Malware Analysis Report

2024-11-16 15:53

Sample ID 240213-d3f53shf63
Target 9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe
SHA256 9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9

Threat Level: Known bad

The file 9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Checks computer location settings

AutoIT Executable

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Checks processor information in registry

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-13 03:31

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-13 03:31

Reported

2024-02-13 04:13

Platform

win7-20231129-en

Max time kernel

46s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe"

Signatures

Detected google phishing page

phishing google

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB4B2FF1-CA25-11EE-BDEB-D6E40795ECBF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB4B08E1-CA25-11EE-BDEB-D6E40795ECBF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\accounts.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\facebook.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2180 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2180 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1812 wrote to memory of 2480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1812 wrote to memory of 2480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1692 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2880 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2912 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1804 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1804 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1804 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1920 wrote to memory of 2144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1920 wrote to memory of 2144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1920 wrote to memory of 2144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2180 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2180 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2180 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe

"C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6449758,0x7fef6449768,0x7fef6449778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6449758,0x7fef6449768,0x7fef6449778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6449758,0x7fef6449768,0x7fef6449778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.0.1340234074\1131272579" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a634ed21-68b7-46de-8fad-53210cf1b209} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 1320 10aefa58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1320 --field-trial-handle=1412,i,13332999837029623566,16596181755704994673,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1320 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1412,i,13332999837029623566,16596181755704994673,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1352 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1276,i,15535099503968180624,12013530256862877490,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.1.976287662\438716236" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8722e90a-afff-4b81-a42d-90ccf190862b} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 1520 44cee58 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1276,i,15535099503968180624,12013530256862877490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.2.1549200977\130905945" -childID 1 -isForBrowser -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {404ddbdd-867a-420a-aa26-d986f27f069c} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 2248 180aed58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2432 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2516 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.3.1303030823\570254965" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 2776 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23897410-28d0-40bb-b2a4-61e0725a7dab} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 2396 1cabc258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.6.1997357000\914317896" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63d6ada7-713e-4828-bee0-b4e3c5764036} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3908 1e8d1258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.5.1337492067\578070495" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3faf8963-f7bb-4b12-8d18-f2d81935d699} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3744 1e8d1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.4.1416722162\397447695" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddbb57bc-bdb0-40e7-8aa9-0dcd4ffba566} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3648 1e8d1858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2012 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3508 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2800 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.8.453373213\1489012104" -childID 7 -isForBrowser -prefsHandle 4308 -prefMapHandle 3568 -prefsLen 26050 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07842d80-c385-4eca-b2df-6d3a24638e14} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 4324 1cef9258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.7.1373600028\1644053594" -childID 6 -isForBrowser -prefsHandle 4276 -prefMapHandle 4280 -prefsLen 26050 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f5f2d10-2a0f-4332-a403-f38bdaa93ce2} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3216 20a4b558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4436 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1840,i,3292901226073143149,15601958363604690945,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.9.2122917140\848383453" -parentBuildID 20221007134813 -prefsHandle 1944 -prefMapHandle 4660 -prefsLen 26225 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8d8110b-0413-42b0-8de2-55a9f3bbd692} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 4672 f8ee858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.10.374720099\174227044" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26225 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79974a90-fc03-4ed3-a721-f70f61aa3618} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 4788 1acd0d58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.11.1249606347\576322823" -childID 8 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 26490 -prefMapSize 233275 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8df82cf-3981-4ef9-b9d5-2d8926643224} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 5060 21a3e158 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.licdn.com udp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.227.167.82:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
N/A 127.0.0.1:49466 tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
GB 92.123.128.167:80 www.bing.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-q4fzen7e.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-q4fzen7e.googlevideo.com udp
N/A 127.0.0.1:49548 tcp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
US 173.194.57.231:443 rr2---sn-q4fzen7e.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 rr2---sn-q4fzen7e.googlevideo.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-4g5lzne6.gvt1.com udp
US 8.8.8.8:53 r4.sn-4g5lzne6.gvt1.com udp
DE 74.125.160.233:443 r4.sn-4g5lzne6.gvt1.com tcp
US 8.8.8.8:53 r4.sn-4g5lzne6.gvt1.com udp
DE 74.125.160.233:443 r4.sn-4g5lzne6.gvt1.com tcp
DE 74.125.160.233:443 r4.sn-4g5lzne6.gvt1.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 e2c33.gcp.gvt2.com udp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

memory/2180-0-0x0000000000280000-0x0000000000281000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB4D9151-CA25-11EE-BDEB-D6E40795ECBF}.dat

MD5 f48acdee06e97a48dd93c443ae67260e
SHA1 4fbddb29b614a9be6d7852c242049e93b40b931a
SHA256 f9c07c6998ef76b8cc777730a703792cdf217c8fffb188866cd1762f6b1f8092
SHA512 52475ce371cf36473a8012568c7b49ec5061c6b0b2a42ab6600622bad926965c573fea5e77c998f543d8660261b49fb92e8d3543e68add0b6800b98093d24061

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB4B08E1-CA25-11EE-BDEB-D6E40795ECBF}.dat

MD5 9a12348eb0e5204e4147b495fc8c4e86
SHA1 883e87032cc58e5319a83ec985609e8478c84a02
SHA256 649bdbfd4900a57fbdb1661b4f9eb089ff92cd03ed668f3fdf5007a80fb038f6
SHA512 9cb747ed1e5f246d909df377db8a720946ee2dc85d054374d684727ab02fa7423689e1f2a8237258dfc354ff9d1cd5d8959ebfa1b94609e9a6f922fd9e0b319c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB4B2FF1-CA25-11EE-BDEB-D6E40795ECBF}.dat

MD5 30a519b6d1b8fc7d58626f01fbb3d34e
SHA1 6a77421ebc3141f0b1d0f91ef1e51fbe23f503da
SHA256 0c1deccd8d5babb4e3c7358ddb808a3c9cc71bb24f6a887861078419147de8f2
SHA512 cc23d3471a5b7c38c47630ae1fda1e9e858586a581fc9699b8c406238c781f96ff7ed7fb419d0784991ae5f0377517c6791b537f0b599e4da9d4460ad3aa505c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB4D9151-CA25-11EE-BDEB-D6E40795ECBF}.dat

MD5 f59cd5862ba5cccc01257dd2b47c7a69
SHA1 e71c91d5c6eaa422e129c366e296177e996e68b1
SHA256 2568d9a338ca1cfb0aa66e809ae3cdd21c0e7303cca0ced048218080d746b602
SHA512 30767243ecd5ebf5a132608f52f4238e0d1be3842635d441fe278b004b38e6440513d2d71cd50d1981a18f39521a837723007183a4a5f427cd43d8ab6ced73e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2203.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12cb11c9a9410561b2ded189edcbc1a5
SHA1 11da4b8f978b222430881c9b5fb9311a8572ba62
SHA256 16c65ba0861dff57bc9b9c241aa09c0d50421ff3753731a1ed699393034cdc04
SHA512 060abe3dd39148b34a3299e47aeebbfdfeecbd5093ed2433057ccb759378232c27c78a59886a56d8961233ae4034e636f95f3d7b26cb01cd559a84115d7bcbd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0e11d1861c1a76da4a7d840d3f3dc821
SHA1 2b2555942ba609dea5e3884f1761be07d0c3b9c8
SHA256 1c904f9d5a380dfdfb6a881325a24ddd1ea4184dda0610d2bc9e623f3773e5dd
SHA512 a1cfd804aeba25899af34b1b94e7cdf14837fa83d27f78c806580ee4990aa7e904e49accf7913a58dd33d9936f86784804a606d309f81c2c7232afa1475ccc40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b012a280bab5d12db18e81a18a45f6bc
SHA1 ce57b88bab7e2b502a8f6fbb028a766b07945f79
SHA256 5a67a05540141937c9072aaea2405be37f7b2a1174cef001755716d3d0fef348
SHA512 b9eb1c72a44198cab4c17ba20772433b973cc978928d36a9c18585efa697ab205702d1f43f8b2f973cc65742c1bae0918c417b3cf234b70050999aafdbd0336c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 d1bd91f1e256cdacf4bf4ea123dcfbd5
SHA1 5c4c7ab6c107d4a3ffb3f1c2330f06557ffb60bc
SHA256 06f6fba10d7f95f9af53a2901f64b977b0afe2350303697de9218c21eb6de6bc
SHA512 2d0ae787b7ba756e5076dda7e29cdfdc3f9587e9e28f3b677963a499c6e2861855fe525565bbc2d13203043854e3d1b3fa8b0b568daaab145a2de81847562e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ef1b5e18dce37dfad821fe307449812a
SHA1 3d0f37fefd7aa5ca1a23cbef893e4f2c968ce818
SHA256 f2ac82ca35aa86fc861d0c17b886ff812a8602666144fa0b1628483d14f1fd07
SHA512 9857d2d65176291819134713fe052ab3beec4e74f903e81943f9dac4a3322b4a9854471b661f73fa82158f8cc6057774599cd728514e42fd06ddee84b5da7b97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b48991dd0be5d82885d43e0a96689219
SHA1 364e5b271db9cc18f3165e175e124455185bb790
SHA256 b8afc7d041c10210e034dc8cd6dfe51dbf9e8a521a4f28b0f1f28501f3142765
SHA512 4b877b33399eac08844f24d478ee4a80a68bcd7e2dfd5643a6cbfb75409da523ac908b9e45138850dc0b52dc136f05619b199be2878eeb945808c9862b7296ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0a3dc5f0e43b06fa700cd63fe27b8b5
SHA1 2b2a658843149d0a845175c331ae2d864b688480
SHA256 efc0b1338ae2ebc4f20a7c0d2a435f3e281db8e487a3758f9c5dc5e993c54347
SHA512 26deea9740b88faa47af00db9bf2f860d43c4e71c291edc9a23f2d0742b1f7fc0a9d7fc5c4a15815b455e9ad8e1694b798cbfda1c677b239b5bdf38d5a9ab23b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b6bb1ca34a483311e992e24c232078c7
SHA1 48db24010067f2870915767dc084c6fe115f1387
SHA256 77aa96793d26abca0e5104f84e3fc839c0c97d72b70759c9ca28ebd2de6d7b0d
SHA512 9c492807d07cdef761c27d7f2a7ecb88678be81975c964ccffeb1fd6278944fc733b64c6b65b9d0c91982ef55d80c7dc3db4b6bd3fd5e368d525ba0d0c3b25fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 389825bed519b6b6a38a63c7a4053540
SHA1 ca5031a6de379648bf54f969f609436b87d1dc39
SHA256 55e89f5aef1b2519019eea6bea2316e8816a754bb0caa874b516be37ed030cc4
SHA512 ac3d5a05cd82daada7f3876faf41cb36ada73869b8095f8f390440c316c3e203806bd7315e0befeb1e3c2fef12964025c6b47630cdaf153e45e3d2586c9e43ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 55adc4c75bb321bcba23e90debc0cc9a
SHA1 572034a5349ce4807a015c608a8168a9ff80d56e
SHA256 57fc0f1b808b66b16990c908ea98ab6bdec78adbd74588a5c700bb2ce7490623
SHA512 b85b0039e4f1454cd271d199c5be582c6b31808f407db0d329c9db592cdc147c6a9496d51c6376ae866d22a5e20326dd10a6cbc469ee0713a1074dafc0c20962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8faabd4ce310e49afc67996c82ec3f39
SHA1 f8ce492fafa03a3ba4019edc5736f48766058b0a
SHA256 9584cc5f74b6c080e0557faace8e5abf00d637ce052072ec9924bedb795d6a44
SHA512 17741b8546e18be551a640b3b0d8d9408fb7dc651de46efd17168165ce7ec3d7bf73b97934f14b37aba5a75e623fb293f8813da01391bc5fd2388d99de61c2dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 969b3a5b81b95d03697fd750c4418b2c
SHA1 321a455f4d70b58b302be208208a648e8a7e3553
SHA256 f7967553d293e733b55b6554a87ac0675b0525ea1f2177acc2ec42b893479f05
SHA512 8bc7913111c6ca96b8958262d7744ee43527a65c6151ea11584b162d31b6d01d788cf42c09a241a17622908ddc9910c8ea1d2ee4bcff957c4e08d4bb0027ff2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a35be244a531558b97a75a43cfa5d3a0
SHA1 e8fef621c62ca46178807c104215ba265e542f6b
SHA256 2f209cdb23774a25536453f1076314467c74968bb775b1e80e9f6fc0c11be92c
SHA512 0bf153c513d08dc57727ed0b9034559107e02e85de27ceb051172d38bcbcb749c1f2ea38e4586a2bc20c2774eb358baec081727191c32306d986bfe8962b65bf

memory/2180-224-0x0000000000280000-0x0000000000281000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc224701d3988dd5549f5d4adbf10fe4
SHA1 bf7837f102c82b785f087208d907c86f3de96bb4
SHA256 ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21
SHA512 da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

\??\pipe\crashpad_1920_RICIGFHGIUTQAYGR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e93d55cc-b438-4648-b93f-d9a7fda92b2a.tmp

MD5 0e448cf57d3497223050a43f2f27ae2c
SHA1 6f2009661a61386561cd65fcd2d587e762b73a4a
SHA256 26cd3805463e1bdc4dd7bce8914b6d4c354623fb42e168da8bbda63f1bd9b724
SHA512 5780f86efbdd0e1123b36c68e25097b5a074771e8b48aedf5ceffe143d10f00059048b8c214c9b248b2b5d798d8281885ce80545b06cbfe807d0a495babe5f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf766d44.TMP

MD5 3d427a8bc166365a06f3f5ae170e2b93
SHA1 76045b2f1878fbbe97582057e4259947a5a99d71
SHA256 aa3802c190cb09b94fe6377ace97aa2b17129a405ad134b722cc379885755f8b
SHA512 5bea5a49cb1a65dda9658ebed951464911e57e100243609031ad108602ac47052240e5e110eadfb2e65523bcc68c1682e776d3d2cf0a3dc6ebb9a1f6c3c6fbe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin

MD5 bf77aa77a0805bd985ef2cc701c5afd4
SHA1 5763b1e8c6c03c25ba3d3e0240dd7fc0d403bca5
SHA256 b513e505d7a7bf6c5fe2971ba6eefc6fe3b848df01274477d18bcca72438c2ce
SHA512 9fca6ee0cc15e714c2a382f7dcad3e6f2aefed32b81b9ae8ac11b5ef69ad29cf31933b1774f6f84bd4ef3c76ae5b6a3d0b0312caeae5da3821e0c9dcef9e61d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\a0ff8053-d6b3-4bab-b3b6-09706fe65371

MD5 29ea3af0e3651d715c3480886a444aea
SHA1 328b8b0d76e45f1ddb4746cdafc7e0f1ef3e6aa1
SHA256 8c19baa6adc99c04717a84f90599a160847210c2ebc8f025b2219607dc301ba5
SHA512 e45bc73716e351ff50d26750162824897a93f89216fec0fef072493e56516cd756e7d7b43a20f19adc5e505db07a0f7a700a80aecd026d0290b48308bf93eea3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\2ed3e57a-c56f-45c2-9aaf-076382008765

MD5 4c9fd3a1c1d99db12a02d17bd53b18b6
SHA1 0bfbf059b6aff2fce1f240ffc51465a80fe30082
SHA256 b3e735c9934b9fbc6197152f317a7fe0f9bd0e62079ee77154665912edafb17f
SHA512 ef959f4bb01752a16c43fc4a746da9b4050768255e48430b6aedc842e0b4ca43637a6599216673f0743d14eda2db7435ced5047d9d556c05f98470f868b898e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 1eafb519e220f8c8058e5fed5b8b655f
SHA1 5887ec025353d6d46390446e36f4ddf516be6c07
SHA256 df15aa54bf7155a9027096e97a16a7ed7488f969c621bc46adfaede91154c4d0
SHA512 10d14f6f744673776332797f8b556253ee67fd5d866ba531d99d49a2d6c906890bfff95a378044f33aedd6f4afab6b18d217d29c0b879be3a8d3a83c11bc48e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752

MD5 b496e2a436d7dfe809fb9aded78da56f
SHA1 dfac235624e401e7f67406d1d78df560fec5fdbf
SHA256 6efaa2466b370f958419920d9785cab38cbe0008432c2d59f27f064704195730
SHA512 d753ca2058bd53aac208935245f9ecc9ce9dfe0c97489b48c78c08a22f3197c3685373cf14a1a0190a092a71abb749d76d44fcc8af4f102e241aa73af2b305d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 906b8200cafa398abe9d879c1727cea1
SHA1 b49a7c82ddf4963b24624032dac5bcfc98767990
SHA256 d555242ee7fb4aa0b40524d15d9e46d55fda45e634bb1973cbb5e2a02da2cfd4
SHA512 aba82a7000c61785370f86a01511ddfdfc4ca6f2faf1091dd48200609173e1e8930989e772be4276d2bff160ea83065d5e162ba403209a2d2bd7806640f4f421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 fb0cd142c12ef222396eecac0c5b9303
SHA1 7c202fe783235b7a9e8a1b14393c166b42d58fd4
SHA256 5655f4e20ff1610e90fc053eb8a87db731d99fd2624c04bdacc9387490b2c9e8
SHA512 15102efcd0c5a1720eb87397eb3f9df243f956e2022fccab3a28aa07bc4d743621c729ac25c8eb5dba93fd6bea56f82dc641a0f770341973eaadfc95d84791ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e51576896f4fa1a6478dec251318b761
SHA1 3241768860e93db5dce75cf9f401b89b3078dbd9
SHA256 7be5a7e844e6ce95726db4b3d2ac1c46b286a494f62ae68dd6a4ca585fde37f9
SHA512 b0bac3c8f07b21b215328ed88edc89a62d1378466f154f392792a0b7cac169a77bb3b9c9204ffb98111e2dfd3e50be22d367420de4ba954f1a67f8f25f80dbf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_82FCD36BCC5FD87B35DFF8FF8B1DC2E4

MD5 83c972772397f561ee3c89f3aad5ffa5
SHA1 a63af3dc7eb4ed648938dd023f7a862cb0e73f91
SHA256 3e52a530346e22756ffe008c4760fa3492a035950e2c4866481ba799dee4199a
SHA512 f74ca721569216a7e24600ab5a1397b783f8d192a46a5551a18a7a1a1c416a30253f4aa40963e4ca11b4a85d413a081e1399161b0876e39b51bd14a88e83b293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_82FCD36BCC5FD87B35DFF8FF8B1DC2E4

MD5 c93fc0a835b4958ef820b4b2cfeabbe0
SHA1 40f5065c43e0bfa2544f985a4cd892db3cd1f158
SHA256 c2cdc12ed677574150bbab16a5ca3cb959189ad4c5669ff4368f72211efc3b28
SHA512 6a1aaf7e5004f59af161520348e2d65219941a2622bf69e5e05e7179771b60cd4fa9f70f227d1fd77bf9f1c13d01603657ab5c5cf1b6d83059d4ecc1c84db7b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 8d3a6a1af8bd6909c1c423d4d5bf0c3d
SHA1 1265338e0dbb5172ff44e2e79648e5a95206a1b8
SHA256 ca578712f2d4dfdb9596700499ca1882ec85566f4455483e87cc22f14969c0d7
SHA512 8a8d478f8942435ef5a8a9cadf3dd248fac279d2acf344927805c1e905e6ff2bb0fd062d05a107686d3e0d7cef6ca0895c0ee162beb61350e381e37f2d2016aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 54d62397eaee9b7eb3818533d5a45d39
SHA1 39dd59f722e957a8038b12bccaa94aed1995e558
SHA256 f1981743bcfaf9b6bacc7611c7174b52d227f759bd764fabe12ad8d04f615ece
SHA512 faa59fda187a613f7f97de3396c401ce876fe7ee08acb4079849a8d99e28523181574354407ff6eeba8fbf687f00edf2d7958cf0152917f9eb464181d1169c82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 06dd5cb314f5914057ceb2f849d9d22f
SHA1 8a05f45a259f56e474f24b77ac194bb7786bb88a
SHA256 d8eb453b9f7f009f9ad4fe5cb06181bb339f77d8d25ba395d50eeb089ad5f195
SHA512 1d278c4270f511bfab64dae15787aab62d2d4bbd2bb19033a7dcd3bc94969bd3ddc3fc4832aa2d14f82a4113b1df886b98faa258dd64550c641d8e68565d91f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 d55994dcdd4b219be1abcbe56a99720b
SHA1 f4b546a5fc65bcf2b9ab1ad2391f9bae87f36ce4
SHA256 e5db27ee22dbd27b16ed1f10b65ff0e574cabe32a64b64751bfe6239ae241ff8
SHA512 ccd8bb10c7bba2a457eebab07598fcf4e2bed3a4fdb4b5fbfff915a4d4f34ebb744e75e86f4c6967e926885d18a48f6204c2e9722b63b048a63baf3d1e2db60f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 aa49cf0f1845367ca75ca037d42cac33
SHA1 a51aa441e49f4ef82a03f4de92c6f47d77766c57
SHA256 cd921321e8311bc4061aea4b15a93e8bc7611407d02d9f8e780c9a17b654d4f5
SHA512 8fb0fbd5f7ab63fc55e804a8cb5ab416738161d7bab39a5d451a65396b9df8ac6d170685bf142faf75ffca7b917d47a062caea8f343a3d6667aed004e1128a10

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\592EP26P\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U93R6JMJ.txt

MD5 ff5ecab4e90469e64a23139416febf4f
SHA1 8afd435cafbc1c68f1613ddc192fd3e5501961b9
SHA256 992dee671af0c0a117e366f30fd2ae8f8dd2a211cf68bdf09b1d3b8c08406821
SHA512 f2408492bfab1a1f1d966f974905947eb604f199a46f904d88b9bab883ae6c2773625bc637a2f8963a956197e7432ad496228615bb6da042161d4c4cb06afd28

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 b78b163930a6406ccf1d58f776403088
SHA1 95a8b039adeb55dc180b3fdcd114e8ad27aff7d9
SHA256 b2562c238979164ed195ace3cbc5757e87cea6df269917275674509b880ad616
SHA512 7117070e599bf02b028f3bff3e1d054c90efeabc7117692abce7411c27019bf36c74dd024457634c99ab1db44ba05b3843e475927dffae7eb44d6414a6e6f34c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 98b7ed97f6ded0060c4422968437325a
SHA1 cb6bfce75a7f8c30393c48441c9c73c9f829f1e9
SHA256 7a5f9a99cf55ed82233d7f3a4ed9b5aa7b4db1ea68e31699e07fae0fa6bf3cdd
SHA512 d7b549fa2910d779e13f6696efcc9358905d3fe601718c06b23b0f6a0c4c63393f05f28613145c08c1021861bac08743c12169470220dbed9ced8b0a0960a665

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 542e61907ae06ad8a1069e48d7b16417
SHA1 980f7e1c55c8541a5ef49d1ec7bd18d382384c8b
SHA256 ed1ff60812ca006ddfa2f889b091e17e4f7fd1edaea5d8a7095a804a7de8663b
SHA512 3051606ca0d5d88dbb64b029e784def7e30abd19d7d263e8c0f67d0265fec509ac269f21469bf48701c2d0696a73eee4194f942b4fc2c6cbd59e3f26fd08a845

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBFNJSDF\4Kv5U5b1o3f[1].png

MD5 a81a5e7f71ae4153e6f888f1c92e5e11
SHA1 39c3945c30abff65b372a7d8c691178ae9d9eee0
SHA256 2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e
SHA512 1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76af33.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q2EJ31Y\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 9978db669e49523b7adb3af80d561b1b
SHA1 7eb15d01e2afd057188741fad9ea1719bccc01ea
SHA256 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA512 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 26388caa4e8aee27b092bb37ffa3560e
SHA1 08228e6db047080874faf627f53748fe6f386c06
SHA256 9416d5e90bd5e5db3a3fbab2ebf9e15a020929d529cbea81f1c18ca27fb1cb39
SHA512 70856106b06a1fd35ecfcacf334a2441ff6dedb2263154f49b1a169de618b8008b96ed319e4edb706cc523c6ddb28d4ff0fa74e6ea9dc3898aa94a212dac7b00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96f217613de85b7c3796aa8ffee74fda
SHA1 044a620ad37450798a9a3fc585b39adddc54b8c8
SHA256 82c7227bda821c709691f699b26740239e9373ee2f35dd25dc556ca57b1b8d69
SHA512 27180d831d0d2dcb179e56224efd179e6bc5e2857586b30a6220f658980860ce46e545906d103ad18cad2240e57b99026565eb1322f86378c467f07bccb3b7fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b64b2d9e556eafed73e3b6644ffbb26
SHA1 37ab78a9df4a460341a5e28dde94f06fa34e0d59
SHA256 c9d2f15728939e5301b7d09accd91457ceccf6d550836bfffa755f1b0ca3ddc1
SHA512 38da7c865de779313adb80d34e2987b6bf0944c6f19cdf5dd41d1d7c3f8b31d645dc8f287424924e27c555134f1c0ad24e393ef8d588029362b7cc53e80af12d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1db8e9ac464ee282724ae1c1ab5bec4a
SHA1 1337e1258760599eefc622bfcffc3a674318e06d
SHA256 0dd63a49ad70fd2af54492839cc1ead70c36b95b08c690c695257e28e5411e53
SHA512 cf879e07e2d5c1519978419f374d4c0af568760dacef875d7dafdd401eda034a2aed7d4c05a47cd5ee06acd22f973450a3ed5424094b3a691bac8dd4d56d0fdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01e7ec2a40481d7dd05e37850d9cadda
SHA1 33ea2fce12ee5f7eec14d788eff96dc3ed35074b
SHA256 4f4f977dbe46df58d4de4abe6a805845b73a00956833166532a6ed9c6cc8659f
SHA512 d9f04e335190003fc942b7e23be10e1631dd2422d576f877aca0e99de3828dcd0d303debc7e2220134494188fe372beaa03c8381da1aa2633e3b7f7b43e2727d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 50edbdb2d0cc0259c2bdaaeb050056a6
SHA1 d42c4c9d9883373912e6cb5082eb775e05463f35
SHA256 54d54e72aae12698c9dcdaddd21015b049846cb98364fdd77b5b7ac788beab28
SHA512 99c62d442b0485be11bbc47831380281bd7fca84e7290013deae5729f51fd91f000d9c55c287678698714a2f9ab454d164ad8f04b0564358282017a77d61d3ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1920_534197258\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e34e84c1401026833f1747d1bd11cdc6
SHA1 161756b1d1aa3f865b3bde3a04e93ef77dd47ea2
SHA256 3e3d716076313ab50dea6d6ac89f2d2be8f7c4475e5cf948ef407e158d092a0c
SHA512 65d567024e88539e7a77ca93b86014c9aaac2915387df557312427742f577bf5dcce42526d0c75d8e0eea1c42039dd8b3ab0afb96a406d4b96bbe7a91822c96a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b206f6dff93c654fa23a5d60d04e47f1
SHA1 bfe699ddee2b92e86a5c08e75ca56179ac714d5d
SHA256 3697238f0ba91322c00b5bd7cb871a9438f86ec80c8b560d052d5f959989451e
SHA512 e6e0f99744e02dd399c1b5779a6c459817f486039f001ece29ec82dd403c117e68a3b201139a7bde9d8f75fd6d52da8dabb200addb4bf429e604b513731ddd9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b1320ead45be120246ebb6b49445099
SHA1 8f2481c1bc08b8b4cb7c1101797650c4afed2f14
SHA256 2b61e5de465fab37e9fde1bd0db01b80d3e59fa4bb3c62ab90f7f4cbbe755d67
SHA512 45abd5536f842bc64c5ffbb5b7379935e022c272dff0487117fdf77fac6ad5570b1359af60ad374bd427f4a43ebdad809b5d4a7d9c24b611b65be2ea10b3f750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7aa5324ad6bb74f58ed0405c05da09b2
SHA1 5519a7257e36c40579d3349ba32c67d89ee24439
SHA256 9f8c9e26f113ca7d47b6a05c1628e1de255b25b6784e7b82a9f41977cffcb915
SHA512 62d466354ecf39e762e0344d543043849854e2396875cd4a4ddc8fa904dac3727951bd750880997ff6d6513d93fc11a7449b03ac6bce730ab2163e96047d3258

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29ed2cc4fe6698e13f6b235bc8136769
SHA1 74581b87ec4b7c342081213819f4af4eae82c1fd
SHA256 eac66318cf4ac5deb1aa6da499170caa46d899002e19b8a29a22f3f28b1754fd
SHA512 5ebc73432d06fc78b140ecf479b86fe5fd0d79dcdbb940494d6bbd47eea23d82fe4a504dbf88777a3f31eb9606bfefca0414ee7f02734962dec1ff04ec5c7979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ea782db2dd5d43e1d9619ac0822022ac
SHA1 6b517d7164cc0008ae6a09d900b43cdf757a0cda
SHA256 50acb176cae43e606cfd2723ca9a3a50e4fd851e1c49f58b0b443b6d62602380
SHA512 226365b19c3524a27eff9364f9016f609809046c87bfc549576c49119aec0e4cffa0186d39073a4422f82d9a26e3e619fd7bceacc5d52054d1c289ade0a7d799

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBFNJSDF\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\113\{7fe28f4a-449e-44b8-a43c-7048f460bd71}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 0a50dd839f03ba8f9d48be401711c4aa
SHA1 ba92a59487828347d2a649c669c84e471bafffa9
SHA256 4d696db1f24372cff3f2bdc9c9e8966a57234b22b8b7458f596b553b3ccf906c
SHA512 7969542d32c02f0da905aca45e44865bfba93e5962cda1beaf2afed8dac4fa2e3cb36e28a5320b9c06b82bc0e1aade5baf190d00fef44942cf0f54f320aa12d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\idb\159200559yCt7-%iCt7-%r2e6s6p9o.sqlite

MD5 2db5530c96d86da1137edb315c3415e1
SHA1 1d9b022d16768843f7733f0b28bcdd539c1898fc
SHA256 2aaa4a688920d2b878e48dde1967eaa57d9b35dbb226086289b095899d351c0c
SHA512 f0adb5f8c713588e7f9b71a22ab7601f64d8c5992648e67425e159da1426a6e54adbb25cdb425ef4c204d7e326b87da574d1a1d568f57d34fcc157222587a815

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 6f8f1a32a8526a6a8e292879c020c439
SHA1 cbe3c8155d498db0fcee927bda209d5c3d7fce64
SHA256 5bf65702d9944ca7443da4853180790494cfee474052898304e5eee053054c84
SHA512 c016274be34b8c7607b082f3abe7a6bb65750783fab7cf1e93290948c6cf149a7d8cca1c1e7820615bc6b80499c8ddbcbffb0ba3c32eb86c84901cb9ef586935

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VDDB2L3\3m4lyvbs6efg8pyhv7kupo6dh[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e11da4f38585ccd7fc942074cb2ac432
SHA1 bb65ddbb1eec9a813a530d16137be2fe39c42206
SHA256 329b3e0e5128efb95dbd490becb3f5fa531e653964f0b868abfa8ebd1614d98e
SHA512 845e28bac02b9fa1df2fd253bcdbd520283c6924a77ee79a7942eeee9cb641ead30a58854a3213b8cf3d873424939cea712f26d127be11d620ad8ebdcd42117c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4610de66-4ab3-406e-9dba-a0d004cfc195.tmp

MD5 983c411e17c0e42051bb1d50fb5a04b3
SHA1 142d5a9c66361118b899fe520f320feaa3bb1c14
SHA256 66945d6d7bea05bb9ebc46ff16e810ffcaae13008edea61e8a382bc1a1dd1f93
SHA512 deb6b6cf7884e20e5a63bbcd208634bd87d8d91e138b158f78904007c7ac9411dd62a0a71e4ede7868de780f8bf48b699c2b5d0486861e8e6308e3b975457e4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 459934ee3d99abc6739cfcc0e4c7cdab
SHA1 d1b4e8fc0f07754500d01c65983349d7353371da
SHA256 ee515d8d81f0c78ab92b99ac3ab899943299b1c63d6d1efac61a22b7ed05b78e
SHA512 ef49b55317ba4596344ed2000da943242a168664d37fd0adfd4bf2b89307e3abb6717d8ec0e1f9572be579e6e7612bcc316c135acce3f9728241f332346af0fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 529bebf6b8dcea5e7a2733acc036abd3
SHA1 e3a2ae0d392f7dea6efbffc26ef6b373b49ca62c
SHA256 f8d77bd301830ab78d5ecc66b9f0e93a640da778ea5faa92cedb3350898025ff
SHA512 8da38fd6f7447ee44a171198effdc847e62a61f5626c3573853396bc0718394248a07c1793accf4c8cd16b3d11471a5a2d779747e2b381c5ed2714a08d98ef67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 051c9a28310b44c9c5ca335a055ddd6c
SHA1 479b184c52bd45ac26effb57cad58041a536cb94
SHA256 d8c866f2f8c72619272143c052c4d23fe38ec6330782d75b255653830540f817
SHA512 0622fe8280a6436732da3d2c7b632d205ca65b6e7990164e3bd32e42054b2d5db6e6384a3a5b767161c30c5f2a2fbd4f2a50777ae3d39a9d3627684ea3985bcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bd7c89ba208afcbbb60294de76704bb
SHA1 db386cdbb5d2767c4f73cecb1c52ebd73b528730
SHA256 49180910227911d5f99dcbbbd3c2cb43bd0ea71fe977f654e8ad2c3a2d7cd63d
SHA512 8b56982f29586a5a218a9fb3c1561806968c1e731bae6b589b60ae3482a9a5c29abc846060bb9906eb65b6e3d88022b8cfeebc51b18a328157cfaef5a1bdc73f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a8b9190cdc1d65ec004cf56eaee3656
SHA1 56b9ef698211d2d5e29c6d94858a9e53fca65950
SHA256 e3a5e20443e405d4352dda317ec103336c8386331d4912276aed937e68d9152c
SHA512 f74fd14a0c0a31fec9c59d72767804dee5af9bd6340864e5830c7eae8bafdbbddb6cf5659e274328155c43cbc7ff316a9585176e1d8d446f2ae24bbb836465ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 025e9ce8af7c8168f512409d9eec81df
SHA1 6e86fd0f690f3d58859a0e04e5dcb9b2e02468b9
SHA256 e60a1a309631bb0f57912951a3cb9480dff6fc8f43c62f48fe9042c0bd53f078
SHA512 24f67f71b123cf2106417fd7e40545fc3fe8abfa35bf435ed0a09eea6074d7f33a59b8ee00da406b3f9cde4059cf7eb19e96eb69bfbca7380d1c2a1ed9a31e38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\61\{5a9520c3-23fe-4aee-b35b-cb8ad35e7d3d}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\158\{fdedd00d-f04d-4d86-b98a-26715578739e}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\default\https+++www.youtube.com\cache\morgue\48\{1a04f893-332b-4af2-b631-da6f8432a330}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6c669d23d8c86f08a61b5c9d65ce390e
SHA1 c8f05cd68a335b50a2159971114fcbbfa305a0a4
SHA256 05de7e202ec19b358f4e996372c48588b5f6b3c442ff6a76c9983545447e8c05
SHA512 dcd25c867f3f162c4a3ab4d1b8f2b535ed9bb18d84ec95a346d1b4f6e70d5505642124a5f56123af1ccf3f06c8aed2f309d4c939cf4082bb266e346b9fb7a8b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 29593f763acbec5612106ea021673910
SHA1 7b71dd7ad024302f63b8b23d7589b6f972e0c38a
SHA256 481fd8865b17eea79105ea69a57091155d4f938f8f6860c4338d6c57de5f50c1
SHA512 e705e080394da37abc0a4bb8143313019ee87c4a0acdae7bd6d15670c9905908576e8b778976da4e825927acf6c52ca72347dc1df684767835f327a034a1c691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d955593f60c1899ce2c631eced0d2560
SHA1 a6310d81873cb8c227ac0ac709449134db5ba435
SHA256 921026509d334f0fb4db2efc798572ba672b9f3ebe616fcf1e0e862631fb4c46
SHA512 7e357608a3d1e7960d5cd098492f8501faa19e06e9937de184f9f358b441ae11b23471f10673d35dbcfe7405ea48adbdb31f964e0029af080db8b9ad6ee3bddd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b907eefc6b27978bb951d00c5333197f
SHA1 d28b10a2252739e178e57d739a7dbcfed7ff6c41
SHA256 557c9a0aef90cb2d6fc77f4d9caace37135a393b1827aadf952b0642f76872a9
SHA512 9bb5b38e26a3029d8a57addfe00f9e371eb62b08952f2c339a6df0f93b0b7db7fbe913bdd754ee3e9c2972c6fecb7aebffb08bfea79f9b17ce4a90b2fa613ad6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f574281c1bdc2bb2b65c4d3f3c08c8f2
SHA1 c0edb58186ffa19fee4c6180e830ef734d145eaa
SHA256 2b6e6003f8a6d0396c8d71d90b787b7b446fe4a48c399642f7e8c05ca824b7a4
SHA512 6a6b6844b8aeb4fd902de1bcac3aebd33b61a1b790269d84b82169438fb12d7d00b6506a1c53fbcd84cc0850eba393f81cf0b0f38ccdcaa5aa23efd4fe7f13b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js

MD5 c7e26926da7e94de53f65315b2c31c17
SHA1 51f1a6201a1eb91ebdcc5d14c43c9bdce70e475d
SHA256 b0978db96ce353bfbff4a6ca1fff9c09af75a141de226ee78692efe170b5feea
SHA512 741d1b30c30fe67ff72e4e9a4413b9dcfc6e22db2f8dd73523fa50a25823ab2977eadc97e7fe123a5dd65a7ba3d340c6d734d6f237eec3be749726989af305cb

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 438c3af1332297479ee9ed271bb7bf39
SHA1 b3571e5e31d02b02e7d68806a254a4d290339af3
SHA256 b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194
SHA512 984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

MD5 6981f969f95b2a983547050ab1cb2a20
SHA1 e81c6606465b5aefcbef6637e205e9af51312ef5
SHA256 13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665
SHA512 9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

MD5 54dc5ae0659fabc263d83487ae1c03e4
SHA1 c572526830da6a5a6478f54bc6edb178a4d641f4
SHA256 43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e
SHA512 8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

MD5 dea1586a0ebca332d265dc5eda3c1c19
SHA1 29e8a8962a3e934fd6a804f9f386173f1b2f9be4
SHA256 98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60
SHA512 0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBFNJSDF\favicon[3].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-13 03:31

Reported

2024-02-13 04:12

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3336304223-2978740688-3645194410-1000\{C0DD2BCE-6412-4AF7-B207-0876710F7F31} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 964 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2308 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2308 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3040 wrote to memory of 628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3040 wrote to memory of 628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2792 wrote to memory of 868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2792 wrote to memory of 868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 964 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 964 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3520 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3520 wrote to memory of 3928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4664 wrote to memory of 3832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 964 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 964 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3544 wrote to memory of 3036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe

"C:\Users\Admin\AppData\Local\Temp\9d6e803608352225b79cc75bf2f876703124a268ff193ce6ce7d30a6b2bb0da9.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9da9758,0x7ffac9da9768,0x7ffac9da9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac9da9758,0x7ffac9da9768,0x7ffac9da9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac9da9758,0x7ffac9da9768,0x7ffac9da9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.0.1379865510\1241644922" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a619db-434d-45ac-81e1-ab50f24fdb4e} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 1960 1f11490dd58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,16772498769145869688,6118217787310672607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,808141929130008911,9910634198133224170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,808141929130008911,9910634198133224170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1448,16772498769145869688,6118217787310672607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3534586156049477227,5538928677501139401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3312873503066806035,10181028681392520856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3312873503066806035,10181028681392520856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.1.2110720897\1620849030" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2392 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e484480-872d-4769-8698-e737d35e11ad} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 2428 1f113346658 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12630812406986505031,12887185564780421286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17498339229292881883,10472865018521433541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.2.668536706\380266338" -childID 1 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d049d024-f4b1-4994-a1f3-48a3011c7826} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 3460 1f117454858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1984,i,4923288339833564487,7362583829609339213,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.5.559032153\2134450848" -childID 4 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6aba8cf8-f4a5-4dfa-8f10-b7e79c5b60d1} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 4444 1f118044958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.7.1730764203\1555651369" -childID 6 -isForBrowser -prefsHandle 3476 -prefMapHandle 4992 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832cb998-7f19-4983-9e7b-adc4f5915d43} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 5004 1f118f06f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.6.1778134601\1742151721" -childID 5 -isForBrowser -prefsHandle 4704 -prefMapHandle 4708 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e980bc-4aa2-4d73-8f4e-35898492c8d2} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 4800 1f1170a7c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.4.1831582610\1124143910" -childID 3 -isForBrowser -prefsHandle 4244 -prefMapHandle 4248 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {332c5614-f864-4cb1-9df2-b9bf2e7a60a6} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 4232 1f118043758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3936 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3796 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.3.2017393206\1883735084" -childID 2 -isForBrowser -prefsHandle 4076 -prefMapHandle 4060 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bec853b-b1d3-4a94-b5c3-079896148413} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 4100 1f106f63b58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1984,i,4923288339833564487,7362583829609339213,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1908,i,17490661855564432733,14960530563592829813,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1908,i,17490661855564432733,14960530563592829813,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4588 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3832 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3112 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.8.235485564\2065909547" -childID 7 -isForBrowser -prefsHandle 4680 -prefMapHandle 4260 -prefsLen 26565 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ddb8ca5-8381-41cd-bf7f-00ca369bb569} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 4672 1f1170a3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.9.600336060\743207493" -childID 8 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 26565 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3632acc2-7bbc-4b22-912f-4a33abfc63e2} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 5932 1f119b58f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4568 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.10.606068856\2131906439" -parentBuildID 20221007134813 -prefsHandle 5932 -prefMapHandle 5748 -prefsLen 26565 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbc891f8-78d6-4ef0-8398-aa4da070f85b} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 6012 1f119fcbb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.11.854895644\1159003681" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6084 -prefMapHandle 6040 -prefsLen 26565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b3b4d60-cfe5-4885-a503-16a8829a80ba} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 4260 1f119fcbe58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3832.12.38670317\2102549820" -childID 9 -isForBrowser -prefsHandle 6520 -prefMapHandle 6412 -prefsLen 26565 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f1ad361-b47f-4560-b8be-3d7011c11b32} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" 6516 1f118e9c458 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1864774190115527557,4806332865887751502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4032 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2956 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2736 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5960 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1880,i,12432376831985063308,9373700267077103630,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.4.4:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
N/A 127.0.0.1:64669 tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 support.mozilla.org udp
N/A 127.0.0.1:64761 tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-ntq7yner.googlevideo.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 rr3.sn-ntq7yner.googlevideo.com udp
AU 173.194.28.72:443 rr3.sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3.sn-ntq7yner.googlevideo.com tcp
US 8.8.8.8:53 rr3---sn-ntq7yner.googlevideo.com udp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
US 8.8.8.8:53 72.28.194.173.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 rr3.sn-ntq7yner.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 youtube.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.238:443 youtube.com udp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
AU 173.194.28.72:443 rr3---sn-ntq7yner.googlevideo.com tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 66b31399a75bcff66ebf4a8e04616867
SHA1 9a0ada46a4b25f421ef71dc732431934325be355
SHA256 d454afb2387549913368a8136a5ee6bad7942b2ad8ac614a0cfaedadf0500477
SHA512 5adaead4ebe728a592701bc22b562d3f4177a69a06e622da5759b543e8dd3e923972a32586ca2612e9b6139308c000ad95919df1c2a055ffd784333c14cb782f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 84381d71cf667d9a138ea03b3283aea5
SHA1 33dfc8a32806beaaafaec25850b217c856ce6c7b
SHA256 32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424
SHA512 469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e1e06f1bc2ea8efe486919db850c7c4e
SHA1 879c89d09ffdd29a18d65540f5caa2454795a89d
SHA256 d0446be9d39a2d354b4b305057a249a8c639b7c1cca804e380d4c71e56815b7d
SHA512 bc5c8d6ed0484f7f1814927a562c0eda12b856f97082be04d8ef99700a99dacb361bf83ca6db5ad4531bc9b1bbc20cf97e943b500f24e13784b6a4e375b73c45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 559943337459e0afc20aeeb8304aaa4a
SHA1 8b47380998ae8bc2d609b4ab7111eeffd4a792d5
SHA256 ce08ba2818c35a1659c72379465c6d4de82abd7bb8936888ce50f8ff561e7079
SHA512 a66ef4755367eb2227278d019109371f7d0e2d129c0c4209d900970ca7d18098931e0b49a8d34ca67402a8dabfd7cfd8c24743f48f255d417b4da07dc0262fce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab04ff3a16bde854859d93717ae487e9
SHA1 552c0aac74801330cc0cac5b12e159b25e9736e9
SHA256 063b75c1f563b40741bbf7f8ed2751f425f440c25852b82b7ac3e03e88784db2
SHA512 48ec81b9edd4d76da0c2ccd7100731b997c581a09a5f1218e6e628c197edf96f138a9580a2d95a17fe4663d81a316401c8898bee008740061d5a3aa1655dd453

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\96ff7c84-1da3-4ec3-a7ee-0a28cea25c63.tmp

MD5 f9a36eb1d7a2a7cbbfebde3f43247532
SHA1 0433562640a05cbfc48da29fd34963459aa85836
SHA256 3c9f8950d953084f0bee853dd4474988eafa6231f0eba519324ac2cd4551850c
SHA512 40c51e17b89f6a9667d9a03cfbbbaac474259e50a64ac89f8ccad93b3c310cd288ec3b8ef383dc927a87fb78d04a86990fdfaa0989e7d8307fc5f78529fdb7d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6735c581542d9bf5e134e6f09a5a4aac
SHA1 8d9d4e9f78e2923b6a4eb853d8c8ba1935f9687c
SHA256 ab8c81d8fc7436d6cc28952c7df15d1c7a7fe0ee44c20d7104af06f365266a4a
SHA512 18790bff82d4e0fb42d306f37de778cf69ae51060ec227910793d789dfe2ed8bf92074cacc35360decf6f4af281d28d8f00903344b57c13d5923f504a9a22980

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d18b646ab42e3d2790b8400ce0f35c0d
SHA1 06f7f77f5f500b381c7089acd0a9ab20c3a3a958
SHA256 5645f8c98aa49546669ea3fef410a7bfc0e1388edbdcc2179123bafeae71e9d6
SHA512 20d110f24aa4c5c04e8245c4945f508c1ead3168b9952f21fd5780bbe5ad25aace97edee514d1145a87d9fcdbd8c3e3c29782f55396ed35b42ac134c71a884c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a1c2288e089e96f9f99bbd7f38fe7553
SHA1 c515ab9bdf97ad45a91a69155425517a203ea53a
SHA256 f5229317aba13520891b98635ae597e609d67cbaedf40606e93e1d2e1ebde967
SHA512 1ceed83fef346dcdaf3086584bc2052e41faae05e12a73a32a2542b179e692aeb15c2782d5a99c14961c4f350a2ae686ed3379b1e7c9bed0ebeb999d04dcebd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f8c7a8e58dca74d6c13668730519c90
SHA1 114d5ddc7e17407e2715a14f13d64939873e3665
SHA256 6f241f4b7503cfb248c09fd003f4d21d69c198fe5f4e537a4ea35bae9fb264b2
SHA512 6bc71998ea27bfdbfc2d55ab655fe3b7a9b13ef93a736696c6531cd9858f04bc9f610a303351061df24766db02704ab8f39fade142260526f8280b87d51834ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2db49a49418291f2ee1a233fffab5678
SHA1 26c0fd513fa5e6395ce7275c8d601dd3705f09ae
SHA256 2c529a5a80b5928c2d356cb68cee6a3b69ea4846a4017dd73baa8d57f38e4f4f
SHA512 59cce8f734304433539aa3481113652bdd9ec2db831538900b05fc2bd1cac3df3d65dbea76669177f66280b74a1e81b7d84b5934886189552f170c986406e850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 430469b9cc6f10b92f74f6f3273ac08b
SHA1 6a993c9cefa535f64c8d1120cbf816f8ac18dc03
SHA256 9cf6224cc8fab4958493d816c9a43399b578d115d32a44fa4525d34a6cfb8d9c
SHA512 2e4e6c692202002b1f14cfc4a8a7e78231dfbe3ba4edca94ae1db433a12f812800eb93c4699a64a907d8bdb8db8f27cf3fea2ae1f8af228e95211f2c12d638a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a5dcf783d531279c472b7a18730dab95
SHA1 96c671c8a95bdfad91dcf378f1113d1f61f396d8
SHA256 c658e2ab6a0c7129336b346c04c375a5ab4333891b31795a52978c5879e4d2e3
SHA512 66345cdf5e050ecaacc63cc9f47f31f3c7c242b584cc4b351f12ffc9b729ee0f27388c46e35a9b497284fd59d566d08d077a5ddc63e120c7bcaa20b4aa34657e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\f016cea7-98b6-4374-baf7-31a49f3afd8d

MD5 788ab431468704e8749c6c2f5b30ca06
SHA1 d0dbe9719a57ba0c646f7352675d5997f2740edb
SHA256 95235f05bc1c965cd25afd1c9615916c19f64e8f95652ebb179d14f6ebed32c4
SHA512 2689c53b60da987f8a971e91ea533f0919c72e7710023d3be59bfcf6484a0dba873fd82a03cdb626b67f4843b9978fbc69f1b99f05d8ac45cbdb39e76d031c8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\1ecb4bc4-9ccc-4581-8766-23846ebdaeeb

MD5 b356f0dc268351c0ee7c321a85d9311d
SHA1 6cbcd59885970864d406507392176ebd51fc6476
SHA256 fa3d9ecd80939dd1be32795e945721f360db2b2c82cb7a81e0633c34272ed26e
SHA512 c0295b8ce065ea458d7fd36305b0d956ee763e7f326963a6bf58f8461fd46a2a28b33cd30d48196bee175b92de06cf5dd0100125f0784b868485bac4560459fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\db\data.safe.bin

MD5 47fc308828387791f702110391b47312
SHA1 ebb2619d1b442d0da49ee5f9dd1782918cd7f873
SHA256 d1310f29a678682cb0f3329a66e0fa27e75a44b19abb0f4833e829ec7f78c506
SHA512 cd64fcab188edbd999f31ae92bfaa54e9b218c9a96344ef820b9258a369af1021337d5c90cbeb6fd13302f4c06d854450e948bfd7f2b6da8bfccc04dab8e4380

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs.js

MD5 a1d4716d2ca6e26b0286757d879ee207
SHA1 e340614929b2d60cfcd2c158537e39fd9e47cdd4
SHA256 232084090a08756cffeb371d84864daa07eaa357f5153cf056318e60aeb057ad
SHA512 01d137474f1b32319de18d7f4b5a2575b32e9bd54a729ecd3ec02f606e6319997effe6194010f78e1f849530b7273ee1bdfaea9942355479750088e604343534

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6117932fba109ee9d24862fbe9e6c3a7
SHA1 5ec2e98a48309d3b1a9508c2ebef7f5c9470f1e3
SHA256 f0293bbb055e8386508d04e56bb140dd8dfca1682d294a2c93dd92dd19897226
SHA512 0d05155b5651f83be97f1e30ad58ef196f2e3f725d56bca3e074521c4c7a6553a285cb7bd7dbf7288ef35e602bf63b693b79d04522c047ee2dcc56b26fe5d447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a81ecb4b6f5171e25af5b097dcc0bf7
SHA1 985755d5357bacc0490de47323b1df8650801e42
SHA256 221fd16d752f6546c8aa35caaa8e81a275b28a3c19cac53a79e770ce46ea2978
SHA512 64322f45b05b18f838222ffb90ba1c60d5b7a5eb08af41dda2f35ff2a65f31d9f2cf8f43135675296d9a1bbfd4e288a0a5fd2bbb66e42baa7e5252b12cf3064c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1dd2a566e0b02e5e3bff27171872036c
SHA1 ea3a6e5c4a860948be89bf9cf78d871003505624
SHA256 8b7a1b81fbda073d27961498ed2b75d536f0d78a2818abe6df9f454fab4901ea
SHA512 f68ea90d44c7c56c7c28e6404c6d616bd27be3e4380da6982a7e0a9e1f2d879172a53466ff185defa55c2d380e52daa5d65738fd494e3139bb6639e4595a5896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d6411681540e450a4f9c7bc15d32668
SHA1 59214120f118bb2ff09fd26346aa8b6107f7fd16
SHA256 c670ae057ac1c8023397318d29fd00c87a96b8218254c373cf8fcaaac148029a
SHA512 979deb80eaaad40294edf76712066e94ef0a0eff32f912aaa2ef6f70c6e5bda80f755b8cc28340ead2f578e4ad34a53a2c23fc706c5b71e4e654547b267da0e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 801024ada32edf4b80f95b1defdeb5e9
SHA1 318163a4db91e691c658094862931ccd837b287f
SHA256 f2f65cae4e86e8e7e6338b3c858bc9d9123d350801ba055886fb2600a8cb35aa
SHA512 28ae6556d1125ac22a49f7c698a1d1b6652a2f59290b12d065d126c673459e90f98d7475343cb94a3a31271b13b713b4a4339b72016bf712e04aed13ccf38291

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9fcdb06d89a678ea1e187949d818485d
SHA1 ed28e800f4bd95beb601c0f6105745b179db2211
SHA256 4cc6fb76618c2e87f5a417f7579d5b046aabd3d10789002adcdb2f6e38d2de13
SHA512 3043c0658a45056b82b438292cb1ac77249e89b72d0bf57248b9b9a57abde77604ab15f253af1dbc954a03dd87460521e56a4f389932c7917656c0956f1b478e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1b208bce6563ccea3c3ee9876d39d518
SHA1 fedf63205fcf60226ef3baccbf2b6001583f01d5
SHA256 4beaae291aec60430b564d365956b2e2b882792bf85a256574083a841e0e6c74
SHA512 c651dfe9f03128a765122dd2702f23a928130714c303722d014528cf26fbd3f6a7eaf246a5f9bd224239cc6e2a01023586b319278a2dbd6136b5841e09fce666

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 19d869782292106b41bd7c1e3af38d18
SHA1 45188f4f440819a01aef5aca2020654cc061ca2a
SHA256 d47c42fee99e9f63275c20e77e9318653276eca84146c4d4ff9d053ff2ccbbb5
SHA512 3a5aa4fd5c9834fbd1cb20d5b1524aeee64414f46b20819a39d3727b8034f739e7a1eb58370eb4d711db440d019fc7c974cf07991361b9ae1c83be24e7f200a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6de2ffce66d98f0facd0553ea3996a61
SHA1 736d4deb0c9627ab188e782800f810a1c11923a0
SHA256 a17183df76096a1570cf4d1681b31262b92424829caae605f59c5f81223afe4a
SHA512 3ab649e5552872c715a41ca172a48c043a83decddf091f10bbb099ccace229af251e4f78b89b5f5b4b763ddcc9f5fee06f85b684379f25decdae1d20ad4e9784

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs.js

MD5 06ad4d94f9ee83b4049761fae6b80686
SHA1 4c174c2ee466a2f60c7d7e61d266db154f6d655c
SHA256 191a2ba72ef8b9f66b12e15cdf52a5e8d1eeab71e51ef65b38807f2b2aa42b95
SHA512 36fdeff8533b924efc3f7f12c67ea39685dbcccc53800118d656aa86c18bdca000564e509de98c5b2f12be15f6aa86a55f9fd6398304325615ff7752a78ee4c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js

MD5 9c4604eb41db743d3dbf99f5a436c4eb
SHA1 a798f134cf5f00ec36f49ab1506a1afb365c0dd9
SHA256 fb3a2a57a9271c23aea3275a3f06d91cbfe6fdaf4d84d3a4507ba5d6336c3740
SHA512 69f98894a072253b0933a03de4ef9dde79a91b8940add2f84cf7405d3831ee084f2e1b4203b1d7ad5e1ef4b0c77f8e2e0bbad36d166071443aaca8f3b0425336

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d71f0900b3ec08e43cd004bf7ef9abc7
SHA1 ffd8ce0669bcca64a8b9f3f643a38decdcebd70d
SHA256 8ad9a2701d04779375fa845feff764954a7a60ce3d9b851f2600e64da97f5a9d
SHA512 8ef00d5cb8e287c7f9d6855a36a9bf4a1a35e0bcf100aa1cf838c56d1a1f5b69c55c5a99d4f5f568816a4d8f934e6cb8e1254d5e66dcfb7609c20d196dcee88a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4f26b457539f866acc406621247c701
SHA1 f57cd4b5f4b9f06061033bbd3d7f6f87361acea8
SHA256 630ec0f78d5e89b58d1236308eb683c1c46c581dd018352a45c98665298f76b1
SHA512 ab38a00fc96de8200e45b17ed927ad0e907303ecfae33880e0585e4c27c160ea6b4e0dc5b131a364e55746fe07787e5244da420473cc980473e31f433fd074cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7c0ab8d144f22fb971b07f53ab0d7b0
SHA1 170a8f1b87771d47968c76f74c6815da411ac00e
SHA256 a495fb1f69777fab8943da388c8777327cec98f8fbb64a2488c7f9ace06fed4d
SHA512 989ccf09377a9ab816fdccf8028912225d0c6a9d05e44f7d82d6a283f121f84156b2ad1a63c416c9806d2f6cd517000cadd6e7bca554b10b2965142a4ccac5ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 84aa7e8cad13ff94fe4d8c056c987ec7
SHA1 c5f74f2b105d98ff7c619ea334766d8dcb048a2b
SHA256 775a9c52c25f1d74037dd39d21bb82f5b4982caeb4f2a0a3bfb054816cca0b8d
SHA512 0795fad577cdf9043dde6320ff169e7a47584cfd218b01688700e307ae979564659843fe5836d7d518dea0137b429a583d7c74dc98de9a1b813a6e708c4384d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 915bd4f0a1816ca914575d454f58ab86
SHA1 cc60e9241ba695437748c4b7d3b5f2458f898faf
SHA256 c5acf85b6f392a9cdf8609ae0e59f031b5321ea61921439e408723af86135728
SHA512 03a81bee530de0aa65094f45a5492c8f09afceb80a47bc611f1a041866539c1b4699bebfb994fbefb8e253c47cc49f7361caf1949d6b9982ce8b1e2b1ce51092

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff991f44bfa670f63ef4a16b0e11d002
SHA1 1cf8836ee7818e19a9c51352021c9b787054526a
SHA256 3ee49a2b34c283affdea24955a4889353d181cfbdb63e2a02436b24a7e2a551b
SHA512 0c6321d30367ce0579e0724026efba9fbfe1a9cf3086b6540f98efd7d0fdbb32644a588dcec164ef33e866e48548b590ac326a0bdebbe6dfe39fab97c693116f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4f01c6bc3cf395ad5c1ed585fd4f419e
SHA1 4a868cdb70fa8c220f7fbabdb4f9221ff22c2f10
SHA256 7cba4447803517fb9fc2c5df75d8bba74198c86278afe7a2bb7df5fbe42494de
SHA512 9478b1b9ad990f86ee1273a1ff5d30275e697cd8d390867b4e29adf5a03be30f2f2cf84c1fb1044156a30c3e8fed3e643bd0615e65c026ef6f81ac3c2076460f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 43fa4fb12896e8edaeb05398dfb8c42c
SHA1 db8695a1a4f0c9de95d694bb211ad823f71ebe0d
SHA256 fd8bd1a4a906938d1f0d880765d5df287f86c9d40be606663a8f30ea660353d1
SHA512 9d34c58fc613524f65ee0c66639ec155e9322093d826d27aa9dfcac86eb2e943c355cd930004775415011ea8a68e4e8091ab75915c3dd2abffca5f1259ae1655

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\default\https+++www.youtube.com\idb\3173457586yCt7-%iCt7-%r0e7sap2o.sqlite

MD5 ac173de80e38994b068de77c3a5f6be7
SHA1 e3a4dcedeb552f08069595eaefcbb9387115d346
SHA256 bc498aa22e53cce66e99aa5cc5008c6d39da0b1dd8f0a65c6bec8f592224d56f
SHA512 3958372982a086c25aa85948831ffe2370ea031fe2df08e7eb60c8e0cc5eb123fbf00b89631c361614611246f255531311733c9d39755586ba89ca9f795b615c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\default\https+++www.youtube.com\cache\morgue\68\{422e23e5-d30e-4a01-b7ed-7b5cc1779744}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 696ad6bc10a8b27548e7aee0aff4b491
SHA1 dcafa2979a5ec427e9ae1089d364cf02fca1b3fa
SHA256 0c21f01ba8bfc4b672c329ae4878b6292b3c977579c0077e6e59edf65dc33bc1
SHA512 e0b06041d1d6d00290f0bbf9135766d03d97820dd0bb1efba197e60927cee3be6d0e375494a2d79185164c10f146d6d533b65b6d10425ebe7b01a1f7dee7e0fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\default\https+++www.youtube.com\cache\morgue\11\{756599b1-cbdf-440e-81f5-7d178b1ab10b}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\default\https+++www.youtube.com\cache\morgue\108\{582d2abe-90a3-4bed-9fae-4c602ea5716c}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js

MD5 057d2442a24711b081dc80add11d519b
SHA1 ca28c602d4863535879e6440fb914e7d02cb8667
SHA256 38bb7dd6374a9a05d2ed85e1dc02135e1eb0cfa567f98faad89701207280092e
SHA512 5ad59f1a8de2515fb0b095f599338217f3ab3b34ff2208b841b9ef8c65e965bfd454c11aa6443e6666a10048d32a13c0ebbe6e029548b9c0dcfeaa7a0f86f121

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3239677ea1e2ef3a3b4b4e023b4c1701
SHA1 053ce423c60ddb0b5e484dd7add6c50ae63fdf79
SHA256 1c856f59b49e16ea4fbe3d2047b22f066027ac51c32c28fa01202e43c2d03742
SHA512 112759f3d25ae2d88dcc3c0912ce81221e65afa72f37ee9b62163ffeb2ea95c54e3b2cbdf896e0ad9a071115ad3a9df1b83862c6da72c4dfa5a19ac0a147363e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fc8448448bd69898d4ebe0e6f50ef986
SHA1 232f63243afaaa2489fdb6f3ff7043ddc2e71cd1
SHA256 85d704f0b21cf1774528ee0dfa6805514267f811af5d5f7c903cfbe17ba62d51
SHA512 9ef60e550fc99af5630270196d9d2678c4e0c50ca4e37edb79f30c0e8a4d6be16588d6c4618d252558782d0618a64bb78ce4fb271b865380c190f86cd88414ba

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb3f18fcaa13c17b3fddaa70b0efbdb5
SHA1 3e6eecd857e4d1e8e278d52e737e6bc4e5eb73e5
SHA256 2478a1271b5be95651d954689a8309580df2eb521f87fbf6b0caa86939b484ef
SHA512 d0651b3f9ff7bbdcdc3139441b36f1e3cf708443d7f379586f621af943518860bbfd14c625586f4834ed96c7a9d7f281d2ed051d9b447ea06d6acadd60293667

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mlil8stk.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 8cfe3b0fc443525f200d802d497c2dba
SHA1 3e5a0c6ec73988bc216a3a191150b1a6235c3a20
SHA256 11a718717741959ac5300f22fb30eabb6f3cc5310a37391d14ceeaa3d8ed3b98
SHA512 360bbc001a684c9b14625ebea67bc39bd924cdc629b19d4aee5938bb808489c40ab6fb698c411291a07a075051266e00e849db3ce053a5b00331253a95490506