1f9cd3cdb3a9d09ccb79971d
SHA1 8a0c98238f582dcc6c607077182ef4cb41c2a424
SHA256 2b260ce5c8289b9b2de755bfca113def07c2776249b699080e311ec70e1745b7
SHA512 65e59628ef1b035a303fbdce2cc61bf6a05991b28f3e1139b2e9cc24207cfb22a27bc2435cbb84a464f1f00e5f15af40061a260c544d5bffdb59f713667d891b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e8d547-af2b-4d97-ab09-47c45bf5521d\index-dir\the-real-index

MD5 a154629ecc8b76fd42d29caa440dac44
SHA1 379f4dbe59e5fa00cd7a801d2510071dae075d8a
SHA256 38ec7c87e30af75c034020d5aae85d04c2e0f39ffbe86879d16d3d804f5e66e3
SHA512 40c0ec1ab53da78221b94a0e06e144e2649be7e2fa79f456cfaf7acfa04b78d540c6ad0da54685cd9412f1b142d98f87b4d3969f9fba12d8711e04dab4a47b2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e8d547-af2b-4d97-ab09-47c45bf5521d\index-dir\the-real-index~RFe57e5cc.TMP

MD5 b183a3c0dc98684c9deb04007723ab33
SHA1 ab3b7443013e30f9f4fc3e52cc894a8abc726e3e
SHA256 923540b015b080e8b26d702886acffa3d154cffedc0ccae5bb913f271639aa21
SHA512 56088e2bbf8e937b56d2282b673161b9e2d5ad065ea490c870a51fa50a746fc8c8a18050f54055cad9b3c95e4fd5296abd899f43c28e22976847750333f4d690

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 425f5c53d577e106898ab2329476cc06
SHA1 f106145aa98509ea78cec41f7505c19bfd42cf57
SHA256 6b85473b783092ff12bef145cc46ac75635249b5f0d0964f3f7632cc64494337
SHA512 5c5231279a6051f731fac0b821b575cde876b8a16db70c117660d8b02e5d499eb265ec82db4fe3064974643a34f8ca8bd938a0663ccc9e866d2657145c030877

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48b81e6fe043df3116d7dd7a7b1db7b3
SHA1 ea212f2f49ec31ed536098ba7961fc91dbbf0b97
SHA256 fa6292a9e1f79270266cd151e86193734b922e3bbb0ec45c8cb0f55dd838a5d8
SHA512 d7d62520069f9cac8a0fdaf62ae83c21317418d09fdf9ff36ec8487d148ab18c2391657c65564e8ecf0b02b9627948bac37a0101fd10fc7f221cd499e69a340e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 8717d8b2c21c9dcd612503ad1006d24e
SHA1 5902ce4b66fa3d9e21b8925b302984989b74b50c
SHA256 38d9ce0bb1038d73840c00559adb4a96140e6bc2ee29783444fca9dd17f6a297
SHA512 2a5e58719441a792c4a73bfa0b3341c62bb98076df2e5e11d5fc724dfa5a878e935e53f96d93aae5d1746e3231f730719a59ee745620cee8a1d55ef8fa3c3d84

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8ba402d7d1e33ade129b02db1f9a7c0b
SHA1 59fd10b99b56ce1aa78f33ba6102c2e6aec48749
SHA256 ec1546a4b28089933161762a948d15013d66ff59609ff1ef07f13a9248d65dbf
SHA512 200f849c9a1dae493866e115f454ccd09b351fa2cb2ed0953ec56bc82acf3ccec05a318c9109e931f22d60bc883786eb8cbf1fb1c731f8669b0e1ce6aef12fa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5803a5.TMP

MD5 fe5636118184863aa3aa0f7861dbccb8
SHA1 fc59cc3dbee25a5c83aa3a8cbd835631f811717c
SHA256 16eac8aee6d0812bbc68dfe213056e0822f53b67ded3dbd16d3a17ad205f9168
SHA512 d37d9756cc7676224cf1b3c2b630c672975d0a82a9e9d4943b66c76d78fe5a53cc52d40c2cccc7d0fe6598859f5c6cecbdf685ff51bc2223599200a2c0243185

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3a444c23047b8c1d05c561bc0ab5f1b
SHA1 06139c71b1deaf79bcdba6855c450583bf3b5544
SHA256 79c8051d811c220cfd31aa6fd8643e0a0b79cbb134183057451019ccc07dac88
SHA512 6ad90fd968e3872ae4682ba014f334b91a3c01031a5cc03dd68836fab9d5161f2a6547392634a469c7b13a1e1f01e2a9ba05063d60ba90b948dc023be5400744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 aac9daa9fbd0a896f415cb631da7f954
SHA1 94e7321a4d9cb4f42d662f5685a36920807c8c38
SHA256 c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715
SHA512 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 27a05b77e7bba6c2b279f1a67cd6acef
SHA1 3164de3d460475f745bba673aecd9f7d799d7509
SHA256 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83
SHA512 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49ee5c3a06372ea420ebcb80e037218a
SHA1 293a41daa24248f8dfa5c323f64da5f4ba1f1fc5
SHA256 96749deefa0dbe78d582fafade163ec9e36bed7a8e4994100417cc79251650be
SHA512 c513278c14d88e7bdc3cc245a313866b1e6222d1292f8a87212e19eec343ec497163621049d6bd5eb9da4fd88071f0a1dbaf64955e437cb41aa943704873c730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 8c8ea6f958bf23e2e70623b94a967a16
SHA1 ffab71601d5f43410d4499790dc119f2b3818019
SHA256 3445e16b3972c8080b7daa1ed3be37fef34c90146a195dbfe722d0a7c1e932e3
SHA512 b8c6590e6a4b52190244d3b30466cddd8c1527940f69bd1a48529c55341811c30e03fe5e03559d99ed3258ea448d320623c888c7415c994915f713a9b3649264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17e17f12196d7b467cb30c17b2f1f83a
SHA1 e2619e05194bb79a92619555c358868a5dd97408
SHA256 cb4f21c54daf68e2f26aa226efceb61a0951822dd1e4f7e190092b8c03385193
SHA512 7b614ca7b59e80bd2ac9470d90a9c84d63ff30f1da635be74d45f98a2a4691d6e50b00f275aadd148756515db3fc44e8f9c49f9adbe1628d87777bf9f5f6f362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 93f28d230ea1207cd1fc6459e946ac22
SHA1 4782fe37c35b318bb07da26d1b14bd9ae1d59fbe
SHA256 b4748e3618c138c901e66e2813edc836ffeeb6f0859d54e297dad85b8eae8c52
SHA512 2c110a039898a0e7c850b209cb21746137ce5e85584f774d4b1a57c4f3b5278bc7c71e5b0ae8edebde4bfa226bca3697858da36e77de3a15542e42fa8c7d001f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1ec95c9dc3305c57a77022f8f9436327
SHA1 c7c398485f6d4477d45e95f980cba18ba8a00f4b
SHA256 7298a19b980d2ef3393be806841e2665f7fd4fa8d5bc2e80924c9bc653ca7e03
SHA512 b99290c8afb891d9d2f5234027bac4976ac3c974b655f406e4ab4cac5c49e1bfa6f135f7198fa14add7d3d6a824da7b12499abce00381b43f74a9712f2fdc1e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ba1cd25e743108fed4479d8c7013137
SHA1 de13bbd9a72f82d3aaecf09ef7ec3c3798fb29a6
SHA256 26fcedfc9116bd71679962cfb51bfc6e1f1c138161113539e3bfed5f325f7734
SHA512 eaba43b1319d6deeab1a39ca78007991b23d1e067bdce278a0a67ea139ffa7483320f5cea9c6cdbafb46c3bdb8c9d7af8a2b1ebdcb146ec8062ace1cadb4fc80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4be048590d50232f5a4911e6b778ea0
SHA1 7476f20f4a9855164b41148a09a4dda6d5ccba0d
SHA256 7f1d1cf07223a71ac17db34a0722580eccca611c28296768f031a19b5785abce
SHA512 b5fbaac13e256ad9c9cef406e9f49d546abb6216c21ea5b71cb08ad1b271b1685a9b16caa445b562993591a07862b9916e3aa8aabe4f7814cb7a55a7cabf6949

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 23d1938a2e07be882abf225b3c878549
SHA1 8248e343da34c2eafebd2f510ae2359dc09f7472
SHA256 0483bbed77e646eb49af3e9925385e19ccff7819483629fe71d72088f91be3c3
SHA512 df274315006a58453acadae0c7aa79e1846d5e9ba4754d1ee1bc5ddfe0b6b2d4cd22a5adb02b508dcfc34e87e1af59423e3f1a4a538c97d7d014c85033c3ae60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8ac849add45f2301bfa0566fe58aaa82
SHA1 390e8cf960e6ff1490c5644fe29244b5f38f5b8c
SHA256 6dcbc485527ff02d2bb2469de3b550e52c7d316c7411b5a7b52f4280d0a6540e
SHA512 79dcff4e5229c24726cc9a02d76273552af43291c9b6f7a9c870b1d65a4139e363591b3ff5c67d82494f57fd201c8ee388a135f153828cc3e467d01a1c70bb20