Malware Analysis Report

2024-11-16 15:59

Sample ID 240211-h46jksfh47
Target tmp
SHA256 aa4f5f97a87fe0894df8eafd965b3ad85a75cbc5db4b97ab02a650008ba4c26c
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aa4f5f97a87fe0894df8eafd965b3ad85a75cbc5db4b97ab02a650008ba4c26c

Threat Level: Known bad

The file tmp was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-11 07:18

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-11 07:18

Reported

2024-02-11 07:21

Platform

win7-20231215-en

Max time kernel

39s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a1e197ba5cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000d20a6f5d4585a4fe80fc18960fa4b7f565c12f88247085ef83afd6f054623cdb000000000e80000000020000200000008cd6adadcbcd74020b0802defcfad9c6dc80e309a9dea09f7fdb1a281a112f2d200000003363b8a6683d9fb153e9d4d5e8ef406da880eefcc93c1f30fb51c3d62555e88340000000ea7e926f79cd2f5c824246c9b30eefbfcabd4380baec9c5d3da4ef6747c3e8af8230cce23ad48b61268ad771fa416508810b5b4f758ea53ea54ed2e69970ba9e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1ED1E81-C8AD-11EE-88ED-46FAA8558A22} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1E5FA61-C8AD-11EE-88ED-46FAA8558A22} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000021114d5baf7d8601f74293923ad2a489b11fd7d76907644d6a27ff360550b1f2000000000e8000000002000020000000b38c8478b74eec27796bb12a57cb9a1ad3b2225feabf2afd5a811147ec16993c9000000093ebe8ff3eed14baebb674f7721f1364647466ae5c7dd484b14600d2c4152c1a41f26e47973964ce7c54955c5ea21e93d7ca75f03a3c4d40be3efea0880efb47dde191731ae3353ccb1670ec0f43e83484bdc92ca41f7f4b40db66cd15dda05d97b54b8f0492d629ee7eeac37c602ccd4c26605e5767cdbf2c82b64362a9ce99c16ab66a358fbf10f4f4dacc858b79a940000000e1fa9a9a401a8b05f794539560a4eea84afcfebfc94c58bbc2334140be5c3da8d2487c6b68578b5859eefc27f5d58ffc905f067eedf447e7aab8f8d987978763 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1EABD21-C8AD-11EE-88ED-46FAA8558A22} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1344 wrote to memory of 2052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 2052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 2052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 2052 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2160 wrote to memory of 2860 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2160 wrote to memory of 2860 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2160 wrote to memory of 2860 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2160 wrote to memory of 2860 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2040 wrote to memory of 2640 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 1704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 1704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 1704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 1704 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2540 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2204 wrote to memory of 2236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2204 wrote to memory of 2236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2204 wrote to memory of 2236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 884 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 884 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 884 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2540 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2540 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2540 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2540 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1380 wrote to memory of 1752 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6749758,0x7fef6749768,0x7fef6749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6749758,0x7fef6749768,0x7fef6749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6749758,0x7fef6749768,0x7fef6749778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.0.116829516\1113358432" -parentBuildID 20221007134813 -prefsHandle 1180 -prefMapHandle 1128 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e55bbdf9-b80a-4887-8360-d3d1ef655de3} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 1256 116d6158 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1376,i,11376687354707692137,2853048796184550505,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1304,i,794744645096369854,7843038141455180397,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1304,i,794744645096369854,7843038141455180397,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.1.1464066053\1248928972" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d832ad95-eba9-49d8-a35c-b4c3da44c70b} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 1548 3fc9b58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1376,i,11376687354707692137,2853048796184550505,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2356 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2296 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.2.1283159993\1761066262" -childID 1 -isForBrowser -prefsHandle 2052 -prefMapHandle 2044 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e113ce9f-ed0e-4b3f-b8a9-cb7eae33e687} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 2064 19e81e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3140 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1320 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3012 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.3.1970161195\706111561" -childID 2 -isForBrowser -prefsHandle 2832 -prefMapHandle 2828 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {542881d9-84ad-42b2-9a70-1c293bb086cf} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 2844 e61258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.4.792265616\1589055558" -childID 3 -isForBrowser -prefsHandle 3568 -prefMapHandle 3548 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9607d5-358e-46d0-ad71-62ddd3e7427c} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 3576 1d612d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.5.1125553556\1593352397" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 3700 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3641235b-bbb7-416d-9480-747281d5e226} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 3824 1e4f5458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.6.2055006557\1350320483" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fecb93a5-e225-4eb0-9274-692aae5966fd} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 3920 1459e058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.7.1647373509\1450441855" -childID 6 -isForBrowser -prefsHandle 4228 -prefMapHandle 4268 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f23bf4e-2c52-476e-ada7-a079ee2d1519} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 4296 1e524c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.8.450377020\2044970526" -childID 7 -isForBrowser -prefsHandle 4408 -prefMapHandle 4412 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee735be-0675-4f37-9d22-fcea1aa67e40} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 4396 1e522858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.9.176103787\1042879128" -childID 8 -isForBrowser -prefsHandle 4588 -prefMapHandle 4592 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06cc7a44-112e-47ba-a059-5cd41419ecdb} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 4576 1e525558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.10.462405221\789726159" -parentBuildID 20221007134813 -prefsHandle 4744 -prefMapHandle 4448 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69de2451-513d-4b59-ad9d-650f64d3c466} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 4228 20f52658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.11.1429694850\1627610805" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4932 -prefMapHandle 4448 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f76bc1d-74a5-4bab-89fd-9c81105e8bb3} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 4944 20ff5858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1752.12.936434314\374621501" -childID 9 -isForBrowser -prefsHandle 5160 -prefMapHandle 4840 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f51abcc2-25e0-41a5-a2b4-1dfdb64bfc71} 1752 "\\.\pipe\gecko-crash-server-pipe.1752" 5172 1d611e58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4116 --field-trial-handle=1304,i,18322104852845096915,2336773999310374266,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 fbsbx.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 52.10.159.154:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 i.ytimg.com udp
N/A 127.0.0.1:50119 tcp
GB 142.250.200.22:443 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 172.217.16.228:443 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.180.14:443 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
N/A 127.0.0.1:50166 tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com udp

Files

memory/2540-0-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1EABD21-C8AD-11EE-88ED-46FAA8558A22}.dat

MD5 f9320a4d3646edcc23c2ebf758cdf542
SHA1 72231655624d98803ab065851218b8e1c72734fc
SHA256 2cd8cac1ce495bb389f5e53fde2f10fe05b3bdbc8aee5aa5fdcbb41e44bb4353
SHA512 d95d4520bb14f94c8ac0de289956c640e5c31cf97ca0bcfc5ef07154b4a53b96a1ecda7b92bbd2adfb2adb2ad8eb328201744c01802b854a6d6a61ec3a0a4397

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1F1E141-C8AD-11EE-88ED-46FAA8558A22}.dat

MD5 08ab1eb118676c8c6ce4beaa80fad61c
SHA1 3c57121fc643ec35fa3a7a1e2f72d32158d11daa
SHA256 51b40f58a4f66af6d1b3715407938ef13bdf248dd8fa76552e39c9415409d1fd
SHA512 63fd7e235856355223ae3e2352f0501a4aa5b618c8dfa7ad63b70ed6286b94793d25098d85ac829d3d56b945d066c08cfec174e4a44c171ec91b749f02230480

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1ED1E81-C8AD-11EE-88ED-46FAA8558A22}.dat

MD5 dd715fb28ce537e0f768fbb80daed55d
SHA1 c0f0efc277b3f3cc8f78b8117702aa48c34923e2
SHA256 d20fa0093333221a3f1df235b398582204b59c855c0642daca09df0b7c7f29fd
SHA512 cb3fe8b4a2de5ecf4f471c5b9f2cc3df131cedb1cb3b8bad3ed791bfef23ba03b8e2db729cbe8b1366705753aa1f40a06b034ee4bd6cfda53c27af21fa3f81c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1EABD21-C8AD-11EE-88ED-46FAA8558A22}.dat

MD5 117f9a582036c1fa70e39a03c1bdfeb3
SHA1 a4170d4e5d1a90e10f423d81efda82129596c629
SHA256 441b34e7c8700bdfe2dad50273a2718b642b358a38e1748410004d267903b0fe
SHA512 633c24f5b333897c7a3765cb072619a67486fa7b2b5256729d6d57d8230de057457eff9a242dd3065b144d13fe056c4598ddb98b2475adf376e0b31eecdc998b

C:\Users\Admin\AppData\Local\Temp\Cab48A5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4960.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0d91a333b5df8d82806a7e6f269c51aa
SHA1 e2ac6effc138799f873f610c7afb6b60a6e170d2
SHA256 26bfcdbe862506996837b43fb666dfa2570c9865eb49b2af6e9bd52885153504
SHA512 51c394703b0058a4e7d809bb7c13be4ba887bf3380bb33f88c53cc3efdc9e944414d33a97b92f4e02577010408b628138cf3c0d095e88757731963a2622ec3f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cd1360fd23946c69d1aa873f634517d2
SHA1 5935ae3c1616d6cf21ba20062742e5482f325893
SHA256 54b9d9dd407075aa3243c7d9c788964d90ce81cdbc0150ef08d728536d0e0395
SHA512 ce6b0829953cdd633706165bfa27c26955a86316f257a3f564691850cf2d02004a8b758e975fefc3d28328fc6c7634dd6ebd2590c9d5ea51ca0d702a9283a96b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f7de055d0abf9860968bf178b42eb90
SHA1 8414fddbfbebbaa45b002be5e81287fc0a6cbf0e
SHA256 0987c23a6781499ba7a0371a38853f888d1ad46c8324fdef7c7635939ccc1ab8
SHA512 3b3a8e2baae5195e43a0e582df04a2fef0a1060c5b5e2debdd096e85247f618b340ad17ba35d16fa6280510e04ce41d0100f8b26e11937bb247abecf3407b4ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e125efb4124064e14f90a44685b76cf4
SHA1 64a24c924a8435056357e7c9a61e7501153149e6
SHA256 5b2e0d157b98afcf8a0570ffe0e563dbf37f3f710c3616854852bc959602069f
SHA512 34f85203d1e3f78d152c80e8fd3f14e8c619be906c415fe32dcb1597bdc814329e4466d63dccc7d86b5e383c744cae88d5adc8cbe823052fb50b52c05adf9fd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9982c553c67de2b1cf94250abe2626c7
SHA1 d711dd8a86e509725c5755b4d174e52e585824d4
SHA256 ec987748814f2de04e91dc484915c23a28360c58daa8a9542f63a2aff98c3e84
SHA512 6187834e0f9ac1adf0043f014ff26cc3c63858fd1691703b0e3fce0c1d6746334e76e820a6f4b417feae7bc67eca4f87675e0b688966313b8e5bf6ed54da142d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 264720d614b7a4933830585185e793af
SHA1 44b305b4d72223f04a507849c25b786134daf1c9
SHA256 2b756d855852857c631cf3b86cbf5dc3649967b930525255bddf824ebdd3d642
SHA512 4e3320dcb6662bc615420685c3ada67310cecaa6a6e45a4b36fed96ca33d76369148ceee298c81308955084cd577dbffe6f4963f1b60b43164ad9db0adb975b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 ea5ada203f97cb439cdb5bd9c6e5f257
SHA1 d9c30665894452ffe08ddbf647c275ab57034044
SHA256 292cf913a3620f03eba262b04283d395f0e80032b16ee22d801f1cdf42654284
SHA512 78aea105c9d536f52a18705996a55030436148e29606461f604cd27321ec3d420cb68906b9c34b8d9eae9ee4d57070c9c82b1d3e2bebfc529f327abd6051ec0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 18cfb78402273046f3d9335073899650
SHA1 ed8f28db9cdf53084780f61bbf760ba2aa63020c
SHA256 71683b90ea6bfa6c7a97a4877542aef93575d39ff811e2fc984a57cbd04da6b2
SHA512 0419126c88ac7a8d92afdd19d1fc13b08e57ba5a040022e8efcdb747d2b6cca35d61e847e8011efa85ec03323dff476b293e6f951ad7de3641d64cee100c7437

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 dc74d5c28d8e329fe81499aa0b794a1f
SHA1 3a4f18557584636643aead79a64b69c35dcbbe0d
SHA256 2c5e9069ce6b7b729bff5a882718f1f1a854d6e09aba18868a8e0ec445b20769
SHA512 6af35099134b0987cfeba7e5d8b32d9f388a09c98cc2be2f52c9bd172ac1fd0486b7f5614241cb54a09ccfe5c788b1d0b9e1d167795504ff62144f4f1f5ec8c8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SE2VUD3S.txt

MD5 7c9e6c1007b3b78038749e9f3352e5e6
SHA1 b849acf0366d1d45ad9942e22abb2132e867b7b8
SHA256 97103bfff000892116bfd29b6b192bfeaa3403e47726c4e0f0983dede14376f3
SHA512 1378ec7041e107f29f3db902714879ac6b79882ec3f1111a1d099425728b041f1ce99a34d1e0397a38aa19e7e3a506e628498df27392dc4362d034e23ce8b115

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 755f3a8a404037b67e86cab28e9d2f36
SHA1 7e563a94cba54c85357da24118dbdd0d93366626
SHA256 20f35c1c7737485dd0aceda770d3a6df9e2a1b94e5ae78f816d80ce9772f940b
SHA512 ae2164e517381443d6b4e6d1ac601e5fb304f822426f5a81aaee3385772745be50a12b63dd280ffdccf9d3fa7b1bae61bbc36a513b512c612ec5b8ed6d5c806d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KRAUPZM7\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 b0f8f56d89f8a423cacb98ecb1730072
SHA1 1df90c6c61733a9e649006d81b753bc2381aa482
SHA256 6bdea997f299caf60f57286f7904ad5ecf167117ae70d017f8264ed435bfe43f
SHA512 03b3bea003a7be992cb11696b2cbc47022f9c82c063309d26f8c0fba8b7b5370b00f7ebd7e986c5ff81b514fcd7c07a9c129bf3ec5f76dfa750786ea060844b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 34f9a286be647a6c0df072b2f6e182a5
SHA1 0ef0a28d7bc8f2aa5d32f639f0c3a6c0c21b9bf3
SHA256 1e7353c40e20d1ffe033d847e0d52ebf47043299cbe20948af8319e1e8f8cfcb
SHA512 995f1cebc1b225f3590dbdb8d56c3ba9e809a6f3352b261626e2c4faa71a902012bdb8813e9dd029bcd4a323a4f757b9c8817ab6fa43ba7af0c86341fcbb0b40

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 46f6f11ed12ea8f0fd78299bd369c4d8
SHA1 31350c2df3154fab399ad979db3d699d75dcc238
SHA256 cdd1cf30f12bf94151931aa659e6f2aee246bdec30c6ba8e1366b72d7d29f57d
SHA512 aac15381d64bc083fc905b5e0fe66e6ae0600f233d124c919d2fb267a5143dd41c1527d1a06cf2b340becf1b949caa529d5e427cce95b7c525151bb397748068

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\favicon[2].ico

MD5 b2ccd167c908a44e1dd69df79382286a
SHA1 d9349f1bdcf3c1556cd77ae1f0029475596342aa
SHA256 19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
SHA512 a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat

MD5 4d74232c20a87d6353f29caa3e69a052
SHA1 6b9c6b8bb9e6f62a7eacef0f0acb0800f0953a6a
SHA256 965135f26584b954c40c95af0ca41e3f0cece7004eb35235a2aa3a10b3713aca
SHA512 589784a2c04631e6da207b49543b1fa68ff0b04e45c9a062a0b3e0d2298b471c073b7f8df69f6268cfabcd5e493207ba16e53acc953e2bfa2dcd5b98867938cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdee5e24b814e464ddce0a92c58174ce
SHA1 b6386368e411975e487a160d6534396978ee7d04
SHA256 b0ad48068dc25097316ccd544581f1620dc7759b2d65026f2955c5cd24dd592f
SHA512 cc943cdbc4c42865d98a470f45e0513f3a6c379e4671b722221d29ec7796fa69c0d61d09f3f39d454db628ae4a6190567624536407004cbc7c3791b84e685b0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2bb403caefc9b836ad141e402febaac
SHA1 2327d9ccb80d5d98119ee0435a4ba4ade07715a1
SHA256 2a05674ddf920a64a5abfe911f73d26235a02e7d81bd1a6b89cc4701a10e66d0
SHA512 fcb10fd66558c400ec1a6cfc053fa6adad520fa3ff50f0baeaa892a8ccf2bbc3cf87542be93c043234dd0ba3f2cc061e8748580b340d35e7041ad0ed62561475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40540949e232caf3ac85d4fca9a90e2e
SHA1 0540045c1bb3b0c2068c6cb53c68a13453c44256
SHA256 7aa653b1e2c61638a13389d8a59d18f877ba574b25fc8dab054418058e544bc5
SHA512 6f47901b7e46783b39bb1be59198ecfd3dda6662be5c4a3d4f7776f8e23178468afc149601b4a2c44c739db69d4a086dc2cbd9b59f33519674f0d6987f46d43d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca2bec885676ad1edc6b808aa14573d8
SHA1 da721c08af67a9aba62287e12c3821ef0bfdb5c6
SHA256 f43fd948535b69e8adcf8a8fafb3df63ab0f42c0918c97533cd8529a670c11fc
SHA512 62c10c2637f35452ad62dfb4eb415b50375d5e6508de604426320caa5240fcb49f861199cc2c126fa495fc5bcda6549bb9cd4a913c3c0050366db1abe5acae93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b646ea4494a962bc9ea07f2343a9a272
SHA1 5d0ee0ae6ce30e308572fe1ebfd73fcb52d1aa3b
SHA256 9e94889beb5bbfd772a5dfe59ce672b5c45d45e4be10980ed726ea084117a768
SHA512 bf0cd81ed36aac4c95901fa3860ca5d1017b2025cafb099679d9504f0fc1d02d33f2cf37725fb657fdc93e1f0dbf7d7aa5828a179976b25a5a40d5a59ad773fa

memory/2540-824-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 39ff684cd3d1d94c2fb6b46100f307d8
SHA1 132f5fb5a6dcae572dbd0ff97eb367dbbb9c87b5
SHA256 c872f03f360cd719310fd2303105d47b8ab815561280819e5fd03241e8029959
SHA512 419b717a78bfa29fc5f8d45515e1c50cbb2afb8702b5b152c9833c63b25f951a70eb0f2c7b32d6ea1ca747175753e853d62629ef51eddf91ea59072f6e8a0cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_884_GFZRLMIIQPCQECRC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fbb8d2968c65c5f309a759dbd1e1479
SHA1 f66243077d3887a17baa709d9efa46e91770004c
SHA256 b287ef5df7675cb6d6affe9548a73e3d3cffb3208f2f3ed176a956a6dcaa0213
SHA512 7ef8b33bacb1a01be2cc836af94e5db2e14c998a33bde85dede54a74b7ffe78b8869be2d65b5f6f2d1abc2155a0ada6f85524090f4a59f0aff50e996a1955e88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\25aab900-f247-498d-bc82-93f688a41302.tmp

MD5 eef5382aaac9f698a98f93c77069a60c
SHA1 c3c749187fbdfcb180427a69cbffca707a1a921b
SHA256 d697e358e7e2b3588d472c56358cbf9e46b6c864f284ba0477a0113a8e15dcce
SHA512 e9ac31225d963a5db17d6c6575b9e7a420579ed1e22e444f71470a32d79e4771ad77b51c2cb5ba76df94606c22de3f88771c6014e9b83d9c8f256b26661d486d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 f6fa180730fa9374e435c281574ed0f3
SHA1 7cc5074419be2b9fbc70c49a8f2bc0f155e57654
SHA256 627cfc1d000c1f7f876e9109c2d3a1e71de4f98dbd1fcf076bdd6b2f34d2a737
SHA512 60e0b9499da4509da1da8975d44b065c5ebf1d8f74dd53ba028cb9d6ee621763b6305a1c9cb7bd0f77a6e7c7627f607763e0e3549121514f4c754548ff234d5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 22e6f27c464012835d7f3d75f65c693b
SHA1 fdf5bc60a6c2476f7d3aa3b629a62adef4b3c873
SHA256 6b0e03d5b184b25dca0b6c7036964d6b6ec4c0bc69753eeb555e597fe061291c
SHA512 211fe09f6b079c4666ccab5d3bbb3d7f85fd2f43cdde22c184c7db00c199429f942ab4b88f026f3fce278ab9e5304575ebbef4b0a405a27741ddb1a513d844b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 a44e4e99117a4d2c92f6d1a449d6a018
SHA1 6a292ade3b5d6ad8ee32687098fa356c60f995ac
SHA256 4ffd411eb62b93cce488ff8829754e16d9d2fb4601d9f1572e4ad84b28792d2f
SHA512 97cccc32d73e58f7d45d99f96d2abeea760912045e548a36efab52d32bfa2b7695907833941d924ab4d092031de03ad1a279ace22cd1d3880cb2bcc56e34c70c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_8680E35374FF33B4269EF1B5EA5FD8F1

MD5 846ffafa1baf46cca0e1497c54f14c69
SHA1 b8ac772dc309e365df96da7456dfed882f214749
SHA256 098114d2cf5df964104354d05171a60119cebb91518a0627f73d03770ab7737e
SHA512 3986e06ec49a1d1a35d1ee876217d73258f4157e7c405acb50358b35ad9236e9cdead379a8eeef50e8f41cc941dd1ef390b491909b45b846c659d769cf40cbe7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_8680E35374FF33B4269EF1B5EA5FD8F1

MD5 74c2bbf478466a02b03147a73bd6e070
SHA1 b03354104902bb1d6a8fcd2627f1587ab08efa42
SHA256 db420ab895e6f184869a8920b296e75457f016ac8ddaf4abfc7b97a8853ad149
SHA512 ee82623c40a682ccac5ecb5d4f0b0a53955f721eac4ce6e871a81970c0b4342c2661d6e6dfce9de41996751f8c32983677ceb9a96ba3adcf74ec26da79aed736

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_8CFD0F060456F65ABC9E95E41A1F781C

MD5 83d61d84f15fc94c0b50959ae469d809
SHA1 80a8726163ac867afbcff1f65f4e9baf1cdd136b
SHA256 482948ec6493556be51b398dff2715cbdb05d5a682d6d555ac27e56d17bb581f
SHA512 a9fd9c267e9149b87e39075c80192c4af0bb7bc02ff6cd6a869fb5f8f87603385aa15d76a9ff7a869d23190b049cdf5587078519af43faaf709e6a6214566dc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 caf4a3c6130cb18ab9cbcca0320c93b6
SHA1 36676bbd2e7ff38261f3137fd57ae6e481a1e1f3
SHA256 72f6856881233082576a1777b19b06525781bb0507719fdc7ffc273a52c82c8d
SHA512 a52e3794142b0fc2b913761ad80e01ae5fc35eb8bf76f28c6a21a733e52090cc6ccfcc94cc88104ede9fc733a5ec200040b25d68baa513eec36b020ac96c3ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 1bfa80b83bf3652ed23f8ce160c7c7fc
SHA1 7daf50b21aaa7b31a5ef0dec9e269c3815debf84
SHA256 60e1041788cd8f4573bad94d7a43ea2b957fcdf9bb9b93847ef76b52fcb51969
SHA512 bfa47859a20d1669fe266a1666ca8c98c444fc4ac00a5b6e47be2b3573b749d5968a193649c16200a6102c9b6fc840d3b3d69059921c4a959b636894ba889d97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d341f93f05b64d0f730e7bd533fe43b8
SHA1 93ed39178cd8302e98b7296f034d77f9a3eb88d1
SHA256 f4fbf801677bf6cc48421e2ddfe83c0f56046b682c250321bbd712892df99a04
SHA512 3b523693f20fe3c78d8897764781332f8587fe3dd3752c8224dde2a90c118fced91f20d592be3e93f7f3e1af82549875b2f493b7e401fbb4178da93920cbe6c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\67f3aa55-e2e8-4d94-afd6-98bdff8934e8

MD5 1f05cf95209d4da61c4859f0505d846c
SHA1 1877142b74911589600e23128696ad9409eed5b1
SHA256 b199f6ff7df6f64cd3ecdacc52503e6d674a9b1a82abf56672d36b7258595d11
SHA512 017c62a28e50a94b8743c5e3b6d4e16b7d0c9c162a9b668c69ac75ad09ca3ca78af6343646601a0c40963567c18a17de595d212d9836833728857318b24fcf52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

MD5 2ec6ad230a636dce2423d2c80517d764
SHA1 c54fed580ab256cb016868c3ad36b32bf874c17f
SHA256 1add36499408f96f65d0029d73ffa8cf493720ad8c6381d14c3637141f666add
SHA512 6a5ebee8fcc690ad38396e7e977b70c5f2f31f9f78bea53d862924fca9500cb80c14d5c019a478154d39b31bbc191f67911262620083cb5bbbd095bd9fbb75f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\e22f1950-8a10-4cd6-9db4-aaeddc46f36b

MD5 e70b2710bb7f9ca8bec97f425e6dbf96
SHA1 c68b0314dc6280bb337ba16d744f85330ec6597d
SHA256 e235bec4dfbeee206d6b0244de70141a6c195ffee14182cda7352857680e23c1
SHA512 aeb22aa2e02cdf845be3b15a6f32103d6e8108ffef01937c7e2eb1e3cde56b68afb5f33634f8aa59a81f55b141a1494c4d28cdb1cbc115dfffcef4a1cc6c6b69

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1a3730d2c03dc5dd6ca328fd31ffae25
SHA1 ea5ee0830758e5e374b9b6f4ea53c70e988fd1df
SHA256 012dd7b1a2c6393f6d04e1dc1a0785c8bf243fc9afe8f36c1ed5915f164e6579
SHA512 2643624c1f3dd3f16cff9dba22b70f926e2aa24478d90bb8392cb563d401ec20cf7377a2d8bbd2f04f662abb7271d1167a064a5813fb58175ec2cb352d6ec5fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs.js

MD5 2878d54635682132492d61d0b543b075
SHA1 fd5fdc3a48f0f02a9e05935c6f4276f18bb3e568
SHA256 e6952699fe35dc3fc7e43216f638aa05bd54dabf00a5c04f1dbeee8c8e8fbc06
SHA512 79f6f8cb5b6cc6b1dfbd313e0ffcbce3ce71df44cd72bd5738738c18dde99d56ebf99c8880d39a977ff794b6a2e518ee6458183acb18113374bc62193c1359e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 f711392c607676d23be0d39cbda54866
SHA1 1e7976758340fa970e76c1bb655e3993575eda5c
SHA256 9259027d18eee22d0d5f6e6a2d4279c74bff85fab5769e3435161023b61fcd8d
SHA512 a8361bd477fe60b5694abcde0818effb658df786a2fdae5233557a12b67234cda07077778b8776244dbee065887269a73425aa02a481c8cb015419c5010cf248

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0358df86e8d9408c59b1327f6cf2ac84
SHA1 8f6ba693fdaf68e19ca36b3a0ff9f8a0abb5f22c
SHA256 c189eb7509a2ad44ac892640a8b14d2266b39419c6b0c87b41fc110cb605ff96
SHA512 5e8e826b619098fff7f6ed502bb1d0ea24f805055c8b87388cbc2d665e0ec8a96c9027ea965bb349c439f27bfe9f4d41032d460817e1e835e2aaf58d67eb254d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{d8b48809-bb2a-4dd2-9300-77a08ffe4af4}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\default\https+++www.youtube.com\idb\1431426773yCt7-%iCt7-%r6efs8p9o.sqlite

MD5 a528ef353d85454c09f5d4c32152f202
SHA1 675acce4ddcc67c64d7dcb8c8f465a5a39d09c51
SHA256 c59eedc2c366159327c9d29bc4e271d956b23b88e2d08bcccd26d530800c56ee
SHA512 ebda40285b3e6d6d216f9fccb3bfa83c1fee12333ca2cf907756bdd43def851bd0ca85ae352abda1dcbf20e149b4adf765e1d8bbcb41a8601f0656a41efd3828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e753.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b3b61b2a6ee2e923573ded8aa2c7eb7
SHA1 06c7fa0d6ec55343b560338ff50202a704d201a6
SHA256 1dc967c20e876ca2be7f74bbb2866ada3e400cae20e850b0081320451aa33cb9
SHA512 803677edb877f6bad0ab52d6090f9400eb15468150629072a2e616183a04ae0e414fcf86cd3adbc63fae5638af8a3c8338d8283e8d1ec0c0ecd9fec9e9ddc838

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6925107c3d931d9f26182164583a2608
SHA1 8551d9146842778d97b8fbfcaa0f534c6a9dbc5f
SHA256 d6f43ab41bf6aa2e405679a86a4939a106f2ab84a2123680306c887cd8a1fe03
SHA512 7333b592d13ba047398081f86870bc85a6ce5186d35f4564e31fe51027b6511737a250201ec3c8945c54100084260c1c80c0e9da69a72a4e23ce7a56007f7be1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e6700ac12276891b7568db39cad292d5
SHA1 6644ff2b11044276de6b4ee1b1886c3ecd215ba7
SHA256 46fd940cbc878d6244f6bcba222ba0840a9281f651b53f00f3de19dc6166490c
SHA512 aa1b5e4b841e3d44e0d06f12ae344e10e1d25c181e087c1e06846ed1791150f115eba832322e4a16e957227216a6d17f43be01b47b860c3201a2822a296f3253

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0daa433e2b05c4a791ae503439ca779d
SHA1 0e342a1eec7906643257c88816cd0bf93dc8f587
SHA256 9522210f19eeee93643f03471c1c9d8b2712f5b2bc5da7492f427a6b86f3532a
SHA512 b208f944dcf828c55cfbdd2db40e1c4ba273d0b654cd1746c4eebf5c7dbb7e212c237734043e8babf6d80fba8b931ee914a975c7be56a886ee612078fb8306eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 6eadc0d6dd520cab2d1faa43d3fbeb3c
SHA1 3b203e4d7c3709ab4aa847c8ca9fd36d8f358e37
SHA256 c4c9094c4d299bd46d032c33b32684dbff5bdf885ae486322019b5204d188790
SHA512 f076459919361056f87be9d36dc7060c54e01c00d903e9a09cef1931a68735544916a02475441641ea973e8d1efe5896a3a5a9412726595ae271ed986cec26c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

MD5 246cb7b4cf2536489690e5665943e596
SHA1 757bd1898dccb1ce253a81024cc4cbc34be24063
SHA256 40e3d2f51e6febef34d9f08f3302694eb7d6d94fc65cb798196fdd3bcbb79a9f
SHA512 d0ba1b8e7d00113039f790f431e23fbd47e01cde7b6f829a6988230201eb43682160d88e063aaef93c57efbe6c4bb1f0710fff657dfa73629dcb241c34242c47

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0221ae700d5e18f88b217e10b8d30a7
SHA1 f5bd44f67f4a142c1d511dc7853621f495ee6b04
SHA256 205b838c4eec008bfefd2852d88b453a09958a6f407d5e9aec88526a799b2f82
SHA512 05e8c03c66d611632f30aa75b139633ed7df609a83b887a276452d0e2b3d86a40ed57187b3f22799cbccb780ddecf2ca41207c10d843b070701b989c2fdd3141

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3b1ff824b9b90900c3b1692baf0738f
SHA1 871ddee070f8ffe8ce4b7bf8ea3af855aae3172f
SHA256 6addbe652cc7a3b2c5c18e60573997ca38158a5cd08c11a87ff9cb54b1dcc5dc
SHA512 1d799845bed1f43c9a66f1532a90e1a109444ea1a89d13a51633dbb7af1a61c93f263e401789533af8074949044e1e18dc5ba87dc3fabce1857e2dd388b8c10e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8fcd6e18be095b2112339f48a862b26c
SHA1 bf12f904b85f454214d0ff403db2c81c1a4407b7
SHA256 7b446d1e306797372b23ffa170b584525be9be332a3a5c8cdbf65f8e442bf0fb
SHA512 180fd457b71a1b6eb31c4da6721272721b5d1ad9da783125091cb24063a45c6333650e81bcbc1ef45b1cff17609a54b1d96aa095c74d30fccf71d72a2fd65605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d272308ab321de67382832565182ff7c
SHA1 3b69458eeb05bf8aebb3139ac9ed41d08cd7c14d
SHA256 4d61504e244f4ab16bc71de06b8c0d4b0850e1eb2ab16ddf34efa73a7b45d457
SHA512 9c57354ec7476a4a0a639e937bd949845623fbeea468c4d8f760cf1d95543b12a8fce93654229b7ca6e6986dd57fe91282309797d34da490c97ffd519e0677a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d82ddbd9bee7fd1bc65d86f7b31a2fd3
SHA1 6fa4b9d33e0f1b30e7b4ca62f2a24563e9e2bf03
SHA256 fc419f6241eac0300ed0c394ea3b59b52813fbb5abf5b9dc4226dab2effd3589
SHA512 6c387d33a9a04410875db8a3679b4ff851b735d46cd5b92441d7edb95981bc9e5bd5d9a11c4d7a5167257222fdff5952308934114cf1b996b6abc50c923c3059

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

MD5 dfa970bfc440771630d7c9dd3ff32c7d
SHA1 6d3f234d698aedb85a87fc754664a9f23230d219
SHA256 1fc0ed482d774ff07241e48a1a8f3d5df2c71a4108baab661e92aabc577f786e
SHA512 c96417ff9a6fd2276ed27c0811114ab0f16ceaa1f6f7a745456eddd884aacddbbbc6a74e8311e9817a9011c757984f0ea6d8c20b48415215e4457921b6b05432

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7a068078112ae0f23e341bf3a608399
SHA1 5576d2927873fefe48bb2d27dd8cc53e417dffc2
SHA256 c42b87e1dc843ffc55d0204cd347089e324178ecd044e05c0a8d6b59c8e91d97
SHA512 79d0dd67cd4d67139de7c0c4b372c6e434e0c42ebd6e01a4a1845c986ab2a30211ec743f2a3410d035b3cc1f7be5216dd871e6b82a84550181d7dd8c7eb33b09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\df8347e8-d5a3-480f-87a2-b24b743585bc.tmp

MD5 eca63c1b0246b80a3548fe99a7cee4b1
SHA1 882584b2e5611252b3db6c8a337c959ba0d75c0f
SHA256 e611f4d1129a0bf6fbb6b498ebddc707f274fcd1e6dc1d1cb77c253be444d6d9
SHA512 8483af238c718bb9f48e83d44ea2dda6d82c7bb158a665013da936c91d59f74d8598c5a75bcab257ba2bde9aa974bd0c03344d6667be1005fbe6c9148ab4b0af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99f56cb35efa35e1791290c631f1bdb3
SHA1 aebd47cd3c3169f88d01b109daec53f9d87ff111
SHA256 cec89cbc664281bfc7f5cfb6f1ffc8e6056fce50e92304cd3e0f047980928038
SHA512 26e1530f533cddc91b0898a8f8f573e23d9cbca46da8582fd225e67b36a799669b371a8891639d368e6e8cab17de7b07d7d90c20baa4be3ae8a76c4515e52b58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b7354a27383a7aab595351f2470dfc83
SHA1 a27e6f666b3384064a41eec76f698b7d235c566c
SHA256 9a41f36f3b4425f59eb86c05cfaf9ce34774ed91919842e62f366b516602b784
SHA512 e8c32cac8f83db734fe228284e42827495943c49db4662f73333c34a9b507bff701cdbf47ba8867e5e7d4f22007daa90db916f6fb04c0f39ae29b79946fcf3bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85d07fb76c9a01377940d5c273b17eb4
SHA1 9a2c9acfbc4024da78f30793fd0759c7d93e879d
SHA256 62d7a911b9f2aea5dfea795630fe03cfcb3ef38c6bb907e9e0c603d4f94388e0
SHA512 f52e01a87f153f4a7e806fda2445fcf50c4fada01b63ee2a770e427b5ac727679dba4c9271b8ca776b3e187b22fe1f8054aeb0baba983db7daa0b743efd1b289

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34c70a5d7deecc25fcc70a189ac499d3
SHA1 e55e0ceeae013a4f58a95f45baa3dee07218b9ae
SHA256 5d7bf4e07b5f3bd23b7727448fbe50451a1ce2bc6ba363ce828cb91e13054911
SHA512 f9421ecc394e03d23c5a3451039e2769f008943874346d6f2189b5ff997b3055e2a7a479e4047fc712329ee92cbdc14e25285e7b38f2baef93f7380cca215af7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a24c1655114d2fdb025faf7cac7190ed
SHA1 9bcb312406ff383e6a06915bda2eb40850ff6051
SHA256 ef84bf7f2af842033c36db2f65e15d030ee8c90dbee33a0cc8d70e1948582932
SHA512 fddeb8bb59f1abd9f2a0d3b3610b1ce58b5c486f574234c76d520cb364d8616f49405d43b3f06d24b2fe8e3dd0185740a4607769717ec5c3be306dfbb93e1886

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 e3ba63bf8e923d650b37097ce8d43c5c
SHA1 690a297bb8b8a7c43e72ee327074126c03c65776
SHA256 e7cf67b2ed63910d04a4fd1fcd52cdac5eded7793c73852b2c2b4c3c95eedc26
SHA512 2e0c9d512f33573b952ca139dde0ffaf6e9855337ce50c9f226ac24fb2a1c2742db5136dfff1d8332ef09bb5ed847c15d034a6070bb0dba4646cf69c307c5985

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 30abb44d9151ddceb41bb73a8cc05c6a
SHA1 b6e6344793dd5788f7682463929cc4c1d1b61542
SHA256 66a4f1dcb982aa8ab30330324596e495b7b90b67b0ebf31e15871d3d25c27942
SHA512 1c2443788c5deeb167ae9396fe02cc4d6a14f7585f2992eda20ba461a1462dfad42dfef5c9cc7ba5d2151b36dcf695d5a802a4b4001b07171c77ef7093f5aa5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fa94272f7acaceb12d9fe9d5d45742f
SHA1 1092e7a0ad28befe3693d74f038692774eee0810
SHA256 827b244d41ededbd631bf4d7bd6381ad313543044cb8c373cf152cdb64d1aa17
SHA512 7940830ecfe779eaf73c9df83bbd1e42253c529c0413ec31760b319d575be4b2496270a6f1313e97f59e24f0e89cb7966cdacd921a04da31ad3d434f73dccdcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 633719be6a509a4f3403070df98f7f03
SHA1 99edf06cf6ba338f84b02c3916379b06faa9851d
SHA256 3c324ce78073d19196a2dd22a8dcc822c1e410f60bb6a1cf9dff08945f369e92
SHA512 427dddd82864f658d2cc88766bb7a4d73814265b2d8be33b739d76b5b4d8e022086e7c8845317070116f8b590b715e8093b3e462c629930fb3bd50c828cc3743

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-11 07:18

Reported

2024-02-11 07:21

Platform

win10v2004-20231222-en

Max time kernel

149s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{AAAEF1E0-5598-4F7A-B0F3-DE4A00EA7293} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{60163140-0681-45C6-A4B3-697B2626B30F} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4204 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4040 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 808 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 808 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4872 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4872 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 1512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2228 wrote to memory of 1512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 980 wrote to memory of 816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 980 wrote to memory of 816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4512 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4512 wrote to memory of 396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2980 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd9bf46f8,0x7ffbd9bf4708,0x7ffbd9bf4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd9a99758,0x7ffbd9a99768,0x7ffbd9a99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd9a99758,0x7ffbd9a99768,0x7ffbd9a99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10542456651614413656,16376778385298085070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10542456651614413656,16376778385298085070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd9a99758,0x7ffbd9a99768,0x7ffbd9a99778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,13814935804334660180,11872261570909080137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,1062045862241226249,4226387466809240294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.0.387251103\46112763" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a2f482b-2d5b-4666-947e-f87ed24727b7} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 1972 1a9e7dd7158 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1348292996005580519,12641109242574360849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.1.1218583355\1971575711" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3954628a-70fb-4209-b488-636ccbc55877} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 2440 1a9db0d9758 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.2.993775359\1593112811" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3048 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac8c79b3-41ce-4857-80bc-6c1602178d78} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 2960 1a9eb566358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1948,i,1969687728842016329,13678524439208035510,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1944,i,2321045418667079345,12531212503973530771,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1944,i,2321045418667079345,12531212503973530771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.5.1838112073\2009363482" -childID 4 -isForBrowser -prefsHandle 2972 -prefMapHandle 3376 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c69e4a1-1d43-4013-95e5-93e479654026} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3644 1a9ec104d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.4.1238556498\621102083" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {184f7e22-a320-4b77-b88a-844b4da85114} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3752 1a9ec103b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.3.69879076\1309494268" -childID 2 -isForBrowser -prefsHandle 3284 -prefMapHandle 3156 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b8f973a-bb1a-45e7-acbb-63325dd53946} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 3588 1a9ec106558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3856 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1948,i,1969687728842016329,13678524439208035510,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5064 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4936 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.6.422965588\1296334132" -childID 5 -isForBrowser -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c476a1a5-9837-4585-a2a4-010b71d950f4} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 4584 1a9ed1bac58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6648 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x41c 0x514

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.8.351641981\588396511" -childID 7 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {434e1fdb-2a9a-4aa0-8c14-e16052ef39c0} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5496 1a9eeab2458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.9.1727254983\1616958037" -childID 8 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {308335f2-8ba5-411c-85e9-a185e5692574} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5816 1a9eeab3058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.7.472694003\2017327547" -childID 6 -isForBrowser -prefsHandle 5512 -prefMapHandle 5556 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63cc14a5-1a63-48d1-b158-e70a113d756e} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 5528 1a9ee755858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.10.2135516660\722590068" -childID 9 -isForBrowser -prefsHandle 6048 -prefMapHandle 6052 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f1fa9a-113b-41b4-9324-6a644ef4904b} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 6040 1a9eecbd358 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.11.508065319\1200401138" -parentBuildID 20221007134813 -prefsHandle 6368 -prefMapHandle 6372 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23cf3120-a5d0-4ad2-8045-778799c94f76} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 6380 1a9eecbc158 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.12.532977223\1540998244" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6472 -prefMapHandle 6468 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9290fe92-a9b8-4103-a838-e7e56af4e5b0} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 6452 1a9ef00df58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4844.13.1882771660\1551314761" -childID 10 -isForBrowser -prefsHandle 6792 -prefMapHandle 6828 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed2d48a6-5123-47b9-8703-e48e3030a12f} 4844 "\\.\pipe\gecko-crash-server-pipe.4844" 6840 1a9eee86658 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5628 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5780 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16098247225946738897,16626704996065621079,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1904,i,8852726511053928878,4630583984188920504,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.180.14:443 www.youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 224.0.0.251:5353 udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fl6nsr.googlevideo.com udp
US 8.8.8.8:53 199.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-q4fl6nsr.googlevideo.com udp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 172.217.131.199:443 rr2---sn-q4fl6nsr.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
N/A 127.0.0.1:53568 tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 ponf.linkedin.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 144.2.9.1:443 ponf.linkedin.com tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.9.2.144.in-addr.arpa udp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 127.144.250.142.in-addr.arpa udp
N/A 127.0.0.1:55856 tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 rr2---sn-hgn7rn7y.googlevideo.com udp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 7.133.217.172.in-addr.arpa udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12f5ea17522d20f57cfc7ed287507d1c
SHA1 683a34647d67a7f0db4b48c8e5ab2bd96b1ae58b
SHA256 25fe9a74a26f05364d78e4fef7962b5509f562c825da977bf6ee46a31e2392cb
SHA512 6ba3e8a3b7eb2fbd8edf13571a7a430b334dc86527eb4368ba3b8c2e7bcd24073cca99677ddffa633643046536bf7c7516076a9018f7b3c7c63a9f2a26de67c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e71d66ce903fcba6050e4b99b624fa7
SHA1 139d274762405b422eab698da8cc85f405922de5
SHA256 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA512 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

\??\pipe\LOCAL\crashpad_2980_DTAWRFTQEUPGYAUC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bb2cdf82802bf69b297c9fae3fa48e85
SHA1 f26dbf7984929197238377b2b3e37f974447448d
SHA256 29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7
SHA512 00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ae98e38a-19c5-44c2-9ed7-328609a94e21.tmp

MD5 85b80b2cb42412ced5029bccb3bb282c
SHA1 899e6862bcc986f0164e41121d70c2e7f7f09f8e
SHA256 ada782538f5555b8c0afe8dfb7aae3b870998cee8753c528be94c9875809688b
SHA512 d0a57607bd48fa8e44c3aa5b95434e202afce2063ba4459472f31b1f351b99e1d2a8c50271bef9d59f1ae6ea23cefd41535a1c90993c45235e5ca20520d47a6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f7e8fbc652265f7a4c6bc6d9aa93284a
SHA1 26d912bd9bb479400a2946f9364913a313267678
SHA256 b54b1b1a3638fac37a5a8e16c05959b579c0ab717b8027f7307e796e69bb7bdb
SHA512 e8b06cb95d7df983226199178f8f20c326670b32014caf78d19d7a57e54b0f559456122909b0819ef1a72ff5a0490bf49976c0b07a2f91d5ff4e2346916a2916

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\630fb715-a4d5-4c97-9da7-0405b8478c95.tmp

MD5 987637905e067fe748c8f25c19bab5ea
SHA1 1f9dbcad9b025d612223586c34e62911f6d27abc
SHA256 83eb8abb17ae92fd0ddf65d4f6892d86f3fe85c83d1dc1740fad9a4a6dc66674
SHA512 ee7288bd4ab0e1e3cfce4bc2a386a8632b501ca0b463f5fb1b7da0510d2f9d57b64ef7fdb2d0f7f317ebbc09bcbc15a75c5622486b394a00d6c8f1078ddf5dee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ef2bc857256e2b6f63c8fef6406b9800
SHA1 706820a34fd1107c1e491de3e2e899a5d8e349fb
SHA256 f297b45731891823bd98f15ed85e0856c5404e9de457408444b594363953c42d
SHA512 47103f5371dfbf1badf263492d77c97cee49f92ecec9bdc044249cf71c14f133d274658155ca2113cccd83cce8df968e347a7525c9feabb9b5be99c718d9298b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d70de781781b57e33c796c21b8fea90e
SHA1 9fb02c6e27ba2060f7f5ec301d46ff748532a3c8
SHA256 307b9fe0d57d8d316401e3e142d82c5c8fd9ec5744bf92329f2152176c719e68
SHA512 916939924ab17a3f8578d0984ac228c043252565916f70a088b5f46751920ce4ca8dc7818e58b0fb089061bde0030651be94f4e1b161798374c179cafd12cded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4216587c7e5ca144c374af175344ec68
SHA1 eba6e0c3978b8122611b9e7dbe3b842a005cea18
SHA256 eb7a42ae607c8bad0bddb0bcd9772c986431226b573192c3911a8ebb693d55da
SHA512 ad66a18ba9c4fd2c83358439134b3f691b5d6fae88091b08895586c86dd2f1ebd418be7c0e69fd3139756c576f3ee879cddf75d72ac8adb983dd4760d3c885a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 234fedda01211c0e8e35f699d15f9996
SHA1 b27a1682417fc1df0c6ca2e48a7b8d264a5bdd15
SHA256 5b2f1b0e0d91a538464f7061366fb3406192a48ea43cd0599c93d9c8f46c2eeb
SHA512 c73305d79339e3bf260e4c5e41bf4163ff13a6210bb9db653388edec645f4a81e2a995f190a4d41d3d519b8e0f79f2d7a9489377a08462cc83aca9fdf850563e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9f0255136f6915caac041e9a0f0cc060
SHA1 48b5354c700d6182cd1eaf692cb3fd1141a75212
SHA256 349f548c078effaeb3701c4c7119cc89484fed46d5c90d7242981dc52b59da96
SHA512 eb10285a87421296bafddcfbefe0ca2c908663dfba56ea102807611708d74d8311e858e7817093d80a3a435eca65b6d154f1d49d0be10d33735be1aaf43fcf56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e34ed5d3e829d404217c89b9ec7a243c
SHA1 c294049cdbd770c22f019a78fb8950b6239a947d
SHA256 62e912c162b8f22187a09f54054de9efbe949abf816607da06a6b7907ccf2a71
SHA512 7c9330f15f474cb715c5e5271881ee6783087a6b13b97dc8105fd636417e3822d7e7441b3f56396668dbba9e78eba156552bc7ccfc75af6d3e65301b9eb6a30b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3ab294f07ff4acf3571707eb52ade7f1
SHA1 d097ddbdb165c09e122989cebbcde586c1c1527a
SHA256 ae26d71a59df6d777cdf78ea78f180e589b9e7fc2c2f199f39d4ad25714bb676
SHA512 f8cd32229c48a5df716b681588bb0c245935738133771f688e13965b0d4a6f47b0d8ed11839fe01b6875f9cd7a8bb96da4b18367412a74e4bf8af6a2ea2fe566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\e8a6250e-80d7-4a61-8297-76df9054dfa3

MD5 575ce7bb4778073a0991bd507d354bd7
SHA1 44abebf0597fbb523cf4ed651e4927804a0fe627
SHA256 6c0c0ba4545c1873db1eacdc44010265efd81e3d255b44ef3d534a163636d4ff
SHA512 b12c57ec47ddd1ed2c193ed448416b4e53c5ef13eafdfc9746087d41e2e65b3ffd1d306017911d9b266ee356f328386318346861823777e9c054e20a258b8c18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\c176dd4c-1858-4a66-9a03-ea9cb636416f

MD5 b869668ca2b18bd7c01eb31facd09216
SHA1 d016554ab700be00d17743f497c19060b4e7c61f
SHA256 a7501ac688d3c3c8365b724114d1c84faa1aa30de6a65bd9637c2c081cba4ed3
SHA512 5bb9a47c11b276e3f9d8a75a1ddf8ce29e4b89292f12a59b2b53bf22b92a140815196ed78046a90a24e45401218a6b40ccfdeb3f3e0a53bf15cb7b9c2492d84d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin

MD5 4aaf4c2bfcb6b41367b25dfbb590a3de
SHA1 ad2818d15b134ba37bdc4be6fcfb334dd77c0d27
SHA256 cd3f69221110458534f34b8c9ef6e7839abf003e4ff8116f91c2a69d0fc2e26e
SHA512 6a9f3212dab923ebae00a70f488133280d12dd267c7f1a683b5efa5f36b2113a0c9313504121247be844ab7fb9d60a5435cac0f967804da2d5a251067aaaae86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 12073af823007ae20c7b3a14b70da94e
SHA1 6f38b90eb5ecd0ce2f3ecdbe9f18d7412e5298ce
SHA256 d00f5c773ce637e3514f0c74ef1d1ff11a371cc5be323fbef17acd3835e3c6e6
SHA512 91df4bf86a99a79e9e60f2db6a1107af73fafa273c9910adca1e804f63ee81970f5683b460e85c56fbab8230cd8d44e55c294b2cdd17f5ec61a31e900c3b9c38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

MD5 0eb76bed4b73aecc4f4abff08bfd9cba
SHA1 f6a55cd3e9f2587c02e1d154d52ccd0c580e6372
SHA256 9baa859be9c0ae44ba668075e25533a5fdf8716123af7e458cbd87e8ddc1732b
SHA512 98c9bcae87fb80e3d4abb8999af947abd010abcc18509943dad49d021191d79c19d46a34fcbe324802eeccc04558e87c61c03122691771b26e77a5bef72cc75d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f1b3562a3bac2ea2867eb542cdf40fdb
SHA1 ff9752608becc60786e896643e658b76f9e0f594
SHA256 a1d7fca0f2595115dbed15024c7a02e4191e8aa114506fd84632c173856d3680
SHA512 ebbb22e9814578311fb4ed9eb34779bc1722ba3af845da53126d9f5e34fe82d58c75092e657fcfb2de4402879a36ed90d26b54d546f390130ca5830ebd615251

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9966e012f7a68603b69ef1ffc374b230
SHA1 ec6d4a38fe78b54931c5ed4ea20cfca731b7f5c3
SHA256 322d77f236c4a2dd6e3512a0439bf5b40506b3d2cf65a2dc8d2ab9715109ffda
SHA512 afe4c9aa8a205aa36351be501905d6558fa12555fa0870ce743589aa707bec69a8f581106248493faa8deea5d3a0af1d1da0738d90d094d0d53e62264f64253d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 985a5ca25e254a63f280b75ffc4c8d4e
SHA1 99727abbddb4878585405e6ad4f17ae153927684
SHA256 61f190bdd5bb0311b2f59000a225d6310c34bcad8cb70f05fbfff18916e662a1
SHA512 cb52a994d061152bca1d58d1b7f55d73d0c2c0bf6193e1b981933d933a7f3ce2f37a0ecf27e0de51a03c6fa5f57fdf4aa504a5ea2eca5713084e4319c2a4fa83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\cache\morgue\117\{c1fe53dd-1be7-4060-8b78-12b83c391775}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 327bec7702c6c3d486e498be5195ea6e
SHA1 1cc1727843078bea5718fc59008485b772281791
SHA256 a33c13a038964f0f6f1414310d4a630c76e632b30035ac7bc891e0097388cb87
SHA512 7c96cb4b9c2e902ce62362ffe4314239da87528c2ab90ef48bd11d407bcc1f42426847cd54915f8e969c0a80999f22243c83eb6f1136e203f1af3b25d2128190

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.youtube.com\idb\1579502628yCt7-%iCt7-%rdebs7pao.sqlite

MD5 00c495a8be5d0bfc3bbb37865afe038c
SHA1 f3cfe704af68631f6fa89c2f81c81ba176d3c5f6
SHA256 60a39a9177ddb939ff2d7904f1b994728f5e6a48a34e90503432251a3353fdd2
SHA512 1913c6caed4f49ac3dacecf45bf70e3464a76337820a5509dfd86edb8b207f876c023e1b3e8e1d280d2c56daaa6202a809fababb4f8bf9f5ba1f44fd26df1a2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1b1b142e24215f033793d1311e24f6e6
SHA1 74e23cffbf03f3f0c430e6f4481e740c55a48587
SHA256 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512 a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7dd3a3117a822abd3cce48f9a507946a
SHA1 23ff6effb18f9a558eb42693708273002cfd2a9b
SHA256 c85455fa673535002f2c22cb87f1fdad456f4809edd83f847b32c7bef04ae942
SHA512 4d8f08fc4fcd1f252694e6d567643b29868e53cbd860e963678e6a3b6d916ec40e11eac00b6edc13406b9a25e7bb4d31c6755443ce8f0d643b6c928dca659762

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1503a234dc78715733c1b812f0108eb8
SHA1 7f3174682f7ec128df2acb8176b6ac4becaf7bb0
SHA256 0fcf3c4819dbbf6f0c28f935d12a892a27673ddf567783ed0293afecea725928
SHA512 27a38bf79f08d352ff915d80a295915623683e71a34068868f0a44af612d4b5449c2aed5408550584288de7e3d57fb6c86de8af1a5dd520575cf96ff73942cea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 f815bc71d9ab6159fa40077db2607533
SHA1 be5d565ebad524e00087212c626eb89b9c6fc711
SHA256 57b9862150f5e6bf73f86b2e862e439caa84015452130a9a377be9236df72087
SHA512 042a9d0e08d2f6feae07bcdd13757b0e01162544d1cec342b4b119e944f2eaef3c4e39688cc24053a6a0afacb0b6dfd357e4f975e8a02ba160986a046d19abd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 79d8589a176f2b49589b66055af75b17
SHA1 de3270b285d73b6e2192c38c3ff9c81a7652a6a8
SHA256 49565ba118551b04a7c55fe6abf0679e8831ec5de6424c9a14d60f63e46806b3
SHA512 92122af2d21daa520336f3b9ad1cc36cc2dc79346a0992b355274c56ab73d91ca41d529aed5c50848dac93fe031e2b4fac085599cdbb33598de9f9e12e47dcc9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\22095EBD3ED97A861B46891BA3FEE2108C376A2B

MD5 f77ace42d5979fffdaf563992f113695
SHA1 64f325796a7134fd6be889f1128f3ced83781b25
SHA256 e608644f5399f7f9d8c5410e04a897fd7d6cfa97148df785c950b6cbc034ceb8
SHA512 8333e5677fa1b4dc43adc911591784d51e55956e5ebcb42c501de2ec7ab7b8e3e16b88b34785131c9fca88efb3b0326d008776bdaba773053292650292835614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 7b47ac295e1edd1ee727c8c9241bc0eb
SHA1 2b75acf6b4e14188289a855fc7678d7823f2e225
SHA256 24de70ce6cced652d3ee57a1803178fb5ca3f73b19322cc2432031c62774006d
SHA512 a0e57c53216e27f2a1cad8f34b259cfa496f74d936b70e3896e649d1188c01377717699b4f75423152dafbede4f6f77a3b6962177819d7f7148f4b4833e1e2e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 e5b06df620ab1b4de3756b4e115c7572
SHA1 0434fdfe944dec5031d1e61350e53f81ae85c6a2
SHA256 149d5f39230ee21e74db3a449705cd798eaaf032a5ead56086ff51759ffd8bfc
SHA512 11b664d4e2ebb916300f030ae0a8981f83869512185645b827bee74d86f3c882766b0fdaeb33a02158b85a5dbce7264198deb77211165bc4741d73f4dbb65fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 8153ff6fc058c663c496b7964b3b6c35
SHA1 7e3a9d742dcf1ec22900424c9fd151379e1c63ff
SHA256 ed82a076df34d0cb48d64d2dbc6d0a325bafd17bc1b5a99f2d6138b634525015
SHA512 a108f6a2864f40aebdab659ba4217fd24b5fc88dbb3a784952353411b162599ae67ba639b9cd5833e25d5dc5e37674ae3ff6ef58bc55ce1c6371a48b2bc6bd27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 81dcf610da3f1beca4db5a3ef0638be7
SHA1 7da9c485a8e98825c391912a14d92793470fd277
SHA256 603d830c79f606ce218924a7440a1223490eb52567a78bfb8bb677e79abc6d42
SHA512 c57787b8459dc9401ae17e43efbc40c698b100b1a62b8fd3bf9bf30c2017c1fe9313fe18da553f441dd391efa9f201ddbe417bb19bc33e0b7b0d5ffc2b3b7633

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 ddf820f3977b4a66ca54348976172cbc
SHA1 6d4d1f20f70e5a5488b7002b0e9053a7e518be73
SHA256 1d8656c5248336db462c188369901f4b0353792cff1430a81ba86a91ad03dfa6
SHA512 720bd6fa11fdf8df86bef5046c3e4fd94bc1a6a5650bcdce080df6a78f9d39396a94e73501b138f9d28b889ad29bcd518b7ebe7669ecc6cee312e50b6e2926b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 36fa14edf830d92f07b460da14a3bd23
SHA1 46c1885109b7b88956a53c9c87bad57bfe09fd4d
SHA256 d0ef14fdc761de893385491f38ebda04dfd20f1a175ef448a4d218f1ed8654a2
SHA512 564265f482ed627a855d8af237cb1bcbe4358c7164f7e9059893b97b34bd3aca87bed163b8c363a0dbe30baed14273f4ce6a8b47f9da75ef050393732c3e7aa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 9a8dc3a99aa7f48e46e9f7bff986eac1
SHA1 94f6e52c34c87591831502e64eedcd5d834f2d96
SHA256 9939f4d944e942393244beb7877b269f0e11d7ba4e0ddbe96b50c2b1c0fc2c95
SHA512 25a878403d4ddd58f10a4ae5421ad013a5ba808e6acc19ac696dd9d0a9f2a1ac7c5da3a20512c7cabed2c02f82731bfa92812ee1442dc268fcf41ae3a078b6d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 d1a0d8504b6a46215e2a4cf521ddb7b5
SHA1 3d6e16808a1e17ccdaca99f37ed30468391c62e0
SHA256 cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1
SHA512 2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 67e7ded3be89e67bd535fa5860fb0849
SHA1 d0aba27e25eb48e28cf433647918c45137e3d2a7
SHA256 20a09194a17742d032d8d3d68e369c4f23378a54dd16638b8b303404f97d73c1
SHA512 df44a36055653f50a6909dc982ccd3a5a5935330a65e07a19f8cc69049f5611be23ea31537ac4148d96ba1522efc8e252bd1f5d89a2e67a89f4ffd491874b625

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 fcf078d1fb0b8f66de4f2a746b05dd8d
SHA1 75e7da10eed962264530c5616d385e8c65391af2
SHA256 73400b376af6d812971bbf9e83db696ed53488913319c3ec1dfd958469d88ffb
SHA512 38c8d995dc50092d70adec2a2f2d1a4cea7fdfca95b35abafa16e4db083495b6f6609dbebe93bff98f2c0da2df09ef0922bf105598071b4e827eb21f927dea44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 3833069bb12dd040a6bd827833791aec
SHA1 3a4838518298b84c7e89137fcc241298049ac2b6
SHA256 541490cdfa7c4d1d9576630bfe8f4e20a7d7aec8d13b248216a6dc43d4f9d9c9
SHA512 398d06f81f04a3c868514f5785e2a8bfab4fff169b0a70c5ba0e7863177dbd0216c40f55d4a9c2f56449c03cb613ef7334e9a49e612b155d8da6af495e3b33ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 526d32cfe75b2908df856981c50fbf57
SHA1 cfa9918504f160e9cb6e93fbd5e392fafe7a673a
SHA256 6f243d196de5994e8067a972e31cdce802373da68738e1e5945f7c53139b1279
SHA512 bcedcdef5edd49dc307a929a58f1554766f35da9749453cad6900bf48b08d5a0b7c3398a63a5488df2279441bf8ef661ea24298761057f2cdc9d59d33da9b74c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 ce552566669386eef8c052f481959b23
SHA1 a0d8a080b769103a5e5a728feb0eee735d102d74
SHA256 29600bd213e99deefb253dab475c85c7b992acd87a15206a1a9dc5e83ab941b9
SHA512 9ffcf8110c48c78bf9cce270596f7e723ffa63ba9ed7e0bc19fbb9ab2d9b466fad96862aa5155576f67d72f5e461e9b4881f72465d8e076c641a4f4ff2126d4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 d6482d4809c11d168eeaf3118e6484c3
SHA1 c78c8a25dbdbc02d247297a3bd7b89826876ac00
SHA256 9575237a1822d7d5c9385683ccbeed0016e5ecbab97a57dbf9ae92b6e787335c
SHA512 0b16c53b049b4f4a0d01794a4af00a3a8117600d6876353bf98f6d4931894bdd1452abbda5a1fc1f1ac4dc14a7678ec5be45c22ee462016d622cd11c6486bf6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 b0864dd91a833ce97953eb65de9ed468
SHA1 1c01cb94f6a0360f02f21ba35edbe938c26bd401
SHA256 2e42a1c06f04c197c124f6e1f2efb9baf8c342f7cc6858f037a90618ac6d27d0
SHA512 a683d287452118224231367af6e9eddef1964f61970e887964353f3aab2565cf462c23569049e2032471555581d92ba388bbe8c6139c49bae1d5156df8e6846d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 4bcc82dfc5efb0171a36ea4fd2f2eb64
SHA1 313717ea18fffbe1c93d229384dbf9323339a68a
SHA256 8600d04e5fa5d95e2f6d6d56e1df2b34b6ca25d37edd6d7a7cc4955a7adc3869
SHA512 15d04f171f36e1c45d95808ab94e901c9413251639c042891fa9d116788e9e052fbd0a16d96055325a1cb8577370da7e89ac4ae6449f54b9111af4aca4d88718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 d04a12f2fb875e4b1eeba6bc7c3350be
SHA1 4e6616d8e2b9aff3e6ecad094e88b86055ae7716
SHA256 4a28ca910185cf42caacc39da9c5ea469535b3f287792eb091df4f65456dadf0
SHA512 25fbae5ffd4e21e5df8e23bf7568699e20de76955dc557e356d2b9fc94e7d3bb1fac56877ade335c76839d00205a09454fd782ad9ba83d7fbaa9107b07737158

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b7d1c628adf4c51751238c82e675605e
SHA1 daee8b0b075d469c916b9562e1e4887e40de45fd
SHA256 850cb19310416442b84b9c981aa70940624d6fa56368847f518ceeb5248d2829
SHA512 80bea754ff3123a8f2a534bc87ddccb86fe104b4004e27d120fb5bc9962378725395f78ca605a0d929f33afe685c813937eb17936c5a167e9571762c6a59027a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 29e55c8340a33b081c085df3603308bb
SHA1 2de809501d0ee9a1cd5fe41ce2cf9364246c91d6
SHA256 a3bf0a7ff200334d2e1180536e06c9581d23fcaffd496a4a73147b5866241407
SHA512 7b175b27c3d709f81fb06db37dd2176e13095545f44605ca0cb60850fa129b3ef2534eafb19057dd5783225ba092cf299d9e3ff67d713cb3fce5d730c38d94b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 dcf7cb2940a7396d82a308fe16f4fee4
SHA1 5f28316489064b09702cd3f5aa3541026dcb2abd
SHA256 d61ddd01940e41067776ba118fe12f4a46649d6050e46ef6ae0e72fe7c0ac13f
SHA512 d64782a7fb5799ace04fc9a90900047514713bb1830ced8418f744f1ee8bcb62644428f40d0449d81f18736f27ba473f132efaf6848373ad17b7209826e4817c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0b6feb77-5cbb-4721-a5f9-e3ff837a8ad9\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ad1537b79bbff413a82c1d16440b9bc3
SHA1 74e22033e96f74fc03131c6f81cee67cc195e744
SHA256 74222232deec5b01ac4c725a1ea9e4560394b553716fca04354a4d90789084d1
SHA512 eb2383e400034980aaa4a47293d6e59e681ec3bf09d3b709b631447a5c5bbb2e3ff3d07339ad494b00cf188549b6b3a887d8064961d856d6c6dd847cfa45be3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ad57.TMP

MD5 304ebbde9116096084f998ec12ef7593
SHA1 2853c20943eee2791d993440fe610a72c643087d
SHA256 e6afe6c33df742851617f96fb7e2f92c955e65976ad2685ff2a7dc12087c5ce4
SHA512 8863273c15c44415e6dcd11a08ec4b48acdbff1f79a8f11b59b6cfef1cc2e0d280e03e8401f124a3d0fddb15d1a3c0ea570b6a18a645b9e98246f9daab7c4c6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bd3cd9df70a7f8dbea6e1ce1eb4c0470
SHA1 d9739032f283221174b7f7e1e30e5448dfac7913
SHA256 6b7ae1e6c4bc953baac65a60e7b63fc5568c803564f417dc0aeaa206134b5df2
SHA512 9869a6e7295aab72487deb2bdf4b4b3e84272b385eafe2b29c7f6446cea4d27bd078e112a52f43d75b0c30a5acca882d2bcaf5fcd9f197718dd74461e247b5c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 a314609201890761e5a0399b23a9da86
SHA1 bbdb7497d1143a0a581d71eb24059fa1455b6493
SHA256 455aef46b0ad6895e345278d26ff5944e7f0e1125a090350a87380d70e26d43b
SHA512 840c781c5539c643242a424ace12dbd52f47c5c88bd25f8b1aec0c78b98c48eebfe5ae5b190f25fbcf479c1ba4970c797d384764125cda59749f6309893a3342

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b163f7210e7e3b3832306b87ccebbe2
SHA1 ebd67f42958752e0808148815a841df57b3a01ee
SHA256 34e4e708b5ddf3ee2ac8623b5ef599c714281e15b3fa773e5e6644d499d4fe88
SHA512 f6feb7efc9228d2cc9620070a94e1f70c7fb20574294bf9def8929d05537a474225d8a959749b8860ddf4abad715d086cca506566fc47e39fde3e958438d06fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 597daa2e98a8de653a2f506de1be20bf
SHA1 1fdcea16d2c08e89c7b634021786b826a9f14664
SHA256 9f45e86b7c72c175c4eca503f0ee102a26771149394bbf6a8420b1cb9961d636
SHA512 1be2e6b04c19d0980cf05089f73bc952c974766510c371929a13ffaeaedb3274b70f788eb1249eb3585728ca5398870ba3aeca4cd55bb2a6144b87b37a9b37dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b110.TMP

MD5 b5474b62152d0d64849212afda42cfbd
SHA1 e4f29f8bf3b4b54deaef18c103d38ea1248b29b1
SHA256 6647dd720e7a5f47db12e5530b6660914c999cce557d2f34f0d9458ee2794a5a
SHA512 8c29306d5535494b9f17cc80f8cd2da886eea0b19098f3c9b3fcc7658d84b99b257c9b5d6603056c898cb789a281900a71b154a302a163008358f8c6d63224fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\2CE0A10F1BCACF777EDBAB6523A99BB23A3F1330

MD5 7316f69f53e46e49962ceacd1657c468
SHA1 c7d500a367dd507cae7c4d568354a5d01b0c3753
SHA256 d6247ee8269bbedb63b2f3dce8d5f4a77f901037254612669b5786cbd449e10a
SHA512 ca44c250cd2c1a85bc6cb587635aef3daba4fdbf0616ecd5b3c8265a41fc5b2b6631e35266f1867440a3a4770ec6eabc9174f341becc2fc2dd77849bc334b364

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 40565ae77bdd56c5065c3040f299cbd3
SHA1 326505677956a0caa2d8c422b300e510a0c44099
SHA256 a366a1cec37da47e00204083349df8c8ab365b666391bad9298ffeb692539ad7
SHA512 630930aff08acd9b76e3267597fbcd35cc74f4faf0180d8b164896b8ea0fa487f92cd054f0ba3382dfcfafd8a29d7b202ba4c291c6be3f2900cc4f64963d62c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 81ac05c6d01d84d913a56c11909cdc7d
SHA1 55f6bd5429c5a35ed53caae2cd50d856edcb7883
SHA256 b222b23c6ee94816389506d4de8ead66181c8053242e1e1eb784ccac46bc7ee5
SHA512 0925243828f33130cb3b68a6a113f1aabd07a8b19b3b99f45e5a2b1b2473622fa997d833c1d4b7b71781f246154d3a145aea37cda5351dc851eb3f4e550677ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 72420a69b3ad010799f8f1a3219736a8
SHA1 34a3bcc73727e99ec090d021372b383d9f54b4c3
SHA256 ad0cd7eed14ea8102c4dcf9a8ad541383ea97982a31fcf76bfe7345f466d8fc6
SHA512 0bb3b8f65b53ffc0c5d763d53d6496212560b38467677f83aaad9f0d8ce29d410493538b81cd85a586c6cc73ad0ec57d94c527f953cb52d41c56e293655f0a92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b5c3.TMP

MD5 609175d7bea38a2df2060673e0d0a065
SHA1 4af493d8e9c4bed6cd3076e89a2aa89d3b15e48c
SHA256 3af8b1c420bd93f007b52e4469b68ce626a43ca5d37c03a4db3cd93134bee348
SHA512 30268c1baa4a17be9317846cdf071dec25ad157ecd35fec30b34e1510f313eb7136c4a0206f7c64ef02160cd16d1b278f8d8491e96549216d1d5e8d8ed80c9b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b6815a66308b2c23bd86b3db3f390ea
SHA1 5e53a0d4773d83a9c652c276b85acafc16fab59e
SHA256 ffc381647161e3242027398e0b4cddfcf850380073bf86b25d5c05086d6d8f4f
SHA512 714102d17be654ce0ea87e14d1fa59dc4d5a7f78bd21ab81dc2d0d5174092e7db7ef3d1f296e527537a2fc4ee88371c01f6a3e838cb1baa61d51826cc1b8ed48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 3b40598a735a304a93194868c712d563
SHA1 6ccfd7117bf97966c78900872119f749873e5347
SHA256 e8b23f654dc1dc41d425a7ba52885933403e1ee55867aa52f18b641e93a8cdd6
SHA512 4e159ca9cfb5ebe7af0e847923f82d4219a467121cb51be9a0f0f6a2345067e234df5ef51206e71c80e5727333a5917e0aa1ca2fbd7ba72f280b69fdb9acb3df

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 4e08eee044c91ace0ad7a46cd9542a0a
SHA1 b542dc6b9818c8c1e07563d3656389c67b3ed5f7
SHA256 e5602fcd6ae093bef4648c93d192f79d4d6849d783096aecfdd2f53e3ad85982
SHA512 72851bad9b83bfff6a47141bd5ad47bf1a2fffc7c8c62e611606b06208f5daa3c52ff49f60945ae58884e22476069b99c7a7f44f1ea8d624cf2ad4f4227d3b59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 37ca4a197fb6dfabcc9325d98bacc40c
SHA1 5324d46deb07fde17e289bfeddaa6172a9facd07
SHA256 9100f3b92eed77a3901f95203e7646b3da4b2f239b37b119f5b09d5b428ebc8f
SHA512 bf01d63da5a80458db9e3e151cdd3af5d99e8d5e3ae46e12a582f30c4168c82d9f8dcdf00742a5ba37e8594c825f1b0f6c68b5306a8d77d6d451eadde99d403a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 aac9daa9fbd0a896f415cb631da7f954
SHA1 94e7321a4d9cb4f42d662f5685a36920807c8c38
SHA256 c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715
SHA512 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 27a05b77e7bba6c2b279f1a67cd6acef
SHA1 3164de3d460475f745bba673aecd9f7d799d7509
SHA256 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83
SHA512 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c097286073177174fadc52b1eaa5cba1
SHA1 796da6b8e73c4923f9350e90134c8dd9eb59b082
SHA256 2c32ef00bf783ff99387cc83feb0aef4958ece83e316fae76a514619ba51accc
SHA512 d6fdbda3fbcf95452985945fc0eda39f32956758dfb1ba6edf46a8b5c094ee644c82e65a5bb6e60d6bd11199da90296e32a369b60a186c57bbe725b57b6c7386

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 261d58a74cf7ac24ce7643f213f85880
SHA1 c26fe296a7169c0572526cb018ed3da27bf2b2db
SHA256 c94d22795c49c0bfc761d57e09db0f887e4e4c69c1036b4cab06b18e685ac476
SHA512 47be4c1275c0eb2d81cb10465fd4aa4a497d7cf10c3858316a5587573726c7b07365f6600eb1793a1c7e91dd24f9998d261cf8f3f8f4c391c0d43ebdbf2e271f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 9f0a32a9c9a5e2aa225b1e004299f881
SHA1 337a81eef269d6885bd4e4806ae751a911970e49
SHA256 22a8782003e60d456152a837be29662a9e0b627f18ca5be0bbd71f48afa728b3
SHA512 f702867dd2810e6cf21484b5db3a896be3626b9f4182ece125fcbddf595b8b9898998f417c78581cec6689059436d56a28d2156b76cd4bd835edd80d79eb730d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 5e5dc6fdaf0aff1b7b1b9c078749f31c
SHA1 a645b0d21dca62ec33a16460c93c75f1cb69b5b1
SHA256 470f6d0ce8e5053734d00e080bed31a22e38fe9a3903f265109a49300c45166b
SHA512 e137fd6afb64d6e7ae05de90fb0f55220e7df33d72fec085bac7933fbc9e6984d7a9f0aded3fd9303b59d720dded7fce60e55ee13825cd39687feb5454dc9a90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe57cc87.TMP

MD5 20b332a6c87a942ce59dac9076c4671d
SHA1 f6512a18de31a2edd6186e130bb9bfa034170ab1
SHA256 9a2c97031d33336493af89e45ab2d3217381b2a0e774f1e1eeb8945e92c544c8
SHA512 7a1cd0f66e273c8206135c7527faecc9f158ffeb12b8ee292c99cd6cf913c7a73c385378ed8026a6576ccf7b4073c619b1d86aaf2037a7d464b54bee8a525632

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\051c60d4-c8c2-426a-9d76-48bfa6fda756\index-dir\the-real-index~RFe57d561.TMP

MD5 eb35d6a53a259d0cb32dd322e23fe32d
SHA1 049f10860fed3da7592632c9e5d89cd1ceb945da
SHA256 2b2e634f735d754a2b0c97675a8307f400e7e335393e4fa4d0411a231c289ab9
SHA512 5476b17fbd35634b622946283462ea73351bf1a01f7181242c7f1285ec519b936220cd70332070bda57955f73feb789ebe04ca38ad4dc08aaa7051bfbb630dc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\051c60d4-c8c2-426a-9d76-48bfa6fda756\index-dir\the-real-index

MD5 c3f19acced41ff6a718414f9066f7ae0
SHA1 774c2cfb6391735df3d8af433419c6d915d5546b
SHA256 7af13eaf2ece7b05f451761ada50deeabb56366c04804127792c6f62a9ea3c0b
SHA512 39987e5b89ac8425055ac09dc79a5f7a2086ce820fe07a793838ef68df5d453e0189c0bc4d7773a027786ae3a2a6c6299ea8bbdd81e6ac4159be4c46726cba66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6f1cb37d43588d7d4fb5f4418dd1d95
SHA1 748cbb988996ed53dc8d57a8d178100996d6af95
SHA256 08d17f3036e219b58e6d6ff9093013f38f66d7849ac175c3af53ea84bc685d81
SHA512 ecbb4c832376642dd962d70a6de73d8ba8312a9b6f80d8eeeb6c8849a1774f54a35a42fc6780a1b0525ba433ac0289c122837d64585bf82061c3e313ec48e6d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 4fed8a2cf5d018766af9a0053b5aab1f
SHA1 4ef8e45d843e9a4c666f7ba5dfe9e616278aca43
SHA256 70c912959e2fd3bf537f2a285f9cd9d20c756dcf2bfe34c932833b7d6367ac79
SHA512 9485df5b083df13c954f68d8b85f23f4d83a0f7520884ddcb56f25966b5e78887405b3d0adc84bc648af2d8e10d25d639ca88ffc03479d9cf6c2c506cc72fd37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 9aef81a979c7698700c221e4cb7fb0c2
SHA1 e89e780d8d64831cabf6cdc39147f1d24b8ad1c9
SHA256 ede077ec944dca46d943ce8a82e0a712847f088bf7336afe93c5e9dc48c604fe
SHA512 a97de5b741f36f340532ef0f67eeca659abf691018bd9a4ee521874bd4f8e03f32da849b1e2872c90116b3710f6998e7eba292dfa6bd509a098fce695be12e89

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c85a9abf10fe36d017db9b2831ea9352
SHA1 907f724632db29eac16a3de93a5dd290fd15dd47
SHA256 e95344a5440ff4a68381228530ab648d8adbca94a3f2d4416bfde325fc988999
SHA512 df1c75d5e30099bc5657f776aba39fb9945e0ac2cd8c40352081f1a6a1bf41a1f16507e054ed993b76b76c2bcc6962d47a13c128a3d0f254226517c88eccb7b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 72d87721b4456d3fe7d1b3a4fa5056cb
SHA1 de1eb7c1f0e2856fd833028608f1f3902df6080b
SHA256 429114a4aae159cd1e0b60531f46699162db2d213e62b128ad81e47a2a61eff5
SHA512 2388807fa64ea15ac48732bc332d057ba2eb71ad58fa2161f24520ff54002749652ea8aa9cd2dc7ee650ecee8bef002f5e6b22c49196fc69c387f30ba5ed3296

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a47d5eb813ce325775a79cd3e2b33cf1
SHA1 51cbd8ae34780534985cbfa321d5be43732afd25
SHA256 d0f3e48bfe928a4a2f1d8cdadfbc69717cfa98f3ac83a659199c0d0401810316
SHA512 2c25b098cd720908f01e0cddf221388d32783d0d24c4b9c72bfe44882d9cec38d12983b431dd1e19a8feb5d0df5cea4e828e5c479668f5d53bbd337bd2be082f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 06c778cd3f53165ffd4a5ae541ef8dee
SHA1 5b13a4c5709f7fdaa55dc3046eeaf4def53cafd1
SHA256 d07d93673c678623bb63c99090987d2a1201a16d4ac94122b1942a4d3bec74cc
SHA512 13b4b96b3a049f488b3ab4e465f8ff8685d7732d51d6a84c510881a8ec415419cb968d9018f7a4b0e23e80ae3d6c3c88aefa09e05c5bac933871e27a17543f0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580049.TMP

MD5 1ef0ce6641d551e04918299b2f26bcba
SHA1 65efa952600c95b50d313c1ebadbf0530eafc503
SHA256 16132253ebdaec1eb7956b3ec2f1ab43682e49b381319951280b8c7580612875
SHA512 0e6a7b1caed74293bc8092da29c9a8f882706dfb4615f30364a24a2bc7f6450ac9942f03bd6d657440cdcd371a220147d4d2874751b389a5aa2356d13acd3cb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae11541c89260d04046c20f9f85692bd
SHA1 6765bf1bb0b5bea39b9d5899a28e8f28af29db6a
SHA256 2176984b58ab901b2b1994ecdb93473858e13d40025f201db7f4fa3d540f6422
SHA512 dd47a651be943d799d01321a0c559b12e6b9372e5c55103b3f4ac0beb5b5cd579c41653f0d164c2db0cd1bff543e4c066956cb625dd969797e0429bb04ac2a5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 00d8ac8e1cd5b9b8bc9738106e279090
SHA1 807d2364447a8afd9ba7dadc3f930c0d5a074b4c
SHA256 a62ac69ac3a929dc7c7003fd428758b439cb666a667fbb29c7bdc0fd688b9b47
SHA512 7d36362ca2c6a8f59cbf8579ac0d5c7ef280c927e8ab2c84415e66a6875d7037de3cdfdebce99d94370f5f5a893104b0cfe3f44c6ad8f0d6970095400d0bd1fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f2688c5936993ee2b6a0235b12d57c78
SHA1 a6df655d56a8637c4301735a6abe8149cdfbc393
SHA256 1985633635a83b00126738a661b01cde276169c85667cc7756a1c6eca5f12be4
SHA512 9ba64056eacbd0872f9daeab1b632472dadb1cf154247f91a55df688695459a2a94e63552d07e29c63546706ed1b31560cc17e721583ee759fa2a095d9afa8c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 a76713407144f9fa3435a9a6e7cdb368
SHA1 3546ccf11975b86a24333b670c675c7f845ef5d3
SHA256 6fed095269cc1bb8378d5221ac0169fc3f1410d8bafdb8c49266afd4214f8c05
SHA512 5c1e095611457ed062464bd9d08d0f2e754f79c5896fabe9e928473c4c4e5c4b0084ede1e4f352b2068208bcf5c79e529c8d1103398e046f9046996b14c664d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 cf631aa5e3da9427925f16af7600d107
SHA1 5fccc5e0e3e0d116bebe5f08b8f8175bfa5b9e20
SHA256 94d097646902a367cbbf70998ac7ed4fa45178a48f2b1dd01176059a2a164cda
SHA512 ec397ac4e5f60b8e4896fbd86612b8a189f009155980997fbba1ad89c2d6addb58e09a2df077a71f5f21d81bb96a8ed3c5b1f19429c7fea3ba96f3a2b83c83d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 38b9865c662b33555c51125ca9d1eb31
SHA1 7346b425f114eef63aed3c32b2b124aee81808c5
SHA256 7f8f65ef9d80a90806d02261f7ae85f9e60d6f6bbe9b5171dfb970a2a466bf3d
SHA512 c1965802fa427cde025f5e736043779ae7ea4a9eee0942dd477ae38dea7f5f944248bad06e7539ddbd7667ca62c9542b7310ad92f212f587f8a28f0e4c88e693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 3cb4d42b6de5697fc27efb5ebb9321b5
SHA1 37c5625b474fee1ae2c8a4a3d59e279f211f5e9e
SHA256 1fe9e7815bbe9ce72681022387126c8aac8fc378ee69178e389f67aa84f41150
SHA512 0958de9cd0418a45301c5fb4fe244f50fcb4bade02596e1b959d5790ac3b7a9382c0c38cba93b15afb1c012d5d593390b04dea4bef9b0ceb7656e771c0a1ef87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 deebf220501291ce8b4abc3055d71b23
SHA1 c46426fda3c9ebff010b0fe38c4968fa47ccf07f
SHA256 d20af9fa03737b14da5c667ccf41b9123d98fabc73d53838c1fbd9c64f90d383
SHA512 ca2450a6e73d7546972c3e5e396c8ed5173dfd7e3e62ba5a1c37af6033a7c8dd5f4332ddc32adabfd166309b406e39004b58097548f7f12dedff63d96be862e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 22b0da95d5064af3595e55d1557d4374
SHA1 3050032c11438c07d72eafb424af499b78201825
SHA256 3f4b061bf11f51c6c321e236eb77399594a6f9fd98780dd9b3866b33d2744b3a
SHA512 9f55fd2e079abc03c2753466a6aa67219e6146d58f1637e6f1cb7980ddf53764b3ac624282a18623121e2530928d27800db431652ffb0be6e776b8135e21086a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 3d9508b1fea46f650af2b5d00335bd71
SHA1 70777bfd66a12e83a25047749a0a4419f65d4a67
SHA256 ae5b0ae69ebdab6b5dcf348bca6ad2c5bb54b0f4c3573d20e9037084417074d8
SHA512 17f8004ad05ed136232894837ca89715b96a7ef96078325acf987a872e162a9c61228a52c1b6acb1b38aefcfeb62aaaa4b3196d32c2db186e83254411c49a3fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 d99396138fab13264f1f7321346e08d3
SHA1 cc5f5e9a066ecb15a9555aa3e06f02d0c1d6e824
SHA256 2db99f3d182f83fb46b085eadf2095c18c16806d011fcce0ed42f9edcb5f9ea9
SHA512 3145796f0ac76e3c9745ff684e21d68cc8ff97da29627f737c34fcba7df06f84a1f8979584afd2fd7a01dfd202ba9973e3dd4ce7a21d239503f4487db08e459b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f87f7d0f3d655547365e5bf660798ced
SHA1 c67377a0f0365943f64f2170c3393442cdd411ed
SHA256 934756baf6cd59a290d733aaf4e3f899fa4c21ff35781486a425f950e884eaf3
SHA512 b5fc3b5a972d6ee17ea3125d09b1191dc0c430a012cd151d42e1d6ea496009b37ba927d29f07887b6832e681e6f08124447ff583c14a61ab33252578483ea5c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3e29f568641558576ff5085ffb052f5c
SHA1 87fc2b079895510e778547ef39fba363f56132a4
SHA256 089885b9712026119bf438906ebe83b65abd8011b488cac8bd1d940b2e13d014
SHA512 c159c44509c2c187d1a70689ab496cc56fed8ad4572d439ebf4b3c4154dbbb5ba5d4f7d5195fec2ed7797112238fb8c509ad9961f47990a18ef9d2289ff0eab0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 504a4f4cf02a54c96088cb8d3b5a1e25
SHA1 6e68dcb5310f8909023294cf32f5c209ca006720
SHA256 10372b240b8764dae976a406572c52f68906da9f054c9a47a3bce722f6b932f0
SHA512 e0a59b33c2abe23190e306122af6382e763151245984d1c95cd0cea10fe440c151bfbce9ecc3a4fbf7128baba5700d2c77f4c44e70dfd8838126382f6b9e4e5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eda766742194ccbc8f8f9797f947ea17
SHA1 534c7d1e5e4d00fa8a74f530e56f93fda5ab184b
SHA256 6cdb8cc4e7aa3e69b267ad7f17875c5f79e651cfd4deade0c2b05f2f24c9abce
SHA512 b4d8218738c14c0f55fcd30c9e555b8f4ee868a75d441ea8c2b0eb70bdc173267df22345403aa8a357fb09703d4382b2acb33f2278c5e19377154f9f78533725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 56c7d68861065d05619eadd3e59d3262
SHA1 3dfd8e82661e30d9d200aa70ddd282eecfa0e839
SHA256 1beec0e6f99a81c74e17f506fa819efbc20a6c871903033817868988278a8dc8
SHA512 91e4d000fbb77ef417e6e073fabaacad0a415a6baa6a1e7716b0bcf29790ab1bb3bf925d0c6a4e20013e59fa19c998edfa9fe205902a8ce407d969c043146a09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 fcfdd000be60080c1dd7de0682580070
SHA1 f9068004efa49c7f74ced0f703ceb36928da82c9
SHA256 a1b545a8c2ad1f2c0bddd7387e47b2200c3e54dc4a8238497cb06c87946491f9
SHA512 38b2e218c3c4e30598c35d3dad327c8ddc9204e094c301057a9f04d45d647b6c0b39275b6a1e83b6af1d90df2c45e8afaef7f7c513fd75cb92ea6e6787c23f58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 166d8067253a5c05d6c21d612062e5ec
SHA1 e0e8fec5208ea5030121285de2708418e7ebcad8
SHA256 264f6c9a7386a55a1388d405c483daa0b9b26a550401e8df26cebcb0fddf952a
SHA512 a47f97939be7c96bdf11cc81ba5bc325c175cf18ea5add1c7e7ffe7f29c807cc05b8022516567e746d4041bb4e077256d7e8c55c6f843dcd6f96395805699147

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 06dd6cbc3a971fb7898aa7825f1c612c
SHA1 360ab0610accf54e6b6c2510438855c0098dcbf0
SHA256 408740a5e7fd9b8c8531a48ad970c86276e7c9d0d97adec682fa3dd19ea90b82
SHA512 05c6fbd5a6781e8154512deb2726271ac946822d1ce38e1af0fbe8d029e43be6095c04a58ad40558d67518abe85b0e771d60e98fa7f58639797bd19e681be690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 c44792d8427c523ee0c2b97a1662f5e4
SHA1 a4c11fed243c1bc06fa7d17123b6e66b4d602b5e
SHA256 a4be26c0aa3cec7e12aafc800459cc98990e19651cacbe5170aea8ab37fdd864
SHA512 f967464e31627000d8827563170a21d48f327059f95208756acbd4a3a227249d1eb6119d543a6dd47774b9853f71139d911b533583af2da135d3a49335759332

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 c7589c6228cfee1351b2fa58fb04d0f5
SHA1 70a3e1824608e49cfcf0ef3be81c0459e88fbff2
SHA256 5f3ef1d118f6ad2fd0f790bf136e1e25e327f47efd4de10be33ce27952a79915
SHA512 f64ee55a1fc7fbda6231968a916cdea9c37d428a4f9b28214bdf1b1a1dc2d403d851aea183cf296b81bd4f8ddced1ed3795f9486712add2413ff73943e603a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cea1c0a593e1a2d4512c34e8f106f284
SHA1 047f59f316ef053797599c50612073dda9b9a779
SHA256 e126d5fa98d2cb01441a1dbc86b98fd77826251a508bb2846429eba23c994eea
SHA512 414afc26aa439687bff3bf120c8432f13a8856445ce70cd3b76ea466ce2944521bfa62baf01408d964441a8c4ed65a067a8b29c5b23e01fb8ab90620661a264d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 27def60874955277528bf6b70e7895d4
SHA1 8892f023125f729c1c6c50023f2676849276b249
SHA256 682769951afaac815247db528c2241cdaa36c61cdda8c31d125fbf3f74a318af
SHA512 ffc907ea6ef6a0cfbd9398f8b0180d7e38675ce297af9175a67a5aa7e9a71e54889a9533a252c4e02f4a58753a0fb436bb8b6ccaa7b6819dc34ff79e502a965e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 205941ec205c56620adf2db367780968
SHA1 990b459db4a538c5df59aff96b77c6cd5ebcb49c
SHA256 13de81fcfc7ce910d3edfadba37d490c468560ba1028963e34275df4b8990645
SHA512 b434fd5efb3ec99c8dc9065e011a2f58c75b53c33bd52064e6d650c847ee7479319609fab6adf23424be5025f50cd6a8a526a15ac78875267c227d7cdfdd0778

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 00b843fbb31ee017cacf7b58efe3225c
SHA1 1341ace818c6d5f7731b96ff711fa27b83d8a53a
SHA256 45d94ad23b1c8948c527f304e99030d44656639011db10cb1880a1829f93b369
SHA512 500ef870bb2ca9155215138e8d7ba5db52092676700d6519123aad5cd829e5eb9f5543f0cf0398b080af3b5a3c5b8780ea0184494766cccfed996816f8e62af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 30bfeba4ed8b0ded14709a3097f6fb96
SHA1 53294632ede776cb30cca74267a37fa5f4831115
SHA256 317a63e827d00d1f4f73996809b008894f26e623e579d8580b53d85fcf9ef612
SHA512 3a23676c9587af76d82ba6559cc66ea6a717be8dec0b8553f7d1048c0fd2eb839141054b8586a208e40d0f9c3fa2646f6495e080e3a884ee5e4f6ecd62eabdcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 ef15905a6699c70125b9a7133afe3375
SHA1 6d2bebca0f98bccea7c55d06048252f8e820afdc
SHA256 8f9465dbf2e3a614d25cc5d0de15269df5ce3b989d66fdfcbe0a8db9fb967bda
SHA512 7e2c8a22d5fd39518bfe758a4540ebfe7e7c86c640c1a3e77dcd76120fc65a82b620b95cbe02678f60763867bb2685f94d6416a02560877f87b3fad023c2c10f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5254dd96a7715b13778e571378ee1467
SHA1 2d24f7eed935fe32777401ef4a91cdea5c3ccd9e
SHA256 c24e86dd5e00957f03bd56152e45bd28b31c1bfe858577ae56473a56b2af26cd
SHA512 56cd7c8dc90614ac842d5081a34766f0ebaad35b25fff6b36707116d6a5fdb503fd0887d33407939cab0c68ee065fa12db842324cc92d23b27449199d22b2367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 d171bd156d995a24934a52746a5a36bf
SHA1 bf6f495770ea2bee58267c5131ac08f32031b00c
SHA256 4fe95e2d8563150f7c8f5aac0caa07ceb4c51334dc3b3e7680983cfabe74b03b
SHA512 57a409eb1d193af499b37d34cc2733718e80facf2a5baa7d56892fabc9f072547671b12f692518f10ec5980523133ab5a12ae1dfbffdfb9a54145fa77e365008

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aecdc85899133c243497df1f5fac24bd
SHA1 de19772352fe037a4dadd1088d75ef7100cfc64c
SHA256 409a777eb170a027a558bdf696fa922b137935c287159380a11e725fffd7d180
SHA512 dddf4e05f27e25c22b22bf399bd1879e75df35c08f2c7292ef1e60fa1cc2291fd8c303c62eb24fcccf96152fa5f32959d94279846a30dfb07cf3e45dcd178260

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 6d55507067ffb05b6ce2941f478ab166
SHA1 53af747c93c3031956f7e57b861ba5fd5e0a40a6
SHA256 044296cc6525ffca47f87b1511de07071c0139e355d7ad45b6bc9b186229b815
SHA512 8dc671e934b8d7f757bc3d0fa6819fb80fc5b08ee26ce5cc164e36db2dd4e444cfe3eb616ee552767b0607f37360f42ecaed3fff71af1ea71c9b6d64b15d0047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 1ea1410708bcf80383e8c5f021c9a42e
SHA1 e6619ad25e964b8baa502637b3674ac40759b0a3
SHA256 f637bb7e035e0f9c370c34a47095237528e30b8c8469766b5394095090415860
SHA512 b7dee018be7e6b8d6cb7dec3bc997215514df8a2cd47160fce141f93dfebfe63321f0ce87dde266590111b63b55a2d1b12c387b208b7169b3864183e9220975a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dc891962ee6bdad2a71a205a1356a982
SHA1 2fabac7e426bedfc5ea82fcce2b13673d18fbaa0
SHA256 01dcafbaaabe3e3fe72f9b2b358a859d9c21201e85b88edf6aaa6cf02abe662f
SHA512 e63cb5f8c907de55c143064c7190f5aa3a834ae3a6e07f87260361ec42a9d6d01cfa326ae576793f51c46680d137ffceeb487675e7f65aaebb57a784d4c580e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 9193b9c05008cebb5cb3885d9fb11b9c
SHA1 b3a3ac719c25334e3a83013c62eec0394fdb5c72
SHA256 c2b49cc68378ae7a1bb4759f574a73c7a189fbe0d14373734db640c58a843502
SHA512 6e042d22660c7c19df875a0527381e1c0f63270370ae8e05802294f8f0af53758d0f74b796a92e0400561b1ca1eabbbb64c2b78be9b758380610c4a37b1eca36